42c63dcc6e
Foundation for a generic, multi-tenant platform (any developer, not just the built-in products). - Products carry an optional ownerId (set on create + auto-register), so a product has a tenant. GET /products/mine returns the caller's owner-scoped list; admins/super_admins see all. productsForUser() is pure + unit-tested. - requireProductAccess(): a flag-gated tenant authorization guard (FLEET_TENANT_ENFORCEMENT, default OFF). OFF = byte-for-byte current behavior; ON = a non-admin may only act on products they own (others -> 403; owner-less legacy products keep a grace allowance until migrated). Fleet routes now resolve productId through it in place of getRequestProductId. ownerId is additive/optional; enforcement is off by default, so this is a no-op for existing deployments until explicitly enabled. Generated with [Devin](https://cli.devin.ai/docs) Co-Authored-By: Devin <158243242+devin-ai-integration[bot]@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| scripts | ||
| src | ||
| .gitignore | ||
| Dockerfile | ||
| package.json | ||
| POSTAL_SMTP_SETUP.md | ||
| tsconfig.json | ||
| vitest.config.ts | ||