fix(api): enforce requireSuperUser on settings PATCH and fix dev-mode auth bypass #206
@@ -289,7 +289,6 @@ describe("requireSuperUser", () => {
|
|||||||
});
|
});
|
||||||
|
|
||||||
it("returns 403 when staff record is not resolved", async () => {
|
it("returns 403 when staff record is not resolved", async () => {
|
||||||
const app = buildWithStaff(MANAGER, requireSuperUser());
|
|
||||||
// Manually remove staff from context to simulate unresolved staff
|
// Manually remove staff from context to simulate unresolved staff
|
||||||
const testApp = new Hono<AppEnv>();
|
const testApp = new Hono<AppEnv>();
|
||||||
testApp.use("*", async (c, next) => {
|
testApp.use("*", async (c, next) => {
|
||||||
|
|||||||
Reference in New Issue
Block a user