For now, it is the front application that check if current user is allowed to see an inventory. We should not return the secret inventory from the backend if the connected user is not allowed (not the DM or not the owner)
For now, it is the front application that check if current user is allowed to see an inventory.
We should not return the secret inventory from the backend if the connected user is not allowed (not the DM or not the owner)