Added admin mode, read only status for inactive accounts, and resuce verification

This commit is contained in:
Corey Blais
2026-04-15 16:33:07 -04:00
parent 43c32a5efc
commit 784a911dc2
12 changed files with 816 additions and 109 deletions
+11 -11
View File
@@ -147,8 +147,8 @@ Integration tokens use the same bearer-token header format, but they are created
Workspace roles used by protected endpoints:
- `owner`
- `manager`
- `staff`
- `assistant`
- `caregiver`
- `viewer`
Role requirements are called out per endpoint below. If the signed-in member lacks permission, the API returns:
@@ -250,7 +250,7 @@ Role requirements are called out per endpoint below. If the signed-in member lac
- Dates use `YYYY-MM-DD`
- `workspaceType` is `standard` or `rescue`
- member `role` is `owner`, `manager`, `staff`, or `viewer`
- member `role` is `owner`, `assistant`, `caregiver`, or `viewer`
- bird `gender` is `unknown`, `male`, or `female`
- bird `chartColor` must be a `#RRGGBB` hex color
- `photoDataUrl` must be a base64 `data:image/...` URL
@@ -613,7 +613,7 @@ Response `200`:
#### `PUT /api/workspace`
Requires auth with write access and role `owner` or `manager`. Updates the active workspace.
Requires auth with write access and role `owner` or `assistant`. Updates the active workspace.
Request body:
@@ -648,7 +648,7 @@ Response `200`:
#### `POST /api/workspace/members`
Requires auth with write access and role `owner` or `manager`. Invites or upserts a workspace member.
Requires auth with write access and role `owner` or `assistant`. Invites or upserts a workspace member.
Request body:
@@ -670,7 +670,7 @@ Response `201`:
#### `DELETE /api/workspace/members/:memberId`
Requires auth with write access and role `owner` or `manager`. Removes a non-owner member.
Requires auth with write access and role `owner` or `assistant`. Removes a non-owner member.
Response `204` with no body.
@@ -694,7 +694,7 @@ Response `200`:
#### `POST /api/birds`
Requires auth with write access and role `owner`, `manager`, or `staff`. Creates a bird.
Requires auth with write access and role `owner`, `assistant`, or `caregiver`. Creates a bird.
Request body:
@@ -732,7 +732,7 @@ Possible errors:
#### `PUT /api/birds/:birdId`
Requires auth with write access and role `owner`, `manager`, or `staff`. Updates a bird.
Requires auth with write access and role `owner`, `assistant`, or `caregiver`. Updates a bird.
Request body matches `POST /api/birds`.
@@ -751,7 +751,7 @@ Possible errors:
#### `DELETE /api/birds/:birdId`
Requires auth with write access and role `owner`, `manager`, or `staff`. Deletes a bird.
Requires auth with write access and role `owner`, `assistant`, or `caregiver`. Deletes a bird.
Response `204` with no body.
@@ -779,7 +779,7 @@ Response `200`:
#### `POST /api/birds/:birdId/weights`
Requires auth with write access and role `owner`, `manager`, or `staff`. Creates a weight entry.
Requires auth with write access and role `owner`, `assistant`, or `caregiver`. Creates a weight entry.
Request body:
@@ -820,7 +820,7 @@ Response `200`:
#### `POST /api/birds/:birdId/vet-visits`
Requires auth with write access and role `owner`, `manager`, or `staff`. Creates a vet visit.
Requires auth with write access and role `owner`, `assistant`, or `caregiver`. Creates a vet visit.
Request body: