Harden media and gameday access control
This commit is contained in:
Codex
9
PLAN.md
9
PLAN.md
@@ -26,6 +26,15 @@
|
||||
- Auth and session responses remain `no-store` so cached data is limited to app-owned clip state.
|
||||
- TeamSnap read queries now use cached-first stale-while-revalidate behavior on the client.
|
||||
|
||||
## Completed V1 Hardening
|
||||
- Media and gameday mutations now stay within the authenticated session's selected team and player scope.
|
||||
- Upload and clip-creation failures now clean up orphaned files before bubbling errors back to the client.
|
||||
|
||||
## Completed Asset Source Cleanup
|
||||
- Editable artwork sources now live in `frontend/assets/design/`, while the exported web-ready images remain in `frontend/public/`.
|
||||
- The splash artwork in `frontend/public/splash-art.svg` still serves as the editable vector source for the startup images in `frontend/public/`.
|
||||
- The existing `frontend/public/icon.svg` already covers the app icon artwork, so no separate raster-to-vector conversion was needed there.
|
||||
|
||||
## Storage Status
|
||||
- Backend media persists in the `backend-media` named Docker volume.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user