Currently PUT and PATCH allow updating fields that should never change or
should be restricted to specific roles.
Tasks
- Block customerId and gender from being updated in both PUT and PATCH on customers
- Block employeeId from being updated in both PUT and PATCH on employees
- Restrict role changes to ADMIN only — wire with hasAccess() check
Currently PUT and PATCH allow updating fields that should never change or
should be restricted to specific roles.
Tasks