Location API
Summary
Implement the ConnectRPC service for location CRUD. Locations are reusable physical places (ranges, facilities, personal addresses) referenced by events and personal range days. Supports org-scoped, user-scoped, and public visibility.
Requirements
- Location CRUD (create, read, update, delete) with ownership enforcement
- Visibility model: private org-scoped, private user-scoped, public (well-known ranges)
- List locations filtered by org, user, visibility, and proximity (lat/lng)
- Authorization checks: org members manage org locations, users manage personal locations, anyone reads public
- Search/autocomplete for public locations to reduce duplicates
- Ownership validation via check constraint (see db-schema)
Implemented (v1)
5 RPCs matching proto contract (CreateLocation, UpdateLocation, GetLocation, ListLocations, DeleteLocation). 19 integration tests.
MVP Design Decisions
- Visibility-gated listing:
ListLocationsenforces caller-readable visibility as a baseline gate (own user locations, org member locations, public when flagged). Filters (org_id, user_id) narrow within that visible set — they cannot widen it. - Public locations are immutable:
UpdateLocationandDeleteLocationreject public locations withFailedPrecondition. No creator tracking for public locations in v1. - Name normalization: names are trimmed before length validation; whitespace-only names are rejected.
- Deletion guard:
DeleteLocationchecksevents.location_idforeign key references before allowing deletion. - Input structs:
CreateLocationInput/UpdateLocationInputused to satisfy clippy’s too-many-arguments lint.
Deferred to future passes
- Proximity/geo search: proto supports lat/lng fields but filtering by proximity is deferred.
- Search/autocomplete: deduplication of public locations via search is deferred.
- Public location editing: may need creator tracking or admin-only edits in the future.
- Notification side effects: deferred pending push notification infrastructure.