task-l.3.1

This commit is contained in:
phaichayon
2026-06-22 14:18:26 +07:00
parent 42f403a7ed
commit 1b901efc51
21 changed files with 1320 additions and 102 deletions

View File

@@ -57,6 +57,41 @@ const checks: Check[] = [
name: 'quotation service applies scoped record access',
file: 'src/features/crm/quotations/server/service.ts',
patterns: ['canAccessScopedCrmRecord', 'buildQuotationAccessScopedFilters', 'Forbidden branch scope']
},
{
name: 'customer route passes resolved scope context',
file: 'src/app/api/crm/customers/route.ts',
patterns: ['buildCrmSecurityContext', 'listCustomers(organization.id', 'customer_scope_violation']
},
{
name: 'customer detail route passes resolved scope context',
file: 'src/app/api/crm/customers/[id]/route.ts',
patterns: ['buildCrmSecurityContext', 'getCustomerDetail(id, organization.id, accessContext)']
},
{
name: 'customer contact routes pass resolved scope context',
file: 'src/app/api/crm/customers/[id]/contacts/route.ts',
patterns: ['buildCrmSecurityContext', 'listCustomerContacts(id, organization.id, accessContext)']
},
{
name: 'customer service applies access-scoped ownership filtering',
file: 'src/features/crm/customers/server/service.ts',
patterns: ['resolveAccessibleCustomerRelationSets', 'canAccessCustomerRow', 'ownershipScope === \'monitor\'']
},
{
name: 'approval route passes resolved scope context',
file: 'src/app/api/crm/approvals/route.ts',
patterns: ['buildCrmSecurityContext', 'listApprovalRequests(organization.id', 'approval_scope_violation']
},
{
name: 'approval detail route passes resolved scope context',
file: 'src/app/api/crm/approvals/[id]/route.ts',
patterns: ['buildCrmSecurityContext', 'getApprovalRequest(id, organization.id, accessContext)']
},
{
name: 'approval service enforces current-actor or quotation visibility',
file: 'src/features/foundation/approval/server/service.ts',
patterns: ['canCurrentActorAccessApproval', 'canAccessQuotationForApproval', 'visibleItems']
}
];