discoman/python-tdd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
623 Commits 1 Branch 1 Tag
0f60c73f3bfee104bb5c939a0c98c5fbb9413685
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Disco DeDisco 0f60c73f3b
All checks were successful
ci/woodpecker/push/pyswiss Pipeline was successful
Details
ci/woodpecker/push/main Pipeline was successful
Details
fix: Token.PASS is now model-enforced as staff-only — Token.clean/save raise ValidationError when a non-staff user is the FK target. Staging bug 2026-05-21 — admin awarded a PASS to a non-admin via Django admin; row was created + showed in the user's wallet, but every game-side surface (gameboard, game-kit, gate-pad select_token, _select_my_sea_token) had always filtered PASS behind is_staff, so the token was unequippable + unusable. Five is_staff-gated PASS surfaces made PASS a deliberate staff-only trinket; the wallet was the lone outlier surfacing it. Bundled: wallet view (+ HTMX toggle partial) now gates pass_token behind is_staff mirroring the gameboard pattern — defense-in-depth in case any future bypass writes a stray row. TDD — new ITs: PassTokenStaffOnlyGuardTest (model raises for non-staff, accepts for staff, leaves other token types unaffected); WalletPassTokenVisibilityTest (3 cases pin wallet + HTMX gating); TokenAdminFormTest.test_pass_token_for_non_staff_user_is_invalid + test_pass_token_for_staff_user_is_valid. Adjusted 2 existing tests that incidentally exercised the now-blocked pattern (test_paid_draw_with_pass_does_not_consume, test_pass_token_is_not_consumed — both flip is_staff = True inline before Token.objects.create); dropped PASS from test_other_token_types_do_not_require_expires_at's loop (covered by the new dedicated tests). 1133 IT/UT green. A non-admin "boost-pass" variant lands as a distinct token_type later, NEVER by relaxing the staff gate — captured in [[feedback-pass-token-staff-only]] 
Code architected by Disco DeDisco <discodedisco@outlook.com>
Git commit message Co-Authored-By:
Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-21 00:35:55 -04:00
.woodpecker
CI: route test_game_my_sea*.py to test-FTs-room stage — 49 my-sea FTs DRY-reuse the room-shell hex + sea-cross picker (same Selenium surface as test_game_room_* + test_trinket_*), so they belong w. the heavy room flows instead of bloating test-FTs-non-room. Filename-regex partition stays clean (13 room + 24 non-room = 37 total, no overlap)
2026-05-20 13:20:23 -04:00
infra
pyswiss_url env var added to more places throughout ansible vault architecture; staging now has working astro wheel
2026-04-16 12:04:46 -04:00
pyswiss
natus wheel: Semisquare & Sesquiquadrate; Ott orb pair detection; intensity sort
2026-04-27 20:16:47 -04:00
src
fix: Token.PASS is now model-enforced as staff-only — Token.clean/save raise ValidationError when a non-staff user is the FK target. Staging bug 2026-05-21 — admin awarded a PASS to a non-admin via Django admin; row was created + showed in the user's wallet, but every game-side surface (gameboard, game-kit, gate-pad select_token, _select_my_sea_token) had always filtered PASS behind is_staff, so the token was unequippable + unusable. Five is_staff-gated PASS surfaces made PASS a deliberate staff-only trinket; the wallet was the lone outlier surfacing it. Bundled: wallet view (+ HTMX toggle partial) now gates pass_token behind is_staff mirroring the gameboard pattern — defense-in-depth in case any future bypass writes a stray row. TDD — new ITs: PassTokenStaffOnlyGuardTest (model raises for non-staff, accepts for staff, leaves other token types unaffected); WalletPassTokenVisibilityTest (3 cases pin wallet + HTMX gating); TokenAdminFormTest.test_pass_token_for_non_staff_user_is_invalid + test_pass_token_for_staff_user_is_valid. Adjusted 2 existing tests that incidentally exercised the now-blocked pattern (test_paid_draw_with_pass_does_not_consume, test_pass_token_is_not_consumed — both flip is_staff = True inline before Token.objects.create); dropped PASS from test_other_token_types_do_not_require_expires_at's loop (covered by the new dedicated tests). 1133 IT/UT green. A non-admin "boost-pass" variant lands as a distinct token_type later, NEVER by relaxing the staff gate — captured in [[feedback-pass-token-staff-only]]
2026-05-21 00:35:55 -04:00
.dockerignore
ignore .vscode/ in git & docker contexts; workspace tasks/settings are local-only (Windows paths + per-machine venv layout)
2026-05-04 18:17:54 -04:00
.gitattributes
added .gitattributes for real this time
2026-02-17 17:57:20 -05:00
.gitignore
ignore .vscode/ in git & docker contexts; workspace tasks/settings are local-only (Windows paths + per-machine venv layout)
2026-05-04 18:17:54 -04:00
ansible.cfg
Gitea repo init; Woodpecker pipeline init; much CI/CD structure outlined in ./infra, incl. docker-compose.yaml, cicd-playbook.yaml, new cicd vault, & config files for gitea, woodpecker & ansible
2026-02-10 21:16:00 -05:00
CLAUDE.md
rename natus → sky across the codebase — natal chart abstraction is now sky throughout, since chart inputs aren't birthday-gated
2026-05-04 20:36:15 -04:00
Dockerfile
Dockerfile updated to run uvicorn worker class to support asgi (was still gunicorn & wsgi)
2026-03-18 22:03:10 -04:00
Dockerfile.ci
Dockerfile.ci & debug-ci now build working container for CI test image
2026-02-10 22:42:45 -05:00
requirements.dev.txt
requirements: align dev w. prod — add celery, psycopg2-binary, redis to requirements.dev.txt (missing from the CI dev image's pre-installed set, which means the CI fallback pip install -r requirements.dev.txt step would not satisfy these prod runtime deps if the image lagged); bump requests 2.31.0 → 2.32.5 in requirements.txt to align w. the dev pin (eliminates the version-drift wedge where CI's dev-only install would silently downgrade-or-upgrade vs prod's pin)
2026-05-12 20:10:22 -04:00
requirements.txt
requirements: align dev w. prod — add celery, psycopg2-binary, redis to requirements.dev.txt (missing from the CI dev image's pre-installed set, which means the CI fallback pip install -r requirements.dev.txt step would not satisfy these prod runtime deps if the image lagged); bump requests 2.31.0 → 2.32.5 in requirements.txt to align w. the dev pin (eliminates the version-drift wedge where CI's dev-only install would silently downgrade-or-upgrade vs prod's pin)
2026-05-12 20:10:22 -04:00
requirements.wsl.txt
added wsl reqs
2026-01-13 20:58:25 -05:00
Description
No description provided
155 MiB
Languages
Python 45%
JavaScript 37.6%
HTML 9%
SCSS 8.2%
Jinja 0.1%