thread-master/docs/product/haixun-backend/tasks/T115-permission-middleware.md

1.4 KiB
Raw Permalink Blame History

T115 — permission-middleware

Status: done
Milestone: M1
Kind: feat
Est. change: ~140 lines (target 100200)

Goal

完成後系統應Auth + Admin middleware非 admin 擋 admin API跨 uid 私有資源拒絕

Depends on

  • T111

Inputs

  • 讀取 / 依賴:
    • AU-1214 AD-13
    • Specdocs/product/haixun-backend/spec.md§9AU-12 AU-13 AU-14 AD-13
    • 對照:docs/product/haixun-backend/fe-spec-alignment.mdUI MUST
    • 後端根:apps/backend
    • Remove本 task 禁止實作): 舊靈感 list/viral/bookmark/spark/searchTrendsgenerateFromFormulaScoutTopic CRUDlive 以 simulatecreateMock 當完成Insights 真管線P2

Outputs

程式變更(預期路徑)

路徑 動作 說明
apps/backend/internal/**/middleware/** add/edit AuthAdmin

行為變更

  • 權限失敗可讀

API / 契約(若有)

測試交付(強制)

  • TestAU_12_MemberDeniedAdmin

Out of scope

Acceptance

  • SpecUI MUST 覆蓋:AU-12 AU-13 AU-14 AD-13
  • 每個相關 §9 ID 有可 grep 的 case 名(TestXX_01_… 或完整覆蓋在里程碑 test task
  • 未實作不回 102000+空 data
  • 指令:
cd apps/backend && go test ./internal/.../middleware/... -count=1

Notes