Lars
4b6fd49940
- Introduced tenant context resolution in the profiles API, allowing for effective club identification based on user memberships. - Updated the `GET /profiles/me` endpoint to return `effective_club_id` and removed reliance on the deprecated `X-Active-Club-Id` header. - Bumped application version to 0.8.22 in both backend and frontend files. - Enhanced changelog to document the new version and changes made in this release.
1.6 KiB
1.6 KiB
Endpoint-Audit: Mandanten & Governance
Fortlaufend gemäß ACCESS_LAYER_AND_GOVERNANCE_PLAN.md Stufe A–C.
| Router / Bereich | Beispiel-Endpunkt | tenant-relevant | Depends(get_tenant_context) / Kontext |
Governance geprüft (Liste+Detail) | Notizen |
|---|---|---|---|---|---|
| profiles | GET /api/profiles/me |
ja | resolve_tenant_context inline (invalid_header_policy=ignore) |
teils | + effective_club_id; veralteter Header bricht Refresh nicht |
| profiles | PUT /api/profiles/{id} |
ja | — | active_club_id Mitgliedschaft |
TenantContext später auch hier |
| clubs | GET /api/clubs |
ja | — | Mitgliedschaft vs Admin | Liste gefiltert Nicht-Admins |
| clubs | CRUD Organisation | ja | — | can_manage_club_org / member |
schrittweise auf TenantContext |
| club_memberships | /clubs/{id}/members* |
ja | geplant | ja | |
| club_join_requests | /clubs/{id}/join-requests* |
ja | geplant | ja | |
| exercises | GET /api/exercises, Detail |
ja | geplant | visibility + Mitgliedschaft |
|
| training_planning | diverse | ja | geplant | exercise_visible / Gruppe |
|
| training_framework_programs | diverse | ja | geplant | analog Übungen | |
| admin_users | GET /api/admin/users |
Plattform | optional | Admin-Rolle | |
| Sonstige | skills, methods, catalogs | zu klären | — | oft global | Zeilen ergänzen |
Legende: „geplant“ = beim nächsten Umbau dieser Router get_tenant_context verwenden bzw. zentrale Governance-Helfer.
Letzte Änderung: 2026-05-05 (Initial)