修复
This commit is contained in:
parent
9c39d33bf2
commit
ac6672f398
@ -4705,9 +4705,9 @@ func TestHostCenterPlatformPolicyRejectsNonActiveHost(t *testing.T) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *testing.T) {
|
func TestAgencyCenterOverviewAllowsOwnerWithoutManagerProfile(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{
|
hostClient := &fakeUserHostClient{
|
||||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
||||||
AgencyId: 7001,
|
AgencyId: 7001,
|
||||||
OwnerUserId: 42,
|
OwnerUserId: 42,
|
||||||
@ -4765,7 +4765,7 @@ func TestAgencyCenterOverviewUsesOwnerAgencySalaryAndPendingApplications(t *test
|
|||||||
|
|
||||||
func TestAgencyCenterPlatformPolicyUsesAgencyRegion(t *testing.T) {
|
func TestAgencyCenterPlatformPolicyUsesAgencyRegion(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{
|
hostClient := &fakeUserHostClient{
|
||||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{
|
||||||
AgencyId: 7001,
|
AgencyId: 7001,
|
||||||
OwnerUserId: 42,
|
OwnerUserId: 42,
|
||||||
@ -4960,7 +4960,7 @@ func TestBDLeaderInviteBDForwardsSelfInvite(t *testing.T) {
|
|||||||
|
|
||||||
func TestAgencyCenterInviteHostCreatesPendingInvitation(t *testing.T) {
|
func TestAgencyCenterInviteHostCreatesPendingInvitation(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{
|
hostClient := &fakeUserHostClient{
|
||||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||||
inviteHostResp: &userv1.InviteHostResponse{Invitation: &userv1.RoleInvitation{
|
inviteHostResp: &userv1.InviteHostResponse{Invitation: &userv1.RoleInvitation{
|
||||||
InvitationId: 9010,
|
InvitationId: 9010,
|
||||||
@ -5051,7 +5051,10 @@ func TestRoleInvitationsListAndProcessForwardCurrentUser(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
|
func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: false, AgencyId: 7001}}
|
hostClient := &fakeUserHostClient{
|
||||||
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, AgencyId: 7001},
|
||||||
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 99, Status: "active"}},
|
||||||
|
}
|
||||||
handler := NewHandlerWithClients(&fakeRoomClient{}, nil, nil, &fakeUserProfileClient{})
|
handler := NewHandlerWithClients(&fakeRoomClient{}, nil, nil, &fakeUserProfileClient{})
|
||||||
handler.SetUserHostClient(hostClient)
|
handler.SetUserHostClient(hostClient)
|
||||||
handler.SetWalletClient(&fakeWalletClient{})
|
handler.SetWalletClient(&fakeWalletClient{})
|
||||||
@ -5069,14 +5072,14 @@ func TestAgencyCenterOverviewRejectsNonOwner(t *testing.T) {
|
|||||||
if err := json.NewDecoder(recorder.Body).Decode(&response); err != nil {
|
if err := json.NewDecoder(recorder.Body).Decode(&response); err != nil {
|
||||||
t.Fatalf("decode response failed: %v", err)
|
t.Fatalf("decode response failed: %v", err)
|
||||||
}
|
}
|
||||||
if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency != nil {
|
if response.Code != httpkit.CodePermissionDenied || hostClient.lastGetAgency == nil || hostClient.lastGetAgency.GetAgencyId() != 7001 {
|
||||||
t.Fatalf("non-owner response mismatch: response=%+v getAgency=%+v", response, hostClient.lastGetAgency)
|
t.Fatalf("non-owner response mismatch: response=%+v getAgency=%+v", response, hostClient.lastGetAgency)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
|
func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{
|
hostClient := &fakeUserHostClient{
|
||||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||||
membersResp: &userv1.GetAgencyMembersResponse{Memberships: []*userv1.AgencyMembership{
|
membersResp: &userv1.GetAgencyMembersResponse{Memberships: []*userv1.AgencyMembership{
|
||||||
{MembershipId: 1, AgencyId: 7001, HostUserId: 42, MembershipType: "owner", Status: "active", JoinedAtMs: 10},
|
{MembershipId: 1, AgencyId: 7001, HostUserId: 42, MembershipType: "owner", Status: "active", JoinedAtMs: 10},
|
||||||
@ -5126,7 +5129,7 @@ func TestAgencyCenterHostsReturnsActiveHostSalary(t *testing.T) {
|
|||||||
|
|
||||||
func TestAgencyCenterReviewAndRemoveForwardOwnerCommands(t *testing.T) {
|
func TestAgencyCenterReviewAndRemoveForwardOwnerCommands(t *testing.T) {
|
||||||
hostClient := &fakeUserHostClient{
|
hostClient := &fakeUserHostClient{
|
||||||
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsManager: true, AgencyId: 7001},
|
roleSummary: &userv1.UserRoleSummary{UserId: 42, IsAgency: true, IsManager: false, AgencyId: 7001},
|
||||||
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
getAgencyResp: &userv1.GetAgencyResponse{Agency: &userv1.Agency{AgencyId: 7001, OwnerUserId: 42, Status: "active"}},
|
||||||
reviewResp: &userv1.ReviewAgencyApplicationResponse{Application: &userv1.AgencyApplication{
|
reviewResp: &userv1.ReviewAgencyApplicationResponse{Application: &userv1.AgencyApplication{
|
||||||
ApplicationId: 9001,
|
ApplicationId: 9001,
|
||||||
|
|||||||
@ -378,7 +378,7 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
|
|||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
summary := roleResp.GetSummary()
|
summary := roleResp.GetSummary()
|
||||||
if summary == nil || !summary.GetIsManager() || summary.GetAgencyId() <= 0 {
|
if summary == nil || summary.GetAgencyId() <= 0 {
|
||||||
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
@ -391,6 +391,8 @@ func (h *Handler) resolveCurrentOwnerAgency(writer http.ResponseWriter, request
|
|||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
agency := agencyResp.GetAgency()
|
agency := agencyResp.GetAgency()
|
||||||
|
// Agency Center 只属于当前 active Agency owner。manager_profiles 是 Manager Center 权限事实,
|
||||||
|
// 不能作为 Agency owner 的前置条件;普通成员即使 role summary 带 current agency,也会被 owner 校验挡住。
|
||||||
if agency == nil || agency.GetOwnerUserId() != userID || agency.GetStatus() != agencyStatusActive {
|
if agency == nil || agency.GetOwnerUserId() != userID || agency.GetStatus() != agencyStatusActive {
|
||||||
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
httpkit.WriteError(writer, request, http.StatusForbidden, httpkit.CodePermissionDenied, "permission denied")
|
||||||
return nil, false
|
return nil, false
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user