mirror of
https://github.com/screentinker/screentinker.git
synced 2026-06-17 03:32:32 -06:00
289d54f4fa
Placement-as-grant, replacing the inferred auto-place idea. api_token_target_zones is an ADDITIVE second table (does NOT touch the proven api_token_targets), structurally anchored: a composite FK to api_token_targets(token_id, playlist_id) makes a zone grant orphan- impossible and cascade away when the playlist grant is revoked - "narrow" is structural, not conventional. zone_id FK -> layout_zones cascades on zone/layout delete. Confinement (lib/agency-targets.resolveGrantedZone, called in the item-add): grants exist -> the item MUST land in a granted zone (a body zone_id picks among grants, never escapes them); none -> whole-playlist/full-screen as before. The item-add stamps the granted zone_id. Bite-tested (6, all proven incl. neutralize->red on the confinement): granted YES; non- granted/cross-playlist/ambiguous blocked; orphan-grant rejected by the FK; cascade on playlist-grant revoke, on playlist delete, on zone/layout delete; and foreign_keys=ON asserted (a cascade that no-ops because FKs are off is the trap). 153 suite green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| agency-layouts.js | ||
| agency-targets.js | ||
| branding.js | ||
| command-queue.js | ||
| content-ingest.js | ||
| device-sanitize.js | ||
| image-gen.js | ||
| pair-lockout.js | ||
| permissions.js | ||
| schedule-eval.js | ||
| schema-check.js | ||
| secretbox.js | ||
| socket-rooms.js | ||
| tenancy.js | ||
| tenant-cascade-migration.js | ||
| totp-lockout.js | ||
| totp.js | ||
| user-deletion.js | ||