test: add tests for PermissionMatrixService #31

Open

Charon wants to merge 2 commits from feat/test-permission-matrix-service into dev

pull from: feat/test-permission-matrix-service

merge into: core:dev

core:dev

core:feat/test-stripe-webhooks

core:feat/docs-and-provisioning

core:feat/test-warehouse-service

core:feat/test-product-catalog-service

core:feat/test-invoice-service

core:feat/test-referral-service

core:feat/test-payment-method-service

core:feat/validate-billing-address

core:feat/test-usage-billing-service

core:feat/csrf-billing-endpoints

core:main

Conversation 0 Commits 2 Files changed 2 +869 -12

2 commits

Author	SHA1	Message	Date
Claude	6bb546be77	test: add comprehensive tests for PermissionMatrixService ... Cover permission checks (can), top-down immutable hierarchy cascade, lock/unlock, setPermission, train, getPermissions/getEffective, gateRequest (strict/non-strict/default_allow), training mode, pending requests workflow, and PermissionResult value object. Fixes #10 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 16:34:21 +00:00
Claude	5bce748a0f	security: add CSRF protection to API billing endpoints ... - Add `verified` middleware to billing route group so only email-verified users can access billing endpoints - Separate read-only GET routes from state-changing POST routes - Add `throttle:6,1` rate limiting to state-changing endpoints (cancel, resume, upgrade/preview, upgrade) — 6 requests per minute - Reorganise route group with clear section comments Fixes #13 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 16:19:30 +00:00