Skip to content

feat(person): admin account-level endpoint (#33)#147

Merged
themightychris merged 1 commit into
developfrom
feat/person-account-level
Jun 30, 2026
Merged

feat(person): admin account-level endpoint (#33)#147
themightychris merged 1 commit into
developfrom
feat/person-account-level

Conversation

@themightychris

Copy link
Copy Markdown
Member

Implements #33POST /api/people/:slug/account-level (administrator-only), the sibling admin verb to the deactivate/reactivate/purge work.

What

  • The only path to change accountLevel — a dedicated, audit-logged endpoint, not a field on the generic PATCH — so privilege changes are explicit.
  • Last-administrator guard: refuses to demote the sole administrator (→ 422), preventing a lock-out.
  • Audit trail: commit carries Action: account-level.change + Previous-Account-Level / New-Account-Level trailers.
  • Idempotent no-op when the level is unchanged.

Spec

specs/api/people.md — promoted from a deferred stub to a full section (request/response/audit/guard/errors). Corrected the bad-body error from 400 to 422 to match this app's schema-validation mapping (the test caught it).

Tests (10)

authz matrix (401/403×2/200), invalid level → 422, promote/demote reflected, idempotent no-op, last-admin self-demotion → 422, demote-with-second-admin → 200, and the audit-trail trailers (asserted against the bare repo's HEAD commit). type-check + lint clean; people suites 24/24.

Closes #33

🤖 Generated with Claude Code

POST /api/people/:slug/account-level — administrator-only, the sole path
for changing accountLevel (never via the generic PATCH), so the privilege
change is explicit and audit-logged.

- Write service setAccountLevel: requireAuth('administrator'); idempotent
  no-op when unchanged; last-administrator guard (refuse to demote the only
  administrator → 422, prevents lock-out).
- Route sets Action: account-level.change + Previous-Account-Level /
  New-Account-Level audit trailers; returns the updated person (200).
- Spec promoted from a deferred stub to a full section. Corrected the
  bad-body error to 422 (this app maps Fastify schema-validation errors to
  422, not 400) — caught by the test.

Tests (10): authz matrix, invalid level, promote/demote, idempotent no-op,
last-admin 422, demote-with-second-admin, and the audit-trail trailers.
type-check + lint clean; people suites 24/24.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@themightychris themightychris merged commit 23f3522 into develop Jun 30, 2026
1 check passed
@themightychris themightychris deleted the feat/person-account-level branch June 30, 2026 00:53
@themightychris themightychris mentioned this pull request Jun 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

write-api: implement POST /api/people/:slug/account-level (administrator-only)

1 participant