Remove org model; make AppUser global with super admin

2026-01-26 22:33:59 +05:30
parent bf87d329d4
commit 1400451bfe
26 changed files with 101 additions and 362 deletions
--- a/AGENTS.md
+++ b/AGENTS.md
@@ -22,7 +22,7 @@ Core principles
 - Room availability by room number; toAt=null means occupied.
 - Room change = close old RoomStay + open new one.
 - Multi-property: every domain object scoped to property_id.
- Users belong to org; access granted per property.
+- AppUser is global; access granted per property.

 Immutable rules
 - Use Kotlin only; no microservices.
@@ -46,19 +46,18 @@ Security/Auth
 - /auth/verify and /auth/me.

 Domain entities
- Organization: name, emailAliases, allowedTransportModes.
 - Property: code, name, addressText, emailAddresses, otaAliases, allowedTransportModes.
- AppUser, PropertyUser (roles per property).
+- AppUser (global, superAdmin), PropertyUser (roles per property).
 - RoomType: code/name/occupancy + otaAliases.
 - Room: roomNumber, floor, hasNfc, active, maintenance, notes.
 - Booking: status, expected check-in/out, emailAuditPdfUrl, transportMode, transportVehicleNumber.
- Guest (org-scoped).
+- Guest (property-scoped).
 - RoomStay.
 - RoomStayChange (idempotent room move).
 - IssuedCard (cardId, cardIndex, issuedAt, expiresAt, issuedBy, revokedAt).
 - PropertyCardCounter (per-property cardIndex counter).
 - GuestDocument (files + AI-extracted json).
- GuestVehicle (org-scoped vehicle numbers).
+- GuestVehicle (property-scoped vehicle numbers).
 - InboundEmail (audit PDF + raw EML, extracted json, status).
 - RoomImage (original + thumbnail).

@@ -68,14 +67,10 @@ Auth
 - /auth/verify
 - /auth/me

-Organizations / Properties / Users
- POST /orgs
- GET /orgs/{orgId}
- POST /orgs/{orgId}/properties
- GET /orgs/{orgId}/properties
+Properties / Users
+- POST /properties (creator becomes ADMIN on that property)
+- GET /properties (super admin gets all; others get memberships)
 - PUT /properties/{propertyId}
- GET /orgs/{orgId}/users
- POST /orgs/{orgId}/users (removed; users created by app)
 - GET /properties/{propertyId}/users
 - PUT /properties/{propertyId}/users/{userId}/roles
 - DELETE /properties/{propertyId}/users/{userId} (ADMIN only)
@@ -93,9 +88,8 @@ Room types
 - PUT /properties/{propertyId}/room-types/{roomTypeId}
 - DELETE /properties/{propertyId}/room-types/{roomTypeId}

-Properties / Orgs
+Properties
 - Property create/update accepts addressText, otaAliases, emailAddresses, allowedTransportModes.
- Org create/get returns emailAliases + allowedTransportModes.

 Booking flow
 - /properties/{propertyId}/bookings/{bookingId}/check-in (creates RoomStay rows)
@@ -126,7 +120,7 @@ Room images
 - Thumbnails generated (320px).

 Transport modes
- /properties/{propertyId}/transport-modes -> returns enabled list (property > org > default all).
+- /properties/{propertyId}/transport-modes -> returns enabled list (property or default all).

 Inbound email ingestion
 - IMAP poller (1 min) with enable flag.
@@ -153,5 +147,6 @@ Config

 Notes / constraints
 - Users are created by app; API only manages roles.
+- Super admin can create properties and assign users to properties.
 - Admin can assign ADMIN/MANAGER/STAFF/AGENT; Manager can assign STAFF/AGENT.
 - Agents can only see free rooms.