feat: permissions CRUD browser integration + E2E enhancements
Backend: - permission_handler: 完善权限 CRUD 接口(列表/创建/更新/删除) - auth_handler: 修复认证处理逻辑 - router: 新增权限管理路由 - handler_test: 新增权限 handler 测试覆盖 Frontend: - permissions.ts/test.ts: 权限服务层完整实现 - profile/settings/service_tests: 服务适配器修正 - client.ts: HTTP 客户端健壮性增强 - vite.config.js: 构建配置优化 - E2E 脚本: run-playwright-cdp-e2e 大幅增强(权限流程覆盖) Docs: - REAL_PROJECT_STATUS: 状态更新 - PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善 - plans/2026-04-23: 权限浏览器 CRUD 设计方案 验证: go build 0错误
This commit is contained in:
@@ -1,48 +1,144 @@
|
||||
# REAL PROJECT STATUS
|
||||
|
||||
## 2026-04-23 E2E Recovery Update
|
||||
## 2026-04-24 Profile Security Contract Recovery And Browser Re-Verification
|
||||
|
||||
### Latest Verification Snapshot
|
||||
|
||||
| Command | Result | Note |
|
||||
|------|------|------|
|
||||
| `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/DevicesPage/DevicesPage.test.tsx` | `PASS` | cursor pagination no longer auto-advances and flood-loads `/admin/devices` |
|
||||
| `cd frontend/admin && npm.cmd run test:run -- src/services/webhooks.test.ts` | `PASS` | webhook list and deliveries decoding now matches backend envelopes |
|
||||
| `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/WebhooksPage/WebhooksPage.test.tsx` | `PASS` | webhook management page still works after service fix |
|
||||
| `cd frontend/admin && npm.cmd run test:run -- src/services/social-accounts.test.ts` | `PASS` | social accounts decoding now matches backend `accounts` payload |
|
||||
| `cd frontend/admin && npm.cmd run lint` | `PASS` | frontend lint is green after the recovery changes |
|
||||
| `cd frontend/admin && npm.cmd run build` | `PASS` | frontend production build is green after the recovery changes |
|
||||
| `cd frontend/admin && npm.cmd run e2e:full:win` | `PASS` | supported browser-level Playwright CDP E2E path re-ran green in the current workspace |
|
||||
| `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx src/services/profile.test.ts src/services/service_adapters_additional.test.ts` | `PASS` | targeted profile page and service regression set passed `3` files / `22` tests after the password-write contract fix |
|
||||
| `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs` | `PASS` | Playwright CDP runner script is syntactically valid after action-scoped fetch wait changes |
|
||||
| `cd frontend/admin && npm.cmd run lint` | `PASS` | frontend lint is green after the profile password adapter fix and runner cleanup |
|
||||
| `cd frontend/admin && npm.cmd run build` | `PASS` | frontend production build is green after the profile password adapter fix and runner cleanup |
|
||||
| `cd frontend/admin && npm.cmd run e2e:full:win` | `PASS` | supported browser-level Playwright CDP E2E path re-ran green with `20` scenarios, including the repaired `profile-and-security` chain |
|
||||
|
||||
### Current Honest Status
|
||||
|
||||
- The supported browser-level real E2E command `cd frontend/admin && npm.cmd run e2e:full:win` is green again in the current workspace.
|
||||
- The re-verified scenarios now include:
|
||||
- The supported browser-level real E2E command `cd frontend/admin && npm.cmd run e2e:full:win` is green in the current workspace after re-verifying the full `20`-scenario suite.
|
||||
- The directly affected frontend verification set is green in the current workspace:
|
||||
- targeted profile page and service tests
|
||||
- `npm.cmd run lint`
|
||||
- `npm.cmd run build`
|
||||
- The concrete defects fixed in this round were:
|
||||
- frontend profile password writes were still sending the UI form shape (`current_password`, `confirm_password`) to `/users/:id/password`, while the real backend handler binds `old_password` and `new_password`, which produced a real browser-visible `400`;
|
||||
- the Playwright `profile-and-security` scenario could leave background fetch waiters running after a later locator failure, which then collapsed into misleading `Target page, context or browser has been closed` noise instead of exposing the true failing step.
|
||||
- This round did **not** re-run the full backend matrix (`go test ./... -count=1`, `go vet ./...`, `go build ./cmd/server`); the latest backend-wide green evidence remains the 2026-04-23 snapshot below.
|
||||
|
||||
### Boundary
|
||||
|
||||
- This update re-proves the directly affected frontend regression set and the supported browser-level E2E gate in the current workspace.
|
||||
- It does **not** by itself re-prove the full backend matrix, live third-party OAuth verification, or OS-level automation closure.
|
||||
|
||||
## 2026-04-23 Permissions CRUD And Full Matrix Closure
|
||||
|
||||
### Latest Verification Snapshot
|
||||
|
||||
| Command | Result | Note |
|
||||
|------|------|------|
|
||||
| `go test ./... -count=1` | `PASS` | full backend test matrix re-ran green on the current branch state |
|
||||
| `go vet ./...` | `PASS` | backend vet is green on the current branch state |
|
||||
| `go build ./cmd/server` | `PASS` | backend build is green on the current branch state |
|
||||
| `cd frontend/admin && npm.cmd run test:run` | `PASS` | frontend unit/integration suite passed `82` files / `522` tests |
|
||||
| `cd frontend/admin && npm.cmd run lint` | `PASS` | frontend lint is green after the permissions/browser harness updates |
|
||||
| `cd frontend/admin && npm.cmd run build` | `PASS` | frontend production build is green after the explicit Vite root fix |
|
||||
| `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs` | `PASS` | Playwright CDP runner script is syntactically valid after the permissions CRUD and CDP stability changes |
|
||||
| `cd frontend/admin && $env:E2E_SCENARIOS='permissions-management-crud'; npm.cmd run e2e:full:win` | `PASS` | targeted browser-level proof is green for `admin-bootstrap` plus `permissions-management-crud` |
|
||||
| `cd frontend/admin && npm.cmd run e2e:full:win` | `PASS` | supported browser-level Playwright CDP E2E path re-ran green with `20` scenarios in the current workspace |
|
||||
|
||||
### Current Honest Status
|
||||
|
||||
- The full backend matrix (`go test ./... -count=1`, `go vet ./...`, `go build ./cmd/server`) is green in the current workspace.
|
||||
- The full frontend matrix (`npm.cmd run test:run`, `npm.cmd run lint`, `npm.cmd run build`) is green in the current workspace.
|
||||
- The supported browser-level real E2E command `cd frontend/admin && npm.cmd run e2e:full:win` is green in the current workspace.
|
||||
- The re-verified browser scenarios now include `20` flows:
|
||||
- `admin-bootstrap`
|
||||
- `public-registration`
|
||||
- `email-activation`
|
||||
- `password-reset`
|
||||
- `login-surface`
|
||||
- `auth-workflow`
|
||||
- `responsive-login`
|
||||
- `desktop-mobile-navigation`
|
||||
- `user-management-crud`
|
||||
- `user-management-batch`
|
||||
- `role-management-crud`
|
||||
- `permissions-management-crud`
|
||||
- `device-management`
|
||||
- `login-logs`
|
||||
- `operation-logs`
|
||||
- `webhook-management`
|
||||
- `import-export`
|
||||
- `profile-and-security`
|
||||
- `settings`
|
||||
- `dashboard-stats`
|
||||
- The concrete defects fixed in this round were:
|
||||
- the permissions service adapter moved to the real numeric backend `type` contract, and older aggregate service tests were updated to match the new raw payload shape instead of asserting stale string payloads;
|
||||
- backend permission creation/status handling now accepts real browser payloads such as menu `type=0` and numeric `status` updates without falsely rejecting valid requests;
|
||||
- the permissions browser CRUD scenario was red because CDP `page.waitForRequest/Response` could miss successful proxied `/api/v1/permissions` calls even while the browser `fetch` had already returned `201`; the runner now proves those steps through in-page fetch completion plus UI refresh instead of misclassifying them as product failures;
|
||||
- Ant modal close assertions in the permissions flow were tightened to accept real leave-state transitions instead of requiring a brittle `hidden` state that could lag under headless-shell animation timing;
|
||||
- frontend aggregate tests now reflect the real permissions adapter contract, avoiding false red tests after a valid service-layer schema change;
|
||||
- frontend production build on Windows with `vite --configLoader native` was failing because Vite 8 resolved `index.html` as an absolute emitted asset name; setting explicit `root` in `frontend/admin/vite.config.js` restored a green build;
|
||||
- the browser harness is more tolerant of transient Windows CDP startup/runtime instability after raising the suite retry default to `3` and aligning the CDP attach timeout with the startup timeout window.
|
||||
|
||||
### Boundary
|
||||
|
||||
- This update re-proves the supported browser-level E2E path and the full local backend/frontend verification matrices in the current workspace.
|
||||
- It does **not** by itself re-prove real third-party OAuth live verification or complete OS-level automation closure.
|
||||
|
||||
## 2026-04-23 Password Reset And E2E Stability Update
|
||||
|
||||
### Latest Verification Snapshot
|
||||
|
||||
| Command | Result | Note |
|
||||
|------|------|------|
|
||||
| `go test ./... -count=1` | `PASS` | full backend test matrix re-ran green on the current branch state |
|
||||
| `go vet ./...` | `PASS` | backend vet is green after the auth capability fix |
|
||||
| `go build ./cmd/server` | `PASS` | backend build is green after the auth capability fix |
|
||||
| `cd frontend/admin && npm.cmd run test:run` | `PASS` | frontend unit/integration suite passed `82` files / `521` tests |
|
||||
| `cd frontend/admin && npm.cmd run lint` | `PASS` | frontend lint is green after the password-reset and CDP recovery changes |
|
||||
| `cd frontend/admin && npm.cmd run build` | `PASS` | frontend production build is green after the password-reset and CDP recovery changes |
|
||||
| `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs` | `PASS` | Playwright CDP runner script is syntactically valid after recovery changes |
|
||||
| `cd frontend/admin && npm.cmd run e2e:full:win` | `PASS` | supported browser-level Playwright CDP E2E path re-ran green with `19` scenarios in the current workspace |
|
||||
|
||||
### Current Honest Status
|
||||
|
||||
- The full backend matrix (`go test ./... -count=1`, `go vet ./...`, `go build ./cmd/server`) is green again in the current workspace.
|
||||
- The full frontend matrix (`npm.cmd run test:run`, `npm.cmd run lint`, `npm.cmd run build`) is green again in the current workspace.
|
||||
- The supported browser-level real E2E command `cd frontend/admin && npm.cmd run e2e:full:win` is green again in the current workspace.
|
||||
- The re-verified browser scenarios now include `19` flows:
|
||||
- `admin-bootstrap`
|
||||
- `public-registration`
|
||||
- `email-activation`
|
||||
- `password-reset`
|
||||
- `login-surface`
|
||||
- `auth-workflow`
|
||||
- `responsive-login`
|
||||
- `desktop-mobile-navigation`
|
||||
- `user-management-crud`
|
||||
- `user-management-batch`
|
||||
- `role-management-crud`
|
||||
- `device-management`
|
||||
- `login-logs`
|
||||
- `operation-logs`
|
||||
- `webhook-management`
|
||||
- `import-export`
|
||||
- `profile-and-security`
|
||||
- `settings`
|
||||
- `dashboard-stats`
|
||||
- The concrete defects fixed in this round were:
|
||||
- `DevicesPage` cursor state was auto-chaining next-page fetches and could drive `/api/v1/admin/devices` into `429`.
|
||||
- webhook frontend services were decoding `/webhooks` and `/webhooks/:id/deliveries` with the wrong response shape.
|
||||
- social account frontend service was decoding `/users/me/social-accounts` with the wrong response shape.
|
||||
- settings frontend service was double-unwrapping `/admin/settings` even though the shared HTTP client had already returned `result.data`.
|
||||
- backend `/api/v1/auth/capabilities` omitted `password_reset`, so the real login surface never exposed the password-reset entry even though the route was mounted.
|
||||
- the Playwright CDP suite had multiple over-broad locators and stale route/title assumptions in the later admin scenarios.
|
||||
- the outer browser-suite retry path was carrying a stale `admin-bootstrap` expectation across attempts even after the first attempt had already changed backend bootstrap state.
|
||||
- the Playwright CDP runner did not reconnect the browser connection when a late-stage page/context disappeared, so a single headless-shell target closure could falsely redline the rest of the suite.
|
||||
|
||||
### Boundary
|
||||
|
||||
- This update re-proves the supported browser-level E2E path only.
|
||||
- It does **not** by itself re-prove full backend `go test ./... -count=1`, real third-party OAuth live verification, or complete OS-level automation closure.
|
||||
- This update re-proves the supported browser-level E2E path and the full local backend/frontend verification matrices in the current workspace.
|
||||
- It does **not** by itself re-prove real third-party OAuth live verification or complete OS-level automation closure.
|
||||
|
||||
## 2026-04-10 复核更新(TDD修复后)
|
||||
|
||||
@@ -276,8 +372,11 @@
|
||||
| `webhook-management` | Webhook 页面导航、列表显示 | ✅ 已添加 |
|
||||
| `profile-and-security` | 个人资料页、安全设置页(密码修改、TOTP) | ✅ 已添加 |
|
||||
| `dashboard-stats` | 仪表盘统计卡片完整验证 | ✅ 已添加 |
|
||||
| `user-management-batch` | 用户批量启用、批量禁用、批量删除 | ✅ 已添加 |
|
||||
| `import-export` | 导入导出页面、模板下载、用户导出 | ✅ 已添加 |
|
||||
| `settings` | 系统设置页面、真实 `/admin/settings` 加载 | ✅ 已添加 |
|
||||
|
||||
### E2E 覆盖场景汇总(共 15 个)
|
||||
### E2E 覆盖场景汇总(共 18 个)
|
||||
|
||||
| # | 场景 | 覆盖内容 |
|
||||
|---|------|----------|
|
||||
@@ -296,6 +395,9 @@
|
||||
| 13 | `webhook-management` | Webhook 管理 |
|
||||
| 14 | `profile-and-security` | 个人资料与安全 |
|
||||
| 15 | `dashboard-stats` | 仪表盘统计 |
|
||||
| 16 | `user-management-batch` | 用户批量操作 |
|
||||
| 17 | `import-export` | 导入导出 |
|
||||
| 18 | `settings` | 系统设置 |
|
||||
|
||||
### 防虚假测试规则
|
||||
|
||||
|
||||
Reference in New Issue
Block a user