9b750a0698
Some checks failed
CI / Unit & Component Tests (push) Failing after 3m13s
CI / OCR Service Tests (push) Successful in 25s
CI / Backend Unit Tests (push) Failing after 2m54s
CI / Unit & Component Tests (pull_request) Failing after 3m19s
CI / OCR Service Tests (pull_request) Successful in 30s
CI / Backend Unit Tests (pull_request) Failing after 3m10s
Addresses @markus/@nora suggestion: makes explicit that the missing @RequirePermission on read endpoints is intentional — all authenticated family members may read the family graph; unauthenticated access is still blocked by Spring Security's anyRequest().authenticated() rule. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>