fix(n+1): 批量查询替代循环单查

- IsAdminBootstrapRequired: userRepo.GetByID 循环 → GetByIDs 批量
- AssignRoles: roleRepo.GetByID 循环 → GetByIDs 批量
- 在 userRepositoryInterface 补充 GetByIDs 方法签名
This commit is contained in:
2026-05-08 08:05:26 +08:00
parent 9b1cea246e
commit 2a18a6fb47
39 changed files with 3169 additions and 393 deletions

View File

@@ -251,3 +251,59 @@ Use this section as the newest technical snapshot when earlier 2026-04-23 notes
### Stability Rule
- When a scenario uses asynchronous fetch diagnostics for proof, create the waiter in the same control flow as the triggering action and tear it down implicitly with that action path. A background waiter that survives a failed action is a runner bug because it can replace the primary failure with misleading page-closed noise.
## 2026-04-24 Scenario-Isolated Browser Gate Notes
### Main Acceptance Path
- The supported browser-level gate remains `cd frontend/admin && npm.cmd run e2e:full:win`.
- On 2026-04-24 that gate was re-run green after changing `frontend/admin/scripts/run-playwright-auth-e2e.ps1` to keep one backend and one frontend session alive while launching a fresh browser process for each selected Playwright scenario.
- `frontend/admin/scripts/run-playwright-cdp-e2e.mjs` now supports a lightweight `E2E_LIST_SCENARIOS=1` mode so the wrapper and the runner derive the scenario order from the same source of truth.
### Current Green Evidence
- The current full-gate green evidence is `21` isolated scenario runs in one end-to-end environment:
- `admin-bootstrap`
- `public-registration`
- `email-activation`
- `password-reset`
- `login-surface`
- `auth-workflow`
- `responsive-login`
- `desktop-mobile-navigation`
- `user-management-crud`
- `user-management-batch`
- `role-management-crud`
- `permissions-management-crud`
- `device-management`
- `login-logs`
- `operation-logs`
- `webhook-management`
- `import-export`
- `profile-management`
- `profile-and-security`
- `settings`
- `dashboard-stats`
### Operational Knobs
- `E2E_SCENARIO_ISOLATION=0` keeps the legacy whole-suite browser mode available for diagnostics.
- `E2E_SCENARIO_ATTEMPTS` overrides the per-scenario retry count; otherwise the wrapper falls back to `E2E_SUITE_ATTEMPTS`.
## 2026-04-24 Resource Ownership Authorization Notes
### Recommended Implementation Pattern
- For owner-scoped resources, split authorization across two layers:
- the handler extracts the current actor identity and admin bit from the authenticated request context;
- the service loads the target resource and re-checks `owner-or-admin` before returning or mutating it.
- This prevents future handlers, background callers, or admin-route reuse from silently bypassing ownership checks by passing a raw resource ID straight into repository operations.
### Minimum Regression Pattern
- Add a targeted red-green regression set for each resource family that covers:
- cross-user read forbidden;
- cross-user update forbidden;
- cross-user delete forbidden;
- cross-user state toggle forbidden;
- admin positive access when the contract allows it.