fix: exempt /api/clubs/me from tenant validation
- Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app not workclub-api) - Endpoint now works without X-Tenant-Id header as intended - Other endpoints still protected by tenant validation This fixes the chicken-and-egg problem where frontend needs to call /api/clubs/me to discover available clubs before selecting a tenant.
This commit is contained in:
WorkClub Automation
2
.sisyphus/evidence/final-qa/s21-update-task.json
Normal file
2
.sisyphus/evidence/final-qa/s21-update-task.json
Normal file
@@ -0,0 +1,2 @@
|
||||
{"id":"4a8334e2-981d-4fbc-9dde-aaa95fcd58ea","title":"QA Test - New Court Net","description":"Updated: Net replacement with upgraded materials","status":"Open","assigneeId":null,"createdById":"0fae5846-067b-4671-9eb9-d50d21d18dfe","clubId":"00000000-0000-0000-0000-000000000000","dueDate":"2026-03-15T23:59:59+00:00","createdAt":"2026-03-05T19:52:17.986198+00:00","updatedAt":"2026-03-05T19:55:00.187563+00:00"}
|
||||
HTTP_CODE:200
|
||||
Reference in New Issue
Block a user