feat: permissions CRUD browser integration + E2E enhancements
Backend: - permission_handler: 完善权限 CRUD 接口(列表/创建/更新/删除) - auth_handler: 修复认证处理逻辑 - router: 新增权限管理路由 - handler_test: 新增权限 handler 测试覆盖 Frontend: - permissions.ts/test.ts: 权限服务层完整实现 - profile/settings/service_tests: 服务适配器修正 - client.ts: HTTP 客户端健壮性增强 - vite.config.js: 构建配置优化 - E2E 脚本: run-playwright-cdp-e2e 大幅增强(权限流程覆盖) Docs: - REAL_PROJECT_STATUS: 状态更新 - PRODUCTION_CHECKLIST/QUALITY_STANDARD/TECHNICAL_GUIDE/PROJECT_EXPERIENCE_SUMMARY: 团队规范完善 - plans/2026-04-23: 权限浏览器 CRUD 设计方案 验证: go build 0错误
This commit is contained in:
@@ -125,3 +125,109 @@ npm.cmd run e2e:full:win
|
||||
- [ ] 若包装脚本、临时缓存、工作目录切换或环境注入失败,已按真实失败处理,而不是拿局部命令绿灯代替。
|
||||
- [ ] `cd frontend/admin && npm.cmd run test:run` 与 `cd frontend/admin && npm.cmd run test:coverage` 运行后,无 `window.alert`、`window.confirm`、`window.prompt`、`window.open` 调用和 jsdom `Not implemented` 噪声。
|
||||
- [ ] 如本轮改动把 stub、`not implemented` 或 mock 接口切换为 live 实现,已补充负向权限测试、边界条件测试、失败回滚测试。
|
||||
|
||||
## 2026-04-23 Latest Gate Snapshot
|
||||
|
||||
Use this section as the current release-facing snapshot for the workspace. If older notes elsewhere in this file conflict with this section, use this snapshot first.
|
||||
|
||||
### Re-verified Commands
|
||||
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/DevicesPage/DevicesPage.test.tsx`
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/services/webhooks.test.ts`
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/WebhooksPage/WebhooksPage.test.tsx`
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/services/social-accounts.test.ts`
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/services/settings.test.ts src/pages/admin/SettingsPage/SettingsPage.test.tsx src/pages/admin/ImportExportPage/ImportExportPage.test.tsx`
|
||||
- `cd frontend/admin && npm.cmd run lint`
|
||||
- `cd frontend/admin && npm.cmd run build`
|
||||
- `cd frontend/admin && npm.cmd run e2e:full:win`
|
||||
|
||||
### Current Honest Release Conclusion
|
||||
|
||||
- The supported browser-level acceptance path `cd frontend/admin && npm.cmd run e2e:full:win` is green again in the current workspace.
|
||||
- The latest green browser run included `admin-bootstrap`, `public-registration`, `email-activation`, `login-surface`, `auth-workflow`, `responsive-login`, `desktop-mobile-navigation`, `user-management-crud`, `user-management-batch`, `role-management-crud`, `device-management`, `login-logs`, `operation-logs`, `webhook-management`, `import-export`, `profile-and-security`, `settings`, and `dashboard-stats`.
|
||||
- This evidence is sufficient for the supported browser-level gate, but it does not by itself replace the backend full matrix (`go test ./... -count=1`, `go vet ./...`, `go build ./cmd/server`).
|
||||
- This snapshot also does not prove OS-level automation, live third-party OAuth validation, or external secrets/KMS delivery evidence.
|
||||
|
||||
## 2026-04-23 Additional Browser Gate Checks
|
||||
|
||||
- [ ] Cursor or list-page changes include a regression proving initial load does not self-trigger `next_cursor` pagination or burst extra requests.
|
||||
- [ ] Frontend service changes against admin APIs verify exact response-envelope fields in service tests, not only page rendering.
|
||||
- [ ] Frontend services using the shared HTTP client do not unwrap `data` twice; service tests reflect the real `request()` contract.
|
||||
- [ ] Playwright selector changes prefer route, heading, role, or labeled-control locators over broad text searches.
|
||||
- [ ] If suite retry reuses the same backend state, bootstrap or similar one-time preconditions are re-evaluated before rerunning browser scenarios.
|
||||
- [ ] If a late-suite E2E failure blocks release, the release note records whether the root cause was product behavior, contract drift, selector drift, or browser-runtime instability.
|
||||
|
||||
## 2026-04-23 Password Reset Gate Snapshot
|
||||
|
||||
### Latest Green Evidence
|
||||
|
||||
- `go test ./... -count=1`
|
||||
- `go vet ./...`
|
||||
- `go build ./cmd/server`
|
||||
- `cd frontend/admin && npm.cmd run test:run`
|
||||
- `cd frontend/admin && npm.cmd run lint`
|
||||
- `cd frontend/admin && npm.cmd run build`
|
||||
- `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs`
|
||||
- `cd frontend/admin && npm.cmd run e2e:full:win`
|
||||
|
||||
### Current Honest Release Conclusion
|
||||
|
||||
- The current supported browser-level gate is green with `19` scenarios and now includes `password-reset`.
|
||||
- The same branch state also re-proved the backend full matrix and the frontend unit/lint/build matrix.
|
||||
- This still does not prove OS-level automation or live third-party OAuth/secrets delivery.
|
||||
|
||||
### Additional Checklist Items
|
||||
|
||||
- [ ] If a public auth route is conditionally mounted, `/api/v1/auth/capabilities` exposes the same availability bit from the same source of truth.
|
||||
- [ ] A newly added auth or session browser flow is only accepted after both its targeted run and the full supported browser gate are green.
|
||||
- [ ] When CDP loses the persistent page late in the suite, fix runner recovery before classifying the gate as inherently flaky.
|
||||
|
||||
## 2026-04-23 Permissions CRUD And Full Matrix Snapshot
|
||||
|
||||
Use this section first if earlier 2026-04-23 notes in this file conflict with it.
|
||||
|
||||
### Latest Green Evidence
|
||||
|
||||
- `go test ./... -count=1`
|
||||
- `go vet ./...`
|
||||
- `go build ./cmd/server`
|
||||
- `cd frontend/admin && npm.cmd run test:run`
|
||||
- `cd frontend/admin && npm.cmd run lint`
|
||||
- `cd frontend/admin && npm.cmd run build`
|
||||
- `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs`
|
||||
- `cd frontend/admin && $env:E2E_SCENARIOS='permissions-management-crud'; npm.cmd run e2e:full:win`
|
||||
- `cd frontend/admin && npm.cmd run e2e:full:win`
|
||||
|
||||
### Current Honest Release Conclusion
|
||||
|
||||
- The current supported browser-level gate is green with `20` scenarios and now includes `permissions-management-crud`.
|
||||
- The same branch state also re-proved the backend full matrix and the frontend unit, lint, and build matrix.
|
||||
- This evidence proves the supported browser-level acceptance path in the current workspace. It still does not prove OS-level automation, live third-party OAuth validation, or external secrets or KMS delivery evidence.
|
||||
|
||||
### Additional Checklist Items
|
||||
|
||||
- [ ] If a frontend service normalizes backend enum values for UI consumption, tests cover the raw backend payload shape, the normalized frontend shape, and outbound write serialization.
|
||||
- [ ] If a browser scenario succeeds in the page but CDP request or response observers miss the proxied call, runner-level proof records the real in-page fetch result before classifying the product as broken.
|
||||
- [ ] If a modal-driven CRUD flow depends on an overlay leaving animation, the next user action waits for the modal to stop blocking interaction instead of relying on a broad hidden assertion alone.
|
||||
- [ ] If `npm.cmd run build` depends on Vite native config loading on Windows, the supported config keeps HTML inputs under an explicit project root instead of relying on wrapper scripts to mask absolute-path errors.
|
||||
|
||||
## 2026-04-24 Profile Security Contract Recovery Snapshot
|
||||
|
||||
### Latest Green Evidence
|
||||
|
||||
- `cd frontend/admin && npm.cmd run test:run -- src/pages/admin/ProfileSecurityPage/ProfileSecurityPage.behavior.test.tsx src/services/profile.test.ts src/services/service_adapters_additional.test.ts`
|
||||
- `cd frontend/admin && node --check ./scripts/run-playwright-cdp-e2e.mjs`
|
||||
- `cd frontend/admin && npm.cmd run lint`
|
||||
- `cd frontend/admin && npm.cmd run build`
|
||||
- `cd frontend/admin && npm.cmd run e2e:full:win`
|
||||
|
||||
### Current Honest Release Conclusion
|
||||
|
||||
- The supported browser-level gate remains green with `20` scenarios after the real `profile-and-security` password-update contract fix.
|
||||
- This round re-proved the directly affected frontend regression set, lint, build, and the supported browser gate on the same workspace state.
|
||||
- This round did not re-run the backend full matrix, so backend-wide claims still rely on the latest earlier verified snapshot.
|
||||
|
||||
### Additional Checklist Items
|
||||
|
||||
- [ ] If a UI form shape differs from the backend write contract, the service adapter must serialize the backend field names explicitly and service tests must pin the exact outbound payload.
|
||||
- [ ] If a browser runner waits on in-page fetch diagnostics, that wait must be created in the same control flow as the submit action and must not be allowed to outlive a failed click or fill step.
|
||||
|
||||
Reference in New Issue
Block a user