Reviewedv1Platform contracts
Tenant isolation and branch scope
Enforce scope in authentication, queries, policy, and tests—not merely as a UI filter.
The scope chain
Scope begins with trusted identity, then business, branch, and warehouse or resource where needed. Every level narrows access; none widens it.
- Resolve business from identity or a verified partner relationship.
- Verify the branch belongs to the business and the identity may use it.
- Verify the warehouse belongs to the branch or authorized scope.
- Apply policy to the resource itself before returning or mutating it.
Request values
A request may carry branch_id to select context, but that does not grant access. The server compares it with membership, permission, policy, and ownership.
Isolation tests
Test valid access, cross-business denial, cross-branch denial, branch_id=0, missing resources, and a user with a permission but no actual membership.