Fix #145: tree membership management (list / add / role / remove)

TreeMembership was enforced on every read/write but had no API or UI to manage
members — trees were effectively single-user, breaking full-CRUD (NN#8).

Backend (/trees/{id}/members): list (members only — the list exposes emails, so
non-members never see it, even on public trees); add an existing user by email
(owner only, 404 if no such account, 409 if already a member); PATCH role;
DELETE. A tree must always keep ≥1 owner (demote/remove of the sole owner → 409).
All changes audited.

Frontend: a Members page (owner gets add-by-email + per-member role select +
remove; others see a read-only list) and a sidebar entry.

Test covers the full lifecycle + every guard. Suite 77 passed.

Closes #145

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
This commit is contained in:
2026-06-09 12:43:30 -04:00
parent 6d3147e86d
commit eb0350733b
9 changed files with 991 additions and 0 deletions
+207
View File
@@ -925,6 +925,42 @@ export interface paths {
patch?: never;
trace?: never;
};
"/api/v1/trees/{tree_id}/members": {
parameters: {
query?: never;
header?: never;
path?: never;
cookie?: never;
};
/** List Members */
get: operations["list_members_api_v1_trees__tree_id__members_get"];
put?: never;
/** Add Member */
post: operations["add_member_api_v1_trees__tree_id__members_post"];
delete?: never;
options?: never;
head?: never;
patch?: never;
trace?: never;
};
"/api/v1/trees/{tree_id}/members/{membership_id}": {
parameters: {
query?: never;
header?: never;
path?: never;
cookie?: never;
};
get?: never;
put?: never;
post?: never;
/** Remove Member */
delete: operations["remove_member_api_v1_trees__tree_id__members__membership_id__delete"];
options?: never;
head?: never;
/** Update Member */
patch: operations["update_member_api_v1_trees__tree_id__members__membership_id__patch"];
trace?: never;
};
}
export type webhooks = Record<string, never>;
export interface components {
@@ -1284,6 +1320,45 @@ export interface components {
/** Source Id */
source_id?: string | null;
};
/** MemberAdd */
MemberAdd: {
/** Email */
email: string;
/** @default viewer */
role?: components["schemas"]["MembershipRole"];
};
/** MemberRoleUpdate */
MemberRoleUpdate: {
role: components["schemas"]["MembershipRole"];
};
/** MembershipRead */
MembershipRead: {
/**
* Id
* Format: uuid
*/
id: string;
/**
* User Id
* Format: uuid
*/
user_id: string;
/** Email */
email: string;
/** Display Name */
display_name: string | null;
role: components["schemas"]["MembershipRole"];
/**
* Created At
* Format: date-time
*/
created_at: string;
};
/**
* MembershipRole
* @enum {string}
*/
MembershipRole: "owner" | "editor" | "viewer";
/** NameApply */
NameApply: {
/** Edits */
@@ -4092,4 +4167,136 @@ export interface operations {
};
};
};
list_members_api_v1_trees__tree_id__members_get: {
parameters: {
query?: never;
header?: never;
path: {
tree_id: string;
};
cookie?: never;
};
requestBody?: never;
responses: {
/** @description Successful Response */
200: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["MembershipRead"][];
};
};
/** @description Validation Error */
422: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["HTTPValidationError"];
};
};
};
};
add_member_api_v1_trees__tree_id__members_post: {
parameters: {
query?: never;
header?: never;
path: {
tree_id: string;
};
cookie?: never;
};
requestBody: {
content: {
"application/json": components["schemas"]["MemberAdd"];
};
};
responses: {
/** @description Successful Response */
201: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["MembershipRead"];
};
};
/** @description Validation Error */
422: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["HTTPValidationError"];
};
};
};
};
remove_member_api_v1_trees__tree_id__members__membership_id__delete: {
parameters: {
query?: never;
header?: never;
path: {
tree_id: string;
membership_id: string;
};
cookie?: never;
};
requestBody?: never;
responses: {
/** @description Successful Response */
204: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Validation Error */
422: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["HTTPValidationError"];
};
};
};
};
update_member_api_v1_trees__tree_id__members__membership_id__patch: {
parameters: {
query?: never;
header?: never;
path: {
tree_id: string;
membership_id: string;
};
cookie?: never;
};
requestBody: {
content: {
"application/json": components["schemas"]["MemberRoleUpdate"];
};
};
responses: {
/** @description Successful Response */
200: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["MembershipRead"];
};
};
/** @description Validation Error */
422: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["HTTPValidationError"];
};
};
};
};
}