This commit is contained in:
zhx 2026-06-24 13:02:41 +08:00
parent 9c39d33bf2
commit ac6672f398
2 changed files with 14 additions and 9 deletions

View File

@ -4705,9 +4705,9 @@ func TestHostCenterPlatformPolicyRejectsNonActiveHost(t *testing.T) {
} }
} }
func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *testing.T) { func TestAgencyCenterOverviewAllowsOwnerWithoutManagerProfile(t *testing.T) {
hostClient := &fakeUserHostClient{ hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001}, roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{ getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
AgencyId: 7001, AgencyId: 7001,
OwnerUserId: 42, OwnerUserId: 42,
@ -4765,7 +4765,7 @@ func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *test
func TestAgencyCenterPlatformPolicyUsesAgencyRegion(t *testing.T) { func TestAgencyCenterPlatformPolicyUsesAgencyRegion(t *testing.T) {
hostClient := &fakeUserHostClient{ hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001}, roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{ getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
AgencyId: 7001, AgencyId: 7001,
OwnerUserId: 42, OwnerUserId: 42,
@ -4960,7 +4960,7 @@ func TestBDLeaderInviteBDForwardsSelfInvite(t *testing.T) {
func TestAgencyCenterInviteHostCreatesPendingInvitation(t *testing.T) { func TestAgencyCenterInviteHostCreatesPendingInvitation(t *testing.T) {
hostClient := &fakeUserHostClient{ hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001}, roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}}, getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
inviteHostResp: &userv1.InviteHostResponse{Invitation: &userv1.RoleInvitation{ inviteHostResp: &userv1.InviteHostResponse{Invitation: &userv1.RoleInvitation{
InvitationId: 9010, InvitationId: 9010,
@ -5051,7 +5051,10 @@ func TestRoleInvitationsListAndProcessForwardCurrentUser(t *testing.T) {
} }
func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) { func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
hostClient := &fakeUserHostClient{roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: false, AgencyId: 7001}} hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 99, Status: "active"}},
}
handler := NewHandlerWithClients(&fakeRoomClient{}, nil, nil, &fakeUserProfileClient{}) handler := NewHandlerWithClients(&fakeRoomClient{}, nil, nil, &fakeUserProfileClient{})
handler.SetUserHostClient(hostClient) handler.SetUserHostClient(hostClient)
handler.SetWalletClient(&fakeWalletClient{}) handler.SetWalletClient(&fakeWalletClient{})
@ -5069,14 +5072,14 @@ func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
if err := json.NewDecoder(recorder.Body).Decode(&response); err != nil { if err := json.NewDecoder(recorder.Body).Decode(&response); err != nil {
t.Fatalf("decode response failed: %v", err) t.Fatalf("decode response failed: %v", err)
} }
if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency != nil { if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency == nil || hostClient.lastGetAgency.GetAgencyId() != 7001 {
t.Fatalf("non-owner response mismatch: response=%+v getAgency=%+v", response, hostClient.lastGetAgency) t.Fatalf("non-owner response mismatch: response=%+v getAgency=%+v", response, hostClient.lastGetAgency)
} }
} }
func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) { func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
hostClient := &fakeUserHostClient{ hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001}, roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}}, getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
membersResp: &userv1.GetAgencyMembersResponse{Memberships: []*userv1.AgencyMembership{ membersResp: &userv1.GetAgencyMembersResponse{Memberships: []*userv1.AgencyMembership{
{MembershipId: 1, AgencyId: 7001, HostUserId: 42, MembershipType: "owner", Status: "active", JoinedAtMs: 10}, {MembershipId: 1, AgencyId: 7001, HostUserId: 42, MembershipType: "owner", Status: "active", JoinedAtMs: 10},
@ -5126,7 +5129,7 @@ func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
func TestAgencyCenterReviewAndRemoveForwardOwnerCommands(t *testing.T) { func TestAgencyCenterReviewAndRemoveForwardOwnerCommands(t *testing.T) {
hostClient := &fakeUserHostClient{ hostClient := &fakeUserHostClient{
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001}, roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}}, getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
reviewResp: &userv1.ReviewAgencyApplicationResponse{Application: &userv1.AgencyApplication{ reviewResp: &userv1.ReviewAgencyApplicationResponse{Application: &userv1.AgencyApplication{
ApplicationId: 9001, ApplicationId: 9001,

View File

@ -378,7 +378,7 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
return nil, false return nil, false
} }
summary := roleResp.GetSummary() summary := roleResp.GetSummary()
if summary == nil || !summary.GetIsManager() || summary.GetAgencyId() <= 0 { if summary == nil || summary.GetAgencyId() <= 0 {
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied") httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
return nil, false return nil, false
} }
@ -391,6 +391,8 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
return nil, false return nil, false
} }
agency := agencyResp.GetAgency() agency := agencyResp.GetAgency()
// Agency Center 只属于当前 active Agency owner。manager_profiles 是 Manager Center 权限事实,
// 不能作为 Agency owner 的前置条件;普通成员即使 role summary 带 current agency也会被 owner 校验挡住。
if agency == nil || agency.GetOwnerUserId() != userID || agency.GetStatus() != agencyStatusActive { if agency == nil || agency.GetOwnerUserId() != userID || agency.GetStatus() != agencyStatusActive {
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied") httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
return nil, false return nil, false