senke/veza - Talas Project: Beyond coding. We Forge.

senke/veza

Fork 0

Commit graph

Author	SHA1	Message	Date
senke	1428adeefc	[BE-SEC-002] security: Fix ownership verification for track updates/deletes - Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT/DELETE /tracks/:id - Verified trackOwnerResolver correctly loads track from DB and returns user_id - Added comprehensive integration tests for ownership verification - Test: user cannot update another user's track (403 Forbidden) - Test: user cannot delete another user's track (403 Forbidden) - Test: admin can update any track (200 OK) - Test: admin can delete any track (200 OK) - Test: user can update own track (200 OK) - Test: user can delete own track (200 OK) - All tests pass Phase: PHASE-1 Priority: P0 Progress: 2/267 (0.7%)	2025-12-23 01:37:10 +01:00
senke	b6bdf82d2b	[BE-SEC-001] security: Fix ownership verification for user profile updates - Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT /users/:id - Added integration tests for ownership verification - Test: user cannot update another user's profile (403 Forbidden) - Test: admin can update any profile (200 OK) - Test: user can update own profile (200 OK) - All tests pass Phase: PHASE-1 Priority: P0 Progress: 1/267 (0.4%)	2025-12-23 01:36:04 +01:00

Author

SHA1

Message

Date

senke

1428adeefc

[BE-SEC-002] security: Fix ownership verification for track updates/deletes

- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT/DELETE /tracks/:id
- Verified trackOwnerResolver correctly loads track from DB and returns user_id
- Added comprehensive integration tests for ownership verification
- Test: user cannot update another user's track (403 Forbidden)
- Test: user cannot delete another user's track (403 Forbidden)
- Test: admin can update any track (200 OK)
- Test: admin can delete any track (200 OK)
- Test: user can update own track (200 OK)
- Test: user can delete own track (200 OK)
- All tests pass

Phase: PHASE-1
Priority: P0
Progress: 2/267 (0.7%)

2025-12-23 01:37:10 +01:00

senke

b6bdf82d2b

[BE-SEC-001] security: Fix ownership verification for user profile updates

- Verified RequireOwnershipOrAdmin middleware is correctly applied to PUT /users/:id
- Added integration tests for ownership verification
- Test: user cannot update another user's profile (403 Forbidden)
- Test: admin can update any profile (200 OK)
- Test: user can update own profile (200 OK)
- All tests pass

Phase: PHASE-1
Priority: P0
Progress: 1/267 (0.4%)

2025-12-23 01:36:04 +01:00

2 commits