curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(05): add UAT, UI-SPEC, deferred items, debug notes; refine plans 09-11

Browse Source 
Plan refinements: Vitest tests added to 09/10 must-haves, explicit
mock_flow two-tuple pattern in 10, test_admin_api.py fixture usage in 11.
New artifacts: UAT checklist, UI-SPEC, deferred-items, debug investigation
for cloud-doc-operations-fail.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-05-30 11:57:54 +02:00
parent 34f012b4e8
commit 67edc19a36
7 changed files with 1115 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.planning/phases/05-cloud-storage-backends/05-11-PLAN.md
+13 -10
View File
@@ -8,7 +8,7 @@ files_modified:
- backend/api/admin.py
- frontend/src/api/client.js
- frontend/src/components/admin/AdminUsersTab.vue
- backend/tests/test_admin.py
- backend/tests/test_admin_api.py
autonomous: true
requirements: [ADMIN-02, SEC-09]
gap_closure: true
@@ -70,6 +70,11 @@ From services/auth.py (existing pattern from admin.py imports):
- `hash_password(plain: str) -> str`
- `verify_password(plain: str, hashed: str) -> bool` — uses pwdlib Argon2
From backend/tests/test_admin_api.py:
- `admin_client` fixture at line 71 returns `(client, admin, session)` tuple
- Admin user plaintext password: "AdminPass1!Secret"
- Use this fixture for all three new tests — do NOT recreate admin users manually
From frontend/src/components/admin/AdminUsersTab.vue (confirmDeactivate pattern to mirror):
- `confirmDeactivate = ref(null)` tracks which user ID is awaiting confirmation
- `startDeactivate(id)` sets confirmDeactivate = id
@@ -86,7 +91,7 @@ From frontend/src/api/client.js:
<task type="auto" tdd="true">
<name>Task 1: Backend — UserDeleteConfirm model + password verification in delete_user</name>
<files>backend/api/admin.py, backend/tests/test_admin.py</files>
<files>backend/api/admin.py, backend/tests/test_admin_api.py</files>
<behavior>
- DELETE /api/admin/users/{id} with correct admin_password in body returns 204 and user is deleted.
- DELETE /api/admin/users/{id} with wrong admin_password returns 403 {"detail": "Invalid admin password"} and user is NOT deleted.
@@ -117,15 +122,13 @@ From frontend/src/api/client.js:
```
5. All existing deletion logic (cloud purge, MinIO purge, audit log, session.delete) is unchanged.
In backend/tests/test_admin.py, add three tests:
1. `test_delete_user_correct_password` — create admin + regular user, call DELETE with correct admin password, assert 204, assert user no longer in GET /admin/users.
2. `test_delete_user_wrong_password` — same setup, call DELETE with wrong password, assert 403, assert user still in GET /admin/users (not deleted).
3. `test_delete_user_no_body` — call DELETE with no body (or empty body), assert 422.
Use the existing `_create_user_and_token(session, role="admin")` pattern from test_cloud.py (or the conftest admin_user fixture if available).
In backend/tests/test_admin_api.py, add three tests using the existing `admin_client` fixture (line 71, returns `(client, admin, session)`, admin password is "AdminPass1!Secret"):
1. `test_delete_user_correct_password` — use admin_client fixture, create a regular user, call DELETE with `{"admin_password": "AdminPass1!Secret"}`, assert 204, assert user no longer in GET /admin/users.
2. `test_delete_user_wrong_password` — same setup, call DELETE with `{"admin_password": "WrongPass!"}`, assert 403, assert user still in GET /admin/users (not deleted).
3. `test_delete_user_no_body` — call DELETE with no body (or empty body {}), assert 422.
</action>
<verify>
<automated>cd /Users/nik/Documents/Progamming/document_scanner/backend && python -m pytest tests/test_admin.py::test_delete_user_correct_password tests/test_admin.py::test_delete_user_wrong_password tests/test_admin.py::test_delete_user_no_body -v</automated>
<automated>cd /Users/nik/Documents/Progamming/document_scanner/backend && python -m pytest tests/test_admin_api.py::test_delete_user_correct_password tests/test_admin_api.py::test_delete_user_wrong_password tests/test_admin_api.py::test_delete_user_no_body -v</automated>
</verify>
<done>Three tests pass. Delete with correct password returns 204. Delete with wrong password returns 403 and user survives. Delete with no body returns 422.</done>
</task>
@@ -241,7 +244,7 @@ From frontend/src/api/client.js:
<verification>
After both tasks complete:
- `pytest backend/tests/test_admin.py::test_delete_user_correct_password backend/tests/test_admin.py::test_delete_user_wrong_password backend/tests/test_admin.py::test_delete_user_no_body -v`
- `pytest backend/tests/test_admin_api.py::test_delete_user_correct_password backend/tests/test_admin_api.py::test_delete_user_wrong_password backend/tests/test_admin_api.py::test_delete_user_no_body -v`
- `npm run build` — zero errors
- Full pytest suite: `pytest -v` — zero new failures
- Manual: open Admin panel → Users tab, confirm Delete button visible per user row