修复
This commit is contained in:
parent
9c39d33bf2
commit
ac6672f398
@ -4705,9 +4705,9 @@ func TestHostCenterPlatformPolicyRejectsNonActiveHost(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *testing.T) {
|
||||
func TestAgencyCenterOverviewAllowsOwnerWithoutManagerProfile(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
||||
AgencyId: 7001,
|
||||
OwnerUserId: 42,
|
||||
@ -4765,7 +4765,7 @@ func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *test
|
||||
|
||||
func TestAgencyCenterPlatformPolicyUsesAgencyRegion(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
||||
AgencyId: 7001,
|
||||
OwnerUserId: 42,
|
||||
@ -4960,7 +4960,7 @@ func TestBDLeaderInviteBDForwardsSelfInvite(t *testing.T) {
|
||||
|
||||
func TestAgencyCenterInviteHostCreatesPendingInvitation(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||
inviteHostResp: &userv1.InviteHostResponse{Invitation: &userv1.RoleInvitation{
|
||||
InvitationId: 9010,
|
||||
@ -5051,7 +5051,10 @@ func TestRoleInvitationsListAndProcessForwardCurrentUser(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: false, AgencyId: 7001}}
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 99, Status: "active"}},
|
||||
}
|
||||
handler := NewHandlerWithClients(&fakeRoomClient{}, nil, nil, &fakeUserProfileClient{})
|
||||
handler.SetUserHostClient(hostClient)
|
||||
handler.SetWalletClient(&fakeWalletClient{})
|
||||
@ -5069,14 +5072,14 @@ func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
|
||||
if err := json.NewDecoder(recorder.Body).Decode(&response); err != nil {
|
||||
t.Fatalf("decode response failed: %v", err)
|
||||
}
|
||||
if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency != nil {
|
||||
if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency == nil || hostClient.lastGetAgency.GetAgencyId() != 7001 {
|
||||
t.Fatalf("non-owner response mismatch: response=%+v getAgency=%+v", response, hostClient.lastGetAgency)
|
||||
}
|
||||
}
|
||||
|
||||
func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||
membersResp: &userv1.GetAgencyMembersResponse{Memberships: []*userv1.AgencyMembership{
|
||||
{MembershipId: 1, AgencyId: 7001, HostUserId: 42, MembershipType: "owner", Status: "active", JoinedAtMs: 10},
|
||||
@ -5126,7 +5129,7 @@ func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
|
||||
|
||||
func TestAgencyCenterReviewAndRemoveForwardOwnerCommands(t *testing.T) {
|
||||
hostClient := &fakeUserHostClient{
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||
reviewResp: &userv1.ReviewAgencyApplicationResponse{Application: &userv1.AgencyApplication{
|
||||
ApplicationId: 9001,
|
||||
|
||||
@ -378,7 +378,7 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
|
||||
return nil, false
|
||||
}
|
||||
summary := roleResp.GetSummary()
|
||||
if summary == nil || !summary.GetIsManager() || summary.GetAgencyId() <= 0 {
|
||||
if summary == nil || summary.GetAgencyId() <= 0 {
|
||||
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
||||
return nil, false
|
||||
}
|
||||
@ -391,6 +391,8 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
|
||||
return nil, false
|
||||
}
|
||||
agency := agencyResp.GetAgency()
|
||||
// Agency Center 只属于当前 active Agency owner。manager_profiles 是 Manager Center 权限事实,
|
||||
// 不能作为 Agency owner 的前置条件;普通成员即使 role summary 带 current agency,也会被 owner 校验挡住。
|
||||
if agency == nil || agency.GetOwnerUserId() != userID || agency.GetStatus() != agencyStatusActive {
|
||||
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
||||
return nil, false
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user