eb0350733b
TreeMembership was enforced on every read/write but had no API or UI to manage
members — trees were effectively single-user, breaking full-CRUD (NN#8).
Backend (/trees/{id}/members): list (members only — the list exposes emails, so
non-members never see it, even on public trees); add an existing user by email
(owner only, 404 if no such account, 409 if already a member); PATCH role;
DELETE. A tree must always keep ≥1 owner (demote/remove of the sole owner → 409).
All changes audited.
Frontend: a Members page (owner gets add-by-email + per-member role select +
remove; others see a read-only list) and a sidebar entry.
Test covers the full lifecycle + every guard. Suite 77 passed.
Closes #145
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Justin Paul <justin@jpaul.me>
37 lines
910 B
Python
37 lines
910 B
Python
"""Versioned API surface. Mounts under /api/v1."""
|
|
|
|
from fastapi import APIRouter
|
|
|
|
from app.api.v1 import (
|
|
auth,
|
|
citations,
|
|
cleanup,
|
|
events,
|
|
gedcom,
|
|
media,
|
|
members,
|
|
names,
|
|
persons,
|
|
public,
|
|
relationships,
|
|
sources,
|
|
trees,
|
|
users,
|
|
)
|
|
|
|
api_router = APIRouter(prefix="/api/v1")
|
|
api_router.include_router(auth.router)
|
|
api_router.include_router(users.router)
|
|
api_router.include_router(trees.router)
|
|
api_router.include_router(persons.router)
|
|
api_router.include_router(names.router)
|
|
api_router.include_router(events.router)
|
|
api_router.include_router(relationships.router)
|
|
api_router.include_router(sources.router)
|
|
api_router.include_router(citations.router)
|
|
api_router.include_router(media.router)
|
|
api_router.include_router(gedcom.router)
|
|
api_router.include_router(cleanup.router)
|
|
api_router.include_router(public.router)
|
|
api_router.include_router(members.router)
|