Build in logic so that you can only see player cards if you are owner or guest

[qisforq]

Objective:

Build in logic to ensure that player cards can only be accessed by the owner or authorized guests.

Sub-tasks:

1. Implement access control on the backend

   • [ ] Modify the API endpoints responsible for fetching player card data to include access control checks
   • [ ] Verify the user's identity and role (owner or guest) when processing requests for player cards
   • [ ] Retrieve the list of authorized guests for each player card from the database
   • [ ] Only return the player card data if the user is the owner or an authorized guest

2. Update the frontend to handle access control

   • [ ] Modify the player card components to check the user's access rights before rendering the card data
   • [ ] Display appropriate error messages or placeholders when the user does not have access to a specific player card
   • [ ] Hide or disable any actions or features that are not applicable based on the user's role (e.g., editing card details for guests)

3. Implement invitation and access management

   • [ ] Create a mechanism for card owners to invite guests and grant them access to specific player cards
   • [ ] Allow card owners to revoke access for guests when necessary
   • [ ] Update the database to store the guest access permissions for each player card

4. Test and validate access control

   • [ ] Conduct thorough testing to ensure that only the owner and authorized guests can access player cards
   • [ ] Test various scenarios, including unauthenticated users, unauthorized guests, and card owners
   • [ ] Verify that the frontend components render the appropriate content based on the user's access rights

[qisforq]

Related to #238

[qisforq]

Coordinate with Louis who is working on creating the endpoints to pull all card date for the user

[qisforq]

Done - in branch referralsDataLogic - PR upcoming