curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(06.2-02): complete SHARE-05 + SHARE-03 gap closure — 12 tests pass

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-05-31 15:07:26 +02:00
parent 3cc4a5335d
commit e812922a26
1 changed files with 66 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.planning/phases/06.2-close-v1-sharing-cloud-delete-csv-export-gaps/06.2-02-SUMMARY.md
+66
View File
@@ -0,0 +1,66 @@
---
plan: "06.2-02"
phase: "06.2"
status: complete
started: "2026-05-31"
completed: "2026-05-31"
requirements:
- SHARE-03
- SHARE-05
---
# Plan 06.2-02 Summary — SHARE-05 + SHARE-03 Gap Closure
## What Was Built
Closed two open v1 requirements in a single vertical slice:
- **SHARE-05 (badge bug):** DocumentCard.vue fixed — `Shared` pill now reads `doc.is_shared` (boolean from backend) instead of `doc.share_count > 0` (field that doesn't exist in API response).
- **SHARE-03 (no permission control):** End-to-end permission flow wired from creation through editing.
### Backend (Task 1)
- `ShareCreate` model gained `permission: str = "view"` with `field_validator` enforcing `{"view", "edit"}`.
- `SharePermissionPatch` model added (same validator).
- `grant_share()` handler updated from hardcoded `permission="view"` to `permission=body.permission`.
- New `PATCH /api/shares/{share_id}` endpoint added (placed before DELETE per route-ordering convention). IDOR protection mirrors `revoke_share` exactly: 404 on owner mismatch to prevent enumeration.
- 3 xfail stubs from Plan 06.2-01 promoted to real tests.
### Frontend (Task 2)
- **DocumentCard.vue:** one-line fix — `v-if="doc.share_count > 0"``v-if="doc.is_shared"`.
- **ShareModal.vue:** permission `<select>` (`Can view` / `Can edit`) inserted between handle input and submit button; defaults to "view"; resets after successful share.
- **ShareModal.vue:** static "view" span replaced with View/Edit toggle group per share row — optimistic update with rollback on error; in-flight state tracked via `updatingPermission` Set.
- **documents.js:** `shareDocument` updated to accept `permission` param; `updateSharePermission(shareId, permission)` action added.
- **api/client.js:** `createShare` passes `permission` in POST body; `updateSharePermission` PATCH helper added.
## Test Results
```
backend/tests/test_shares.py — 12 passed, 0 failed, 0 xfailed
```
All pre-existing share tests pass. 3 promoted stubs now pass as real integration tests.
## Key Files
### Created
- (no new files)
### Modified
- `backend/api/shares.py` — permission field, SharePermissionPatch model, PATCH endpoint
- `backend/tests/test_shares.py` — 3 xfail stubs promoted to real tests
- `frontend/src/components/documents/DocumentCard.vue` — is_shared badge fix
- `frontend/src/components/sharing/ShareModal.vue` — permission dropdown + View/Edit toggle
- `frontend/src/stores/documents.js` — shareDocument signature + updateSharePermission action
- `frontend/src/api/client.js` — createShare body + updateSharePermission helper
## Self-Check: PASSED
- [x] POST /api/shares with permission="edit" stores "edit" — confirmed by test_share_create_with_permission
- [x] PATCH /api/shares/{id} changes permission — confirmed by test_share_patch_permission
- [x] PATCH by wrong owner returns 404 — confirmed by test_share_patch_idor
- [x] DocumentCard reads doc.is_shared (not doc.share_count)
- [x] ShareModal has permission dropdown with "Permission level" aria-label
- [x] ShareModal share rows have View/Edit toggle with handlePermissionChange
- [x] 12 tests pass, 0 fail