# Task L.3.1: Customer, Contact & Approval Visibility Hardening ## Summary Task L.3.1 closes the next set of CRM visibility gaps after Task L.3 by moving customer, contact, and approval visibility closer to the resolved CRM access model already used by quotations and dashboard security. ## Implemented - customer list/detail/update/delete routes now pass resolved CRM scope context - customer service now filters visibility by: - branch scope - ownership scope - related enquiry/quotation visibility - marketing monitor visibility through enquiry relationships - contact routes now inherit resolved customer visibility instead of organization-only reads - contact access additionally preserves creator visibility - approval list/detail now require either: - related quotation visibility - current approval actor visibility - admin / organization-wide visibility - dashboard approval analytics now reuse access-scoped approval listing - added `customer_scope_violation`, `contact_scope_violation`, and `approval_scope_violation` security audit actions - expanded static security verification coverage - documented team-scope and contact-sharing limitations ## Important limitation The production schema still has no persisted contact-sharing model. That means L.3.1 hardens creator/customer/admin visibility, but it cannot preserve a live shared-contact workflow that does not yet exist in persistence. ## Verification - `npx tsc --noEmit` - `node --experimental-strip-types scripts/security/verify-crm-access.ts`