Backlog: Modify company access validation
TL;DR
Align modify-company-access validation with real company access / RBAC instead of inferring from role names; includes an interim ATIC-session shortcut while the proper rule lands.
Description
- Project: Conexus (company master / listing consumed by other internal apps).
- Problem: Validation keys off role names instead of proper app company access in RBAC.
- Quick fix (interim): At the top of the validation path, if the user session company code is
ATIC, allow modifying records whose source is "CONEXUS" (then keep or refactor remaining checks).
- Proper fix: Align validation with real company-access semantics instead of role-name checks.
Acceptance Criteria
- Interim rule behaves as specified for ATIC + CONEXUS records without widening unrelated cases
- Proper RBAC/company-access checks documented and implemented (replace or supersede interim path)
- Regression pass on modify-company-access flows
Priority
- Priority: p2
- Rationale: Data integrity + maintainability for shared company dataset.
Dependencies
- Blocks: —
- Blocked by: —
- Related ADR: —
Links
- Project context: [[Projects/anabatic-conexus/context/index]]
- Company: [[Resources/Companies/Anabatic Digital Raya]]
- Source capture (resolved): routed from inbox 2026-05-12.
Notes
- Cross-links: consumers include listings that depend on Conexus company rows (e.g. CMS where relevant).