safe-global / safe-client-gateway / 26167723906 / 1
90%
main: 90%

DEFAULT BRANCH: main
Ran
Files 2275
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 78.381% (-0.05%) from 78.435%
26167723906.1

push

github

web-flow 
refactor(members): lift admin check from MembersRepository to MembersService (#3095)

* refactor(members): extract findActiveAdmin on MembersRepository

Pull the inline active-admin lookup inside inviteUsers into a public
method on MembersRepository. Pure refactor — inviteUsers still throws
on non-admin caller and behavior is unchanged.

Preparation for lifting the admin check out of the repository and into
MembersService in subsequent commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor(members): move admin check from MembersRepository to MembersService

Lift the active-admin gate from MembersRepository.inviteUsers into the
application layer. The repository is no longer responsible for the
authentication assertion either — both checks now run at the service
entry point.

- MembersService.inviteUser calls getAuthenticatedUserIdOrFail and
  findActiveAdmin, throwing ForbiddenException when no active admin
  membership is found.
- A TODO on inviteUsers signals the next cleanup step: drop authPayload
  and accept invitedBy as a parameter.

Test-suite updates that mirror this move follow in subsequent commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* refactor(members): extract assertActiveAdmin helper on MembersService

Pull the authenticated-user + active-admin check out of inviteUser
into a small private assertActiveAdmin helper, so subsequent route
methods on MembersService that need the same gate can call it
directly. No behavior change.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(members): move not-authenticated case to MembersService spec

Same coverage, new home: the unauthenticated rejection now lives on
the service spec, since the auth assertion moved up with the admin
guard in the preceding prod commits.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* test(members): move not-an-admin case to MembersService + findActive... (continued)

3123 of 5319 branches covered (58.71%)

Branch coverage included in aggregate %.

28187 of 34627 relevant lines covered (81.4%)

247.17 hits per line

Source Files on job run-integration-tests - 26167723906.1