Commit Graph

4 Commits

Author SHA1 Message Date
Claude c9c2c58c16 feat(labels): let bot owners manage labels created by their bots
Bot owners inherit read/update/delete permission on labels created by
bots they own, mirroring the bot-owner branch already used by API tokens
(see api_tokens_permissions.go). Without this, a label a bot creates is
permanently locked to that bot and the human owner cannot maintain it.

https://claude.ai/code/session_016x6mUPJuuQEeXpHY814iLh
2026-06-09 11:40:04 +00:00
kolaente e22e169fb9 feat(api/v2): report max_permission on label and project-view reads
Read/update use a per-resource struct that embeds the model by value and adds a
readOnly max_permission field (labelReadBody, projectViewReadBody); Go and Huma
promote the embedded fields, so the body stays flat with no custom marshaler and
nothing on the shared models. The handler passes the model's Updated and the
permission to conditionalReadResponse, which folds the permission into the ETag.
Adds a webtest asserting two callers with different permission on the same label
get different ETags, plus max_permission presence assertions.
2026-06-04 21:16:51 +00:00
kolaente 5c05a1a289 test(api/v2): port full v1 label coverage
Bring the merged v2 Label webtest (TestHumaLabel) to 1:1 parity with the
model-level matrix in pkg/models/label_test.go so the v2 HTTP surface
independently proves the full visibility/permission contract once v1's
routes and tests are removed.

Added scenarios:
- ReadAll asserts the EXACT visible set for user1 = {1,2,4,7,8}, with #3
  (other owner, unattached), #5 (other owner, inaccessible task) and #6
  (GHSA private fixture) explicitly absent — not just contains/not-contains.
- ReadOne: #3 forbidden (other owner, unattached); #6 forbidden (GHSA
  private); #4 ALLOWED (other owner but visible via an accessible task);
  #7 allowed (own, unattached); #8 allowed (own, only on inaccessible task).
- Update/Delete: #4 forbidden (GHSA-hj5c-mhh2-g7jq read-vs-write: readable
  but not writable by the non-owner); #3 forbidden; #6 forbidden.
- Create asserts hex-color normalization (#aabbcc -> aabbcc).

Keeps the existing ETag/304 and merge-patch subtests.
2026-06-03 19:38:57 +00:00
kolaente 21194e61b0 test(api/v2): Label round-trip, ETag, PATCH, error shapes
Seven integration tests covering the Label pilot:

- Create_Read_Update_Delete — full round-trip through POST/GET/PUT/
  DELETE, asserts body + status at each step.
- List_ReturnsItems — GET /labels, asserts items[] is non-empty and
  contains a known fixture; this is the regression catcher for the
  generic-any silent-empty trap the spike hit.
- ForbiddenErrorShape — user1 reading user13's private label returns
  403 problem+json with the RFC 9457 type/title/status/detail shape.
- ValidationErrorShape — POST with empty title fails Huma's
  minLength:1 check with 422 problem+json + structured per-field
  errors locating `title`.
- ETagReturns304 — first GET captures ETag, second GET with
  If-None-Match returns 304.
- PATCHMergePatch — AutoPatch-synthesised PATCH with partial
  application/merge-patch+json body updates one field and leaves
  the others untouched; a follow-up GET confirms preservation.
- OpenAPISpecDescribesAllFive — the unauthenticated
  /api/v2/openapi.json surfaces GET+POST on /labels and GET+PUT+
  DELETE on /labels/{id}.
2026-05-31 12:56:57 +00:00