The UAT seed creates the uat-groomer@groombook.dev Better Auth account
(staffId 00000000-0000-0000-0000-000000000004) but no appointments, so
GET /api/pets?groomer=me returns [] and GET /api/pets/{anyId}/profile-summary
returns 404. This makes GRO-1987 TC-UAT-2/3 (RBAC tests for the
profile-summary endpoint) un-runnable.
This is the seed-side counterpart of GRO-1983 (stale password hashes):
that was the credential row, this is the linkage row.
Fix: add seedUatGroomerLinkage() called from seedUatStaffAccounts(), so
both the full seed() path and the seedKnownUsers() path (prod reset
CronJob with SEED_KNOWN_USERS_ONLY=true) produce a deterministic
completed appointment linking the UAT groomer to UAT Pup Alpha
(c0000001-0000-0000-0000-000000000002). UAT Pup Beta is intentionally
left UNLINKED so TC-UAT-3 can verify the 403 forbidden response.
The deterministic appointment id (a0000001-0000-0000-0000-000000000001)
makes the function idempotent: re-running the seed (hourly via the
reset-demo-data CronJob) is a no-op once the row exists.
Verification (after the next 17:00 reset):
- GET /api/pets/{c0000001-0000-0000-0000-000000000002}/profile-summary
as uat-groomer → 200 with recentGroomingHistory/visitCount/upcomingAppointment
- GET /api/pets/{c0000001-0000-0000-0000-000000000003}/profile-summary
as uat-groomer → 403
If the unlinked-pet case returns 404 instead of 403, that is a
separate RBAC defect — file against the api repo, not the seed.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Paperclip
8fb6c9375b