feat(client): scope planning reads to explicit audience
This commit is contained in:
@@ -102,6 +102,19 @@ Reasoning:
|
||||
- `list` and especially `getTree` expose the internal org hierarchy, parent links, sort order, and structure metadata, so they should not remain broad authenticated reads
|
||||
- detailed org-unit reads also expose `_count.resources` and parent/child context that maps the staffing structure
|
||||
|
||||
### `packages/api/src/router/client.ts`
|
||||
|
||||
- `resolveByIdentifier`: `authenticated-safe-lookup`
|
||||
- `list`, `getTree`, `getByIdentifier`, `getById`: `planning-read`
|
||||
- create and update: `manager-write`
|
||||
- delete: `admin-only`
|
||||
|
||||
Reasoning:
|
||||
|
||||
- `resolveByIdentifier` returns a deliberately narrow lookup shape for code/name resolution
|
||||
- `list` already exposes `_count.children` and `_count.projects`, and `getTree` reveals the full client hierarchy used in planning and reporting flows
|
||||
- detailed client reads add parent/child structure plus project counts, so they should align with the explicit planning audience instead of broad authenticated access
|
||||
|
||||
## Assistant Parity Rule
|
||||
|
||||
- assistant tool visibility must never widen the audience of the backing router
|
||||
|
||||
Reference in New Issue
Block a user