Description:
Need to build a permission system for invoices. Currently, all users can view all invoices if they have the URL. This must be restricted based on roles like OWNER, VIEWER, etc.
Feature Requirements:
Create a new enum InvoiceAccessType with values like VIEW, EDIT, DELETE, etc.
Add a new field to the Invoice model (e.g. permissions) or create a new relational table like InvoicePermission.
Owner of the invoice gets full access (VIEW, EDIT, DELETE).
Shared users get limited access (VIEW only or specific actions).
Restrict UI and API routes based on this access.
Description:
Need to build a permission system for invoices. Currently, all users can view all invoices if they have the URL. This must be restricted based on roles like OWNER, VIEWER, etc.
Feature Requirements:
Create a new enum InvoiceAccessType with values like VIEW, EDIT, DELETE, etc.
Add a new field to the Invoice model (e.g. permissions) or create a new relational table like InvoicePermission.
Owner of the invoice gets full access (VIEW, EDIT, DELETE).
Shared users get limited access (VIEW only or specific actions).
Restrict UI and API routes based on this access.