fix(holiday-calendar): scope resource holiday reads
This commit is contained in:
@@ -160,12 +160,14 @@ Reasoning:
|
||||
|
||||
- `listCalendars`, `listCalendarsDetail`, `getCalendarByIdentifier`, `getCalendarByIdentifierDetail`, `getCalendarById`: `admin-only`
|
||||
- create, update, delete calendar and entry mutations: `admin-only`
|
||||
- holiday resolution and preview helpers remain unchanged in this rollout
|
||||
- `previewResolvedHolidays`, `previewResolvedHolidaysDetail`, `resolveHolidays`, `resolveHolidaysDetail`: `authenticated-safe-lookup`
|
||||
- `resolveResourceHolidays`, `resolveResourceHolidaysDetail`: `self-service` for the caller's own resource, with elevated cross-resource reads for manager and admin roles
|
||||
|
||||
Reasoning:
|
||||
|
||||
- the calendar catalog is currently consumed in the web app only by the admin vacation editor, so broad authenticated reads expose internal configuration without a product need
|
||||
- narrowing just the catalog reads keeps the hardening slice small while avoiding regressions in shared holiday-resolution helpers used by vacation, timeline, and assistant flows
|
||||
- region-based resolution helpers remain a narrow lookup surface because callers provide the location context directly instead of enumerating internal resource data
|
||||
- resource-based holiday resolution derives sensitive location context from a specific employee record, so it must follow the same self-service ownership model as other resource-scoped absence reads
|
||||
|
||||
### `packages/api/src/router/entitlement.ts`
|
||||
|
||||
|
||||
Reference in New Issue
Block a user