fix(cli): gate hf project create on project.create (was project.write)
surface.go declared project/create as Permitted: has(perms, "project.write"), but the backend now (and the user-facing role editor's intent) uses `project.create` as the dedicated create gate. Switching CLI and backend to agree on the same perm so a role granted just `project.create` (e.g. mgr in the new seed) can run `hf project create` without needing the broader project.write. Companion change to HarborForge.Backend@HEAD which adds project.create to DEFAULT_PERMISSIONS, gives it to mgr by default, and rewrites the POST /projects gate to consult it. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -76,7 +76,7 @@ func CommandSurface() []Group {
|
|||||||
SubCommands: []Command{
|
SubCommands: []Command{
|
||||||
{Name: "list", Description: "List projects", Permitted: has(perms, "project.read")},
|
{Name: "list", Description: "List projects", Permitted: has(perms, "project.read")},
|
||||||
{Name: "get", Description: "Show a project by code", Permitted: has(perms, "project.read")},
|
{Name: "get", Description: "Show a project by code", Permitted: has(perms, "project.read")},
|
||||||
{Name: "create", Description: "Create a project", Permitted: has(perms, "project.write")},
|
{Name: "create", Description: "Create a project", Permitted: has(perms, "project.create")},
|
||||||
{Name: "update", Description: "Update a project", Permitted: has(perms, "project.write")},
|
{Name: "update", Description: "Update a project", Permitted: has(perms, "project.write")},
|
||||||
{Name: "delete", Description: "Delete a project", Permitted: has(perms, "project.delete")},
|
{Name: "delete", Description: "Delete a project", Permitted: has(perms, "project.delete")},
|
||||||
{Name: "members", Description: "List project members", Permitted: has(perms, "project.read")},
|
{Name: "members", Description: "List project members", Permitted: has(perms, "project.read")},
|
||||||
|
|||||||
Reference in New Issue
Block a user