feat(utilization-category): scope reads to planning audience
This commit is contained in:
@@ -115,6 +115,16 @@ Reasoning:
|
||||
- `list` already exposes `_count.children` and `_count.projects`, and `getTree` reveals the full client hierarchy used in planning and reporting flows
|
||||
- detailed client reads add parent/child structure plus project counts, so they should align with the explicit planning audience instead of broad authenticated access
|
||||
|
||||
### `packages/api/src/router/utilization-category.ts`
|
||||
|
||||
- `list`, `getById`: `planning-read`
|
||||
- create and update: `admin-only`
|
||||
|
||||
Reasoning:
|
||||
|
||||
- the categories feed project configuration and planning/reporting workflows instead of broad self-service screens
|
||||
- `getById` includes `_count.projects`, so the detailed read should not remain a generic authenticated route
|
||||
|
||||
## Assistant Parity Rule
|
||||
|
||||
- assistant tool visibility must never widen the audience of the backing router
|
||||
|
||||
Reference in New Issue
Block a user