feat(api): RBAC Phase 2 - row-level data scoping for groomer role #121

Closed
groombook-engineer[bot] wants to merge 17 commits from feature/gro-48-rbac-row-level into main
2 changed files with 1 additions and 7 deletions
Showing only changes of commit 0ff8dd161d - Show all commits
-6
View File
@@ -17,7 +17,6 @@ import { groomingLogsRouter } from "./routes/groomingLogs.js";
import { impersonationRouter } from "./routes/impersonation.js";
import { settingsRouter } from "./routes/settings.js";
import { searchRouter } from "./routes/search.js";
import { calendarRouter } from "./routes/calendar.js";
import { getDb, businessSettings } from "@groombook/db";
import { authMiddleware } from "./middleware/auth.js";
import { resolveStaffMiddleware, requireRole } from "./middleware/rbac.js";
@@ -62,11 +61,6 @@ app.get("/api/branding", async (c) => {
});
});
// Portal routes — no staff auth required, uses impersonation session for client auth
app.route("/api/portal", portalRouter);
// Public iCal calendar feed — token auth in URL, no auth middleware required
app.route("/api/calendar", calendarRouter);
// Protected API routes
const api = app.basePath("/api");
api.use("*", authMiddleware);
+1 -1
View File
@@ -86,7 +86,7 @@ const createWaitlistEntrySchema = z.object({
});
const updateWaitlistEntrySchema = z.object({
status: z.enum(["active", "notified", "expired", "cancelled"]).optional(),
status: z.literal("cancelled").optional(),
preferredDate: z.string().optional(),
preferredTime: z.string().optional(),
});