task-c.1
This commit is contained in:
@@ -29,11 +29,11 @@
|
||||
## High-Risk Findings
|
||||
|
||||
1. Team-scope semantics are still coarse because the current model does not yet carry a first-class subordinate/team graph.
|
||||
2. Production contact sharing is not yet backed by a persisted sharing table; current enforcement covers creator/customer/admin visibility only.
|
||||
2. Contact sharing is now persisted, but team-scope still remains approximate because there is no first-class CRM team hierarchy.
|
||||
3. Enquiry services already enforce meaningful scope, but several route files still pass legacy role-shaped context instead of a dedicated security context object.
|
||||
|
||||
## Follow-up Focus
|
||||
|
||||
- Normalize remaining enquiry routes onto the same security-context builder used by quotations and dashboard.
|
||||
- Add runtime seeded scenario tests once dedicated security fixtures are available.
|
||||
- Introduce a first-class team hierarchy and production contact-sharing model if the business requires them.
|
||||
- Introduce a first-class CRM team hierarchy if the business requires true team-based visibility.
|
||||
|
||||
Reference in New Issue
Block a user