View of an activation rule visible to a customer = identity columns + the
columns of the rule's current version.
customerId is intentionally omitted — the customer is always the
authenticated caller, so re-surfacing it on every rule is noise. Admin-global
rules (no customer scope) are surfaced through search() indistinguishably
from the customer's own rules; the controller stamps customerId from auth
onto the response for both, so customer views can't tell defaults apart from
their own rules.
View of an activation rule visible to a customer = identity columns + the columns of the rule's current version.
customerIdis intentionally omitted — the customer is always the authenticated caller, so re-surfacing it on every rule is noise. Admin-global rules (no customer scope) are surfaced throughsearch()indistinguishably from the customer's own rules; the controller stampscustomerIdfrom auth onto the response for both, so customer views can't tell defaults apart from their own rules.The ProductActivationRuleAdminService variant keeps
customerIdbecause admin views span multiple customers.