ffc4062eba
- Add path exemption in TenantValidationMiddleware for /api/clubs/me - Change authorization policy from RequireMember to RequireViewer - Fix KEYCLOAK_CLIENT_ID in docker-compose.yml (workclub-app not workclub-api) - Endpoint now works without X-Tenant-Id header as intended - Other endpoints still protected by tenant validation This fixes the chicken-and-egg problem where frontend needs to call /api/clubs/me to discover available clubs before selecting a tenant.
16 lines
459 B
Markdown
16 lines
459 B
Markdown
# Phase 3: API CRUD Scenarios (19-35)
|
|
|
|
## Test Environment
|
|
- Date: 2026-03-05
|
|
- API: http://127.0.0.1:5001
|
|
- Tenant Tennis: 64e05b5e-ef45-81d7-f2e8-3d14bd197383 (11 tasks, 15 shifts)
|
|
- Tenant Cycling: 3b4afcfa-1352-8fc7-b497-8ab52a0d5fda (3 tasks, unknown shifts)
|
|
- Test User: admin@test.com (has both clubs)
|
|
|
|
---
|
|
|
|
## Scenario 19: POST /api/tasks - Create Task
|
|
|
|
**Test**: Create new task in Tennis Club
|
|
**Expected**: HTTP 201, task created and persists
|