safe-global / safe-client-gateway / 26231858106
90%
main: 90%

LAST BUILD BRANCH: fix/relay-fee-relayer-safetxhash
DEFAULT BRANCH: main
Ran
Jobs 2
Files 1184
Run time 6min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 89.731% (+0.04%) from 89.695%
26231858106

push

github

web-flow 
refactor(members): lift admin check from MembersRepository to MembersService (#3095)

* refactor(members): extract findActiveAdmin on MembersRepository

Pull the inline active-admin lookup inside inviteUsers into a public
method on MembersRepository. Pure refactor — inviteUsers still throws
on non-admin caller and behavior is unchanged.

Preparation for lifting the admin check out of the repository and into
MembersService in subsequent commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor(members): move admin check from MembersRepository to MembersService

Lift the active-admin gate from MembersRepository.inviteUsers into the
application layer. The repository is no longer responsible for the
authentication assertion either — both checks now run at the service
entry point.

- MembersService.inviteUser calls getAuthenticatedUserIdOrFail and
  findActiveAdmin, throwing ForbiddenException when no active admin
  membership is found.
- A TODO on inviteUsers signals the next cleanup step: drop authPayload
  and accept invitedBy as a parameter.

Test-suite updates that mirror this move follow in subsequent commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor(members): extract assertActiveAdmin helper on MembersService

Pull the authenticated-user + active-admin check out of inviteUser
into a small private assertActiveAdmin helper, so subsequent route
methods on MembersService that need the same gate can call it
directly. No behavior change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(members): move not-authenticated case to MembersService spec

Same coverage, new home: the unauthenticated rejection now lives on
the service spec, since the auth assertion moved up with the admin
guard in the preceding prod commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(members): move not-an-admin case to MembersService + findActive... (continued)

4222 of 5078 branches covered (83.14%)

Branch coverage included in aggregate %.

9 of 9 new or added lines in 2 files covered. (100.0%)

16120 of 17592 relevant lines covered (91.63%)

605.13 hits per line

Jobs
ID Job ID Ran Files Coverage
1 run-integration-tests - 26231858106.1 2275
78.39
 GitHub Action Run
2 run-unit-tests - 26231858106.2 2076
57.43
 GitHub Action Run
Source Files on build 26231858106