This repository has been archived on 2026-05-24. You can view files and clone it. You cannot open issues or pull requests or push a commit.

Flea Flicker c143aec2b5 fix(rbac): allow all staff roles to READ /api/staff ...

GRO-156 follow-up: RBAC middleware was blocking groomer/receptionist
from GET /api/staff. The QA review found 403 with "role groomer is not
permitted" after PR #140 deployment.

Fix: split the /staff/* guard — GET requests allow all roles
(groomer, receptionist, manager); write operations remain manager-only.

Co-Authored-By: Paperclip <noreply@paperclip.ing>

2026-03-28 03:15:07 +00:00

..

api

fix(rbac): allow all staff roles to READ /api/staff

2026-03-28 03:15:07 +00:00

e2e

fix(e2e): add dev/config, dev/users, and branding mocks to navigation.spec.ts

2026-03-27 22:33:40 +00:00

web

Merge remote-tracking branch 'origin/main' into feature/gro-118-better-auth

2026-03-28 02:54:39 +00:00