User Story
As a product owner, I want each trip feature to be accessible only to the appropriate role, so that the integrity of the planning process is maintained.
Acceptance Criteria
- All permissions defined in the spec rights matrix are enforced both client-side (UI) and server-side (API)
- Read-only visitors cannot vote, comment, select listings, or view member availability
- Members cannot reveal the podium, configure budget settings, or invite other members
- The organiser cannot leave their own trip
User Story
As a product owner, I want each trip feature to be accessible only to the appropriate role, so that the integrity of the planning process is maintained.
Acceptance Criteria