Lars/shinkan-jinkendo
1
0
Fork 0
Code Issues 7 Pull Requests Actions Packages Projects Releases 3 Wiki Activity
c919e02441
shinkan-jinkendo/.claude/docs/working/ACCESS_LAYER_ENDPOINT_AUDIT.md
Lars c919e02441
Some checks failed
Deploy Development / deploy (push) Successful in 34s
Details
Test Suite / lint-backend (push) Successful in 0s
Details
Test Suite / build-frontend (push) Successful in 6s
Details
Test Suite / playwright-tests (push) Failing after 40s
Details
feat: enhance tenant context integration and update access layer endpoints 
- Implemented `library_content_visibility_sql` for managing visibility of exercises, training planning, and framework programs based on tenant context.
- Updated access layer documentation to reflect changes in endpoint visibility and governance requirements.
- Bumped application version to 0.8.23 in both backend and frontend files.
- Enhanced changelog to document the new version and changes made in this release.
2026-05-05 21:46:41 +02:00

2.2 KiB
Raw Blame History

Endpoint-Audit: Mandanten & Governance

Fortlaufend gemäß ACCESS_LAYER_AND_GOVERNANCE_PLAN.md Stufe AC.

Router / Bereich Beispiel-Endpunkt tenant-relevant Depends(get_tenant_context) / Kontext Governance geprüft (Liste+Detail) Notizen
profiles GET /api/profiles/me ja resolve_tenant_context inline (invalid_header_policy=ignore) teils + effective_club_id; veralteter Header bricht Refresh nicht
profiles PUT /api/profiles/{id} ja active_club_id Mitgliedschaft TenantContext später auch hier
clubs GET /api/clubs ja Mitgliedschaft vs Admin Liste gefiltert Nicht-Admins
clubs CRUD Organisation ja can_manage_club_org / member schrittweise auf TenantContext
club_memberships /clubs/{id}/members* ja geplant ja
club_join_requests /clubs/{id}/join-requests* ja geplant ja
exercises GET /api/exercises, POST /api/exercises ja get_tenant_context ja Liste club nach aktivem Verein; POST Governance + Default club_id
exercises Detail/PATCH (Übriges) teils require_auth Owner/Admin später Tenant optional
training_planning alle geschützten Endpoints ja get_tenant_context ja Vorlagen-Liste wie Übungen; POST Vorlage Default club_id
training_framework_programs alle geschützten Endpoints ja get_tenant_context ja Liste + POST Default club_id
admin_users GET /api/admin/users Plattform optional Admin-Rolle
Sonstige skills, methods, catalogs zu klären oft global Zeilen ergänzen

Legende: „geplant“ = beim nächsten Umbau dieser Router get_tenant_context verwenden bzw. zentrale Governance-Helfer.

Letzte Änderung: 2026-05-05 — Stufe B/C partiell (Bibliothekslisten + Planung); GET /training-units ohne automatischen club_id-Filter (Kompatibilität).

Hinweis GET /training-units

Kein impliziter Filter nach effective_club_id (Multi-Verein-Kalender); bei Bedarf club_id Query setzen.