fix: exempt /api/clubs/me from tenant validation

- Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app not workclub-api) - Endpoint now works without X-Tenant-Id header as intended - Other endpoints still protected by tenant validation This fixes the chicken-and-egg problem where frontend needs to call /api/clubs/me to discover available clubs before selecting a tenant.
2026-03-05 21:32:37 +01:00
parent 18be0fb183
commit ffc4062eba
45 changed files with 5519 additions and 579 deletions
--- a/.sisyphus/evidence/final-qa/s30-get-shift.json
+++ b/.sisyphus/evidence/final-qa/s30-get-shift.json
@@ -0,0 +1,2 @@
+{"id":"a5dbb0b4-d82b-4cb1-9281-d595776889ee","title":"QA Test - Court Cleaning Shift","description":"Weekend court cleaning and maintenance","location":null,"startTime":"2026-03-15T08:00:00+00:00","endTime":"2026-03-15T12:00:00+00:00","capacity":3,"signups":[],"clubId":"00000000-0000-0000-0000-000000000000","createdById":"0fae5846-067b-4671-9eb9-d50d21d18dfe","createdAt":"2026-03-05T19:55:57.663062+00:00","updatedAt":"2026-03-05T19:55:57.663075+00:00"}
+HTTP_CODE:200