feat(api): RequireAuth+RequireProjectAccess middleware, IDOR-scope check/apply по projectID

This commit is contained in:
2026-07-03 20:47:40 +07:00
parent 35ffe73ae3
commit 4533b0ca25
16 changed files with 498 additions and 143 deletions
+2 -2
View File
@@ -40,7 +40,7 @@ func TestLoadDomainAndSaveCheckRun(t *testing.T) {
t.Fatal(err)
}
ref, err := s.LoadDomain(ctx, domain.ID)
ref, err := s.LoadDomain(ctx, defaultProject, domain.ID)
if err != nil {
t.Fatal(err)
}
@@ -87,7 +87,7 @@ func TestLoadDomainNoTemplate(t *testing.T) {
t.Fatal(err)
}
if _, err := s.LoadDomain(ctx, domain.ID); err == nil {
if _, err := s.LoadDomain(ctx, defaultProject, domain.ID); err == nil {
t.Fatal("expected error for domain without template, got nil")
}
}