curo1305
d345ace86d
- Fix doc-service delete endpoint: admins could not delete non-owned, non-shared documents — they hit 404 because the initial query filtered by owner/watch/group even before the is_admin bypass was checked. Admins now get an unconditional fetch, consistent with intent. - Add 18 new checklist tests covering: group admin role (4.9–4.10), delete permission variants (12.16b–12.16e), can_delete sharing (13.11–13.14), category scopes / PascalCase naming (14.7–14.17), and three-dots portal fix (19.11). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
977 B
977 B
2026-04-19 — Merge checklist update + admin delete bug fix
Timestamp: 2026-04-19T00:15:00Z
Summary
Updated tests/MERGE_CHECKLIST.md with all new tests for the two recently merged features (document delete permissions and category scopes / group-admin role). While running the new test 12.16b, discovered and fixed a bug where the doc-service delete endpoint returned 404 for admins deleting non-owned documents.
Files Added / Modified / Deleted
- Modified
tests/MERGE_CHECKLIST.md— added 18 new tests: 4.9–4.10 (group admin role), 12.16b–12.16e (delete permissions), 13.11–13.14 (can_delete sharing), 14.7–14.17 (category scopes, PascalCase naming), 19.11 (three-dots portal fix); updated 12.16 and 14.5 descriptions - Modified
features/doc-service/app/routers/documents.py— fixeddelete_documentto bypass group-membership filter for admins; previously admins got 404 on any document they didn't own or that wasn't a watch doc