long-agent/user-system
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: long-agent:9e7b08e194bd4089681e9e33dcd7dbaa9183b088
Branches Tags
long-agent:main long-agent:fix/report-v6-p0-auth-and-idor long-agent:fix/status-review-sync-20260409
...
compare: long-agent:547fdab0b2d7eee4c22b5e2ac0ede9fb8e3ab91a
Branches Tags
long-agent:main long-agent:fix/report-v6-p0-auth-and-idor long-agent:fix/status-review-sync-20260409

2 Commits
9e7b08e194 ... 547fdab0b2

Author SHA1 Message Date
Your Name
547fdab0b2 fix: require permission for user role queries 2026-05-28 16:20:20 +08:00
Your Name
73ab66eb8c docs: clarify historical status snapshots 2026-05-28 15:58:53 +08:00
3 changed files with 14 additions and 6 deletions
Expand all files Collapse all files

8
docs/status/REAL_PROJECT_STATUS.md
View File

@@ -34,6 +34,14 @@
> 后端与前端静态/单测基线、依赖审计与浏览器级真实 E2E 均已恢复绿色;当前剩余的是提交前的文档真相同步和工作树卫生收口,而非功能性阻塞。
## 历史快照使用说明
- 以下分节均为历史审查/复核快照,保留用于追溯,不代表当前真相。
- 若历史分节中的“阻塞项 / 缺口 / FAIL”与 2026-05-28 live snapshot 冲突,一律以本文顶部最新快照为准。
- 这些历史记录的价值是说明问题曾经存在、如何被验证、以及何时被关闭;不应用作当前发布判断。
---
## 2026-04-10 复核更新TDD修复后
本节记录 2026-04-10 TDD修复后的最新状态。

10
internal/api/handler/handler_test.go
View File

@@ -699,18 +699,18 @@ func TestUserHandler_UpdateUserStatus_RequiresAdmin(t *testing.T) {
}
}
func TestUserHandler_GetUserRoles_Success(t *testing.T) {
func TestUserHandler_GetUserRoles_ForbiddenForRegularUser(t *testing.T) {
server, cleanup := setupHandlerTestServer(t)
defer cleanup()
registerUser(server.URL, "rolesadmin", "rolesadmin@test.com", "AdminPass123!")
token := getToken(server.URL, "rolesadmin", "AdminPass123!")
registerUser(server.URL, "rolesuser", "rolesuser@test.com", "UserPass123!")
token := getToken(server.URL, "rolesuser", "UserPass123!")
resp, _ := doGet(server.URL+"/api/v1/users/1/roles", token)
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
t.Errorf("expected status %d, got %d", http.StatusOK, resp.StatusCode)
if resp.StatusCode != http.StatusForbidden {
t.Errorf("expected status %d for non-admin user, got %d", http.StatusForbidden, resp.StatusCode)
}
}

2
internal/api/router/router.go
View File

@@ -212,7 +212,7 @@ func (r *Router) Setup() *gin.Engine {
users.DELETE("/:id", middleware.RequirePermission("user:delete"), r.userHandler.DeleteUser)
users.PUT("/:id/password", r.userHandler.UpdatePassword)
users.PUT("/:id/status", middleware.RequirePermission("user:manage"), r.userHandler.UpdateUserStatus)
users.GET("/:id/roles", r.userHandler.GetUserRoles)
users.GET("/:id/roles", middleware.RequirePermission("user:manage"), r.userHandler.GetUserRoles)
users.PUT("/:id/roles", middleware.RequirePermission("user:manage"), r.userHandler.AssignRoles)
users.PUT("/batch/status", middleware.RequirePermission("user:manage"), r.userHandler.BatchUpdateStatus)
users.DELETE("/batch", middleware.RequirePermission("user:delete"), r.userHandler.BatchDelete)