- All data is family-scoped
- Supabase Auth provides identity
- RLS enforces authorization at the database layer
Roles are stored in family_members.role.
- Full read/write access
- Can invite/remove members
- Can create share links
- Can manage children and camps
- Read/write camps and children
- Cannot manage membership
- Cannot create share links (MVP choice; can be changed later)
- Read-only access to family data
- Cannot edit camps/children
- Cannot create share links
RLS must be enabled on all tables and enforce:
- A user can only access rows belonging to families where they are a member
- A user’s role controls write permissions
Sharing uses share_links tokens and Edge Functions.
Requirements:
- Share links are read-only
- Tokens must not expose notes or cost
- Tokens may expire (optional in MVP; if implemented, enforce consistently)
- Soft deletes for camps and children (preferred)
- Users can request deletion of their account and associated family membership