feat(auth): block protected account deletion in auth endpoints
This commit is contained in:
@ -13,6 +13,7 @@ Implemented in MVP0:
|
||||
- Prisma auth models (`user`, `session`, `account`, `verification`)
|
||||
- First registration creates owner; subsequent registrations are disabled
|
||||
- Owner invariant reconciliation is enforced in auth bootstrap and owner promotion flow
|
||||
- Protected accounts (support + canonical owner) are blocked from delete-account auth endpoints
|
||||
|
||||
## Environment
|
||||
|
||||
@ -39,5 +40,5 @@ Optional:
|
||||
- Support user bootstrap is available via `bun run auth:seed:support`.
|
||||
- Root `bun run db:seed` runs DB seed and support-user seed.
|
||||
- `CMS_ADMIN_SELF_REGISTRATION_ENABLED` is temporary until admin settings UI manages this policy.
|
||||
- Owner invariant checks for future user-management mutations remain tracked in `TODO.md`.
|
||||
- Owner/support checks for future admin user-management mutations remain tracked in `TODO.md`.
|
||||
- Email verification and forgot/reset password pipelines are tracked for MVP2.
|
||||
|
||||
Reference in New Issue
Block a user