Trip Permissions

Share trips with other users and control their access level.

Permission Roles

Role	Can View	Can Edit	Can Delete	Can Share
`owner`	Yes	Yes	Yes	Yes
`planner`	Yes	Yes	Yes	No
`editor`	Yes	Yes	No	No
`viewer`	Yes	No	No	No

List Permissions

Get all permissions for a trip.

Endpoint: GET /api/v1/trips/{tripId}/permissions

Response:

[
  {
    "userId": 1,
    "username": "alice",
    "role": "owner",
    "grantedAt": "2024-01-15T10:00:00Z"
  },
  {
    "userId": 2,
    "username": "bob",
    "role": "editor",
    "grantedAt": "2024-01-16T14:00:00Z",
    "grantedByUserId": 1
  }
]

Grant Permission

Add a user to a trip or update their role.

Endpoint: POST /api/v1/trips/{tripId}/permissions

Request Body

Field	Type	Required	Description
`userId`	integer	Yes	User to grant access
`role`	string	Yes	Permission role

curl -X POST "https://travelmode2.replit.app/api/v1/trips/1/permissions" \
  -H "Authorization: Bearer tm_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"userId": 2, "role": "editor"}'

Response:

{
  "success": true,
  "userId": 2,
  "role": "editor"
}

Revoke Permission

Remove a user's access to a trip.

Endpoint: DELETE /api/v1/trips/{tripId}/permissions/{userId}

curl -X DELETE "https://travelmode2.replit.app/api/v1/trips/1/permissions/2" \
  -H "Authorization: Bearer tm_your_api_key"

Response: 204 No Content

Notes

Only trip owners can grant/revoke permissions
Owners cannot remove themselves (transfer ownership first)
Removing a user's permission is immediate and cannot be undone

Trip Permissions

Share trips with other users and control their access level.

Permission Roles

Role	Can View	Can Edit	Can Delete	Can Share
`owner`	Yes	Yes	Yes	Yes
`planner`	Yes	Yes	Yes	No
`editor`	Yes	Yes	No	No
`viewer`	Yes	No	No	No

List Permissions

Get all permissions for a trip.

Endpoint: GET /api/v1/trips/{tripId}/permissions

Response:

[
  {
    "userId": 1,
    "username": "alice",
    "role": "owner",
    "grantedAt": "2024-01-15T10:00:00Z"
  },
  {
    "userId": 2,
    "username": "bob",
    "role": "editor",
    "grantedAt": "2024-01-16T14:00:00Z",
    "grantedByUserId": 1
  }
]

Grant Permission

Add a user to a trip or update their role.

Endpoint: POST /api/v1/trips/{tripId}/permissions

Request Body

Field	Type	Required	Description
`userId`	integer	Yes	User to grant access
`role`	string	Yes	Permission role

curl -X POST "https://travelmode2.replit.app/api/v1/trips/1/permissions" \
  -H "Authorization: Bearer tm_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"userId": 2, "role": "editor"}'

Response:

{
  "success": true,
  "userId": 2,
  "role": "editor"
}

Revoke Permission

Remove a user's access to a trip.

Endpoint: DELETE /api/v1/trips/{tripId}/permissions/{userId}

curl -X DELETE "https://travelmode2.replit.app/api/v1/trips/1/permissions/2" \
  -H "Authorization: Bearer tm_your_api_key"

Response: 204 No Content

Notes

Only trip owners can grant/revoke permissions
Owners cannot remove themselves (transfer ownership first)
Removing a user's permission is immediate and cannot be undone