This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Flea Flicker eeda5099be feat(api): RBAC Phase 2 - row-level data scoping for groomer role ...

Filter query results at the route handler level when the authenticated
staff role is 'groomer':

- GET /api/appointments: WHERE staffId = <groomer id>
- GET /api/appointments/🆔 403 if not assigned to groomer
- GET /api/clients: clients with ≥1 appointment for this groomer
- GET /api/clients/🆔 403 if no appointment linkage
- GET /api/pets: pets owned by groomer-linked clients
- GET /api/pets/:petId: 403 if no appointment linkage

Managers and receptionists: no change.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-26 21:57:09 +00:00

..

migrations

fix(waitlist): address QA review comments - auth fixes and pgEnum type

2026-03-26 08:29:41 +00:00

src

feat(api): RBAC Phase 2 - row-level data scoping for groomer role

2026-03-26 21:57:09 +00:00

drizzle.config.ts

Bootstrap monorepo: Hono API, React PWA, Drizzle DB, CI/CD

2026-03-17 16:11:04 +00:00

package.json

feat: deterministic seed, impersonation migration, test factories (GRO-110)

2026-03-21 19:34:52 +00:00

tsconfig.json

Fix tsconfig rootDir for correct dist output paths

2026-03-18 01:52:26 +00:00