feat(org-unit): scope structural reads to resource overview
This commit is contained in:
@@ -92,14 +92,15 @@ Reasoning:
|
||||
|
||||
### `packages/api/src/router/org-unit.ts`
|
||||
|
||||
- `list`, `getTree`, `resolveByIdentifier`: `authenticated-safe-lookup`
|
||||
- `getByIdentifier`, `getById`: `resource-overview`
|
||||
- `resolveByIdentifier`: `authenticated-safe-lookup`
|
||||
- `list`, `getTree`, `getByIdentifier`, `getById`: `resource-overview`
|
||||
- create, update, deactivate: `admin-only`
|
||||
|
||||
Reasoning:
|
||||
|
||||
- minimal org-unit lookups are low-risk master data
|
||||
- detailed org-unit reads expose `_count.resources` and parent/child context that maps the staffing structure
|
||||
- `resolveByIdentifier` stays narrow enough for low-risk lookup flows
|
||||
- `list` and especially `getTree` expose the internal org hierarchy, parent links, sort order, and structure metadata, so they should not remain broad authenticated reads
|
||||
- detailed org-unit reads also expose `_count.resources` and parent/child context that maps the staffing structure
|
||||
|
||||
## Assistant Parity Rule
|
||||
|
||||
|
||||
Reference in New Issue
Block a user