task-l.3.1
This commit is contained in:
@@ -0,0 +1,33 @@
|
||||
# Task L.3.1: Customer, Contact & Approval Visibility Hardening
|
||||
|
||||
## Summary
|
||||
|
||||
Task L.3.1 closes the next set of CRM visibility gaps after Task L.3 by moving customer, contact, and approval visibility closer to the resolved CRM access model already used by quotations and dashboard security.
|
||||
|
||||
## Implemented
|
||||
|
||||
- customer list/detail/update/delete routes now pass resolved CRM scope context
|
||||
- customer service now filters visibility by:
|
||||
- branch scope
|
||||
- ownership scope
|
||||
- related enquiry/quotation visibility
|
||||
- marketing monitor visibility through enquiry relationships
|
||||
- contact routes now inherit resolved customer visibility instead of organization-only reads
|
||||
- contact access additionally preserves creator visibility
|
||||
- approval list/detail now require either:
|
||||
- related quotation visibility
|
||||
- current approval actor visibility
|
||||
- admin / organization-wide visibility
|
||||
- dashboard approval analytics now reuse access-scoped approval listing
|
||||
- added `customer_scope_violation`, `contact_scope_violation`, and `approval_scope_violation` security audit actions
|
||||
- expanded static security verification coverage
|
||||
- documented team-scope and contact-sharing limitations
|
||||
|
||||
## Important limitation
|
||||
|
||||
The production schema still has no persisted contact-sharing model. That means L.3.1 hardens creator/customer/admin visibility, but it cannot preserve a live shared-contact workflow that does not yet exist in persistence.
|
||||
|
||||
## Verification
|
||||
|
||||
- `npx tsc --noEmit`
|
||||
- `node --experimental-strip-types scripts/security/verify-crm-access.ts`
|
||||
@@ -430,3 +430,13 @@ Future:
|
||||
|
||||
- define the canonical team relationship source
|
||||
- replace current coarse team handling with explicit team membership or manager hierarchy logic
|
||||
|
||||
### Contact-sharing persistence gap
|
||||
|
||||
Current:
|
||||
Task L.3.1 hardens customer/contact visibility, but the production schema still has no persisted contact-sharing relation. Legacy shared-contact behavior exists only in demo/mock material.
|
||||
|
||||
Future:
|
||||
|
||||
- add a first-class contact-sharing table and audit trail if the business still needs shared-contact workflows
|
||||
- extend security verification from creator/customer/admin visibility to explicit share-based visibility once persistence exists
|
||||
|
||||
Reference in New Issue
Block a user