fix(lists): enforce collaborator permissions end-to-end (UI + mutations)
src/hooks/useVideoLists.ts already parses collaborative and collaborator tags, but src/pages/ListDetailPage.tsx still uses canEdit = isOwner (with a TODO).
As a result, collaboration metadata exists in events, but editing behavior remains owner-only in practice.
This issue aims to align list permissions across rendering and mutations so collaborative lists behave consistently and safely.
Problem
- Collaboration is represented in list metadata (
collaborative, collaborator), but not fully enforced in app behavior.
- UI-level checks and mutation-level checks are not consistently aligned.
- A user can encounter unclear failure states when they appear to have access but edits are blocked (or vice versa).
Scope
- Implement a shared permission resolver for list editing:
- owner can edit,
- listed collaborators can edit when the list is collaborative,
- everyone else is read-only.
- Replace local ad-hoc permission logic in list detail views with the shared resolver.
- Enforce the same permission model in list mutations (add/remove/edit), not only in UI visibility.
- Return clear, user-facing error messages for denied edit attempts.
- Keep public list reading behavior unchanged.
Out of scope
- Private/encrypted list support.
- New collaboration roles beyond owner/collaborator.
- Relay/protocol changes to list event format.
Definition of done
- Allowed collaborators can edit collaborative lists end-to-end.
- Non-collaborators cannot edit even if they trigger actions manually.
- UI affordances (buttons/dialogs) match actual backend/mutation permissions.
- Permission logic is centralized and reused (no drift between page and hooks).
- Existing owner-only flows continue to work without regressions.
fix(lists): enforce collaborator permissions end-to-end (UI + mutations)
src/hooks/useVideoLists.tsalready parsescollaborativeandcollaboratortags, butsrc/pages/ListDetailPage.tsxstill usescanEdit = isOwner(with a TODO).As a result, collaboration metadata exists in events, but editing behavior remains owner-only in practice.
This issue aims to align list permissions across rendering and mutations so collaborative lists behave consistently and safely.
Problem
collaborative,collaborator), but not fully enforced in app behavior.Scope
Out of scope
Definition of done