Private
Public Access
1
0
Commit Graph

1 Commits

Author SHA1 Message Date
Catherine Renelle 9b5708af64 Phase 3: Roles & permissions enforcement with guards, member management, and admin panel
Centralize permission checks into guards.ts (requireAuth, requireBoardView,
requireBoardEditor, requireBoardOwner, requireColumnEditor, requireCardEditor,
requireBoardMemberManager, requireTenantAdmin) that fetch entities and check
permissions in a single call, replacing ~100 lines of duplicated inline checks
across all API routes. Adds board member management (add by email, change role,
remove with last-owner protection), tenant admin panel (user role toggle with
last-admin protection, board overview), and fixes missing view guard on card GET.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-25 23:13:29 -05:00