From b1b89966d9f497374cf2f992353d4c746aa8ddc4 Mon Sep 17 00:00:00 2001
From: Test User <test@example.com>
Date: Sat, 18 Apr 2026 10:36:23 +0000
Subject: [PATCH] fix: allow groomer role to access invoices endpoint

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 apps/api/src/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/api/src/index.ts b/apps/api/src/index.ts
index c6e90a5..6d48d66 100644
--- a/apps/api/src/index.ts
+++ b/apps/api/src/index.ts
@@ -202,7 +202,7 @@ api.on(["POST", "PATCH", "DELETE"], "/staff/*", requireRoleOrSuperUser("manager"
 api.use("/admin/*", requireRoleOrSuperUser("manager"));
 api.use("/admin/settings/*", requireSuperUser());
 api.use("/reports/*", requireRole("manager"));
-api.use("/invoices/*", requireRole("manager"));
+api.use("/invoices/*", requireRole("manager", "groomer"));
 api.use("/impersonation/*", requireRole("manager"));
 
 // Manager + Receptionist only (groomers have no access): appointment-groups, grooming-logs, waitlist