ZDDC
7c0b66590c
When a user lacks permission, the app should (a) not let them do data entry it
will reject and (b) subtly say who can. General mechanism + the key gates.
Server — compute & expose "who can <verb> here":
- zddc.WhoCan(chain, verb) → Authority{Roles, People}: the acl.permissions
grantees holding the verb across the cascade (roles + their members) plus the
admins (who bypass). New whocan.go + whocan_test.go.
- AccessView gains path_who_can (profilehandler.go), populated only for verbs the
caller LACKS and only when they can read the path (mirrors .zddc readability),
so one cap.at() answers "can I?" and "if not, who?".
- writeForbiddenWho enriches the 403 body with who_can for the missing verb
(errors.go); authorizeAction uses it (fileapi.go) as the safety net for denials
that weren't pre-checked.
Shared — shared/cap.js:
- cap.whoCan(view, verb) + cap.denyHint(view, verb) → {text, title}, role-first
("Only the document controller can create here") with the people in the tooltip.
- handleForbidden appends the hint (from the 403 body, else the cached view), so
every tool that already routes 403s through it (form save, tables save, browse)
now explains who can — for free.
Key gates:
- Browse party-create (the reported bug): pre-check create authority on ssr/ and
the slot BEFORE opening the picker — if the user can do neither, show the hint
instead of the form; if only existing parties are usable, disable "+ New party"
with the who-can hint. The post-hoc 403 catch now names who can too.
- Tables +Add row disabled state shows the who-can hint.
Plus: subtle /_apps/{browse,archive,classifier}.html links in the landing footer.
Tests: Go WhoCan unit test (role/person split, admin bypass, dedupe); cap.spec.js
(denyHint role-first/people/fallback, whoCan, handleForbidden enrichment) — 5
green; Go handler+zddc+policy suites green. (Pre-existing stale browse toolbar
test browse.spec.js:274 unaffected.)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
137 lines
3.3 KiB
JavaScript
137 lines
3.3 KiB
JavaScript
import { defineConfig } from '@playwright/test';
|
|
|
|
export default defineConfig({
|
|
testDir: './tests',
|
|
// tokens.spec.js builds the Go binary on first run via podman + waits
|
|
// for the spawned master to listen — both can take longer than the
|
|
// default 30s on a cold cache. Other specs are file:// driven and
|
|
// unaffected by this bump.
|
|
timeout: 60000,
|
|
retries: 0,
|
|
reporter: [['line'], ['html', { open: 'never' }]],
|
|
|
|
use: {
|
|
// Chromium only -- File System Access API requires it,
|
|
// and the ZDDC tools target "any modern Chromium-based browser"
|
|
browserName: 'chromium',
|
|
screenshot: 'only-on-failure',
|
|
trace: 'retain-on-failure',
|
|
},
|
|
|
|
projects: [
|
|
{
|
|
name: 'archive',
|
|
testMatch: 'archive.spec.js',
|
|
},
|
|
{
|
|
name: 'archive-cascade',
|
|
testMatch: 'archive-cascade.spec.js',
|
|
},
|
|
{
|
|
name: 'landing',
|
|
testMatch: 'landing.spec.js',
|
|
},
|
|
{
|
|
name: 'transmittal',
|
|
testMatch: 'transmittal.spec.js',
|
|
},
|
|
{
|
|
name: 'transmittal-init',
|
|
testMatch: 'transmittal-init-check.spec.js',
|
|
},
|
|
{
|
|
name: 'transmittal-drag-drop',
|
|
testMatch: 'transmittal-drag-drop.spec.js',
|
|
},
|
|
{
|
|
name: 'transmittal-validation',
|
|
testMatch: 'transmittal-validation.spec.js',
|
|
},
|
|
{
|
|
name: 'classifier',
|
|
testMatch: 'classifier.spec.js',
|
|
},
|
|
{
|
|
name: 'classify',
|
|
testMatch: 'classify.spec.js',
|
|
},
|
|
{
|
|
name: 'browse',
|
|
testMatch: 'browse.spec.js',
|
|
},
|
|
{
|
|
name: 'conflict',
|
|
testMatch: 'conflict.spec.js',
|
|
},
|
|
{
|
|
name: 'zddc-source',
|
|
testMatch: 'zddc-source.spec.js',
|
|
},
|
|
{
|
|
name: 'toast',
|
|
testMatch: 'toast.spec.js',
|
|
},
|
|
{
|
|
name: 'nav',
|
|
testMatch: 'nav.spec.js',
|
|
},
|
|
{
|
|
name: 'logo',
|
|
testMatch: 'logo.spec.js',
|
|
},
|
|
{
|
|
name: 'zddc',
|
|
testMatch: 'zddc.spec.js',
|
|
},
|
|
{
|
|
name: 'diff',
|
|
testMatch: 'diff.spec.js',
|
|
},
|
|
{
|
|
name: 'form-safety',
|
|
testMatch: 'form-safety.spec.js',
|
|
},
|
|
{
|
|
name: 'tables',
|
|
testMatch: 'tables.spec.js',
|
|
},
|
|
{
|
|
name: 'cap',
|
|
testMatch: 'cap.spec.js',
|
|
},
|
|
{
|
|
name: 'tables-mdl',
|
|
testMatch: 'tables-mdl.spec.js',
|
|
},
|
|
{
|
|
name: 'zddc-filter',
|
|
testMatch: 'zddc-filter.spec.js',
|
|
},
|
|
{
|
|
name: 'build-label',
|
|
testMatch: 'build-label.spec.js',
|
|
},
|
|
{
|
|
name: 'schema',
|
|
testMatch: 'schema.spec.js',
|
|
},
|
|
{
|
|
// Server-backed: starts a real zddc-server master via
|
|
// tests/lib/server.mjs (which builds the binary on first run
|
|
// through the canonical podman/zddc-go:1.24 invocation), drives
|
|
// Chromium against http://127.0.0.1:<port>/.tokens, exercises
|
|
// create/list/revoke + bearer round-trip + cross-user 404 +
|
|
// XSS-guard. The binary build is cached at zddc/dist/zddc-server-
|
|
// test and invalidated by a hash of cmd/+internal/+go.{mod,sum}
|
|
// so a second run only takes the master-startup time (~1s).
|
|
// First run takes ~30s for the build.
|
|
//
|
|
// The lifecycle is per-spec via beforeAll/afterAll — Playwright's
|
|
// top-level webServer hook would fire for every project, including
|
|
// the file://-driven tool tests that don't need the server.
|
|
name: 'tokens',
|
|
testMatch: 'tokens.spec.js',
|
|
},
|
|
],
|
|
});
|
|
|