feat(admin): THI-347 — supprimer un ticket support + fix THI-334 (delete policies)#374
Merged
Merged
Conversation
…I-334 root cause
Volet 3 of THI-347 (panel management completeness) + root-cause fix for THI-334
(integration tests polluting prod).
Backend (migration 033):
- migration 029 already had a `super_admin delete all` DELETE policy + grant, but
there was NO `user delete own` policy. Add it. RLS OR-combines the two:
- user delete own → unblocks the support integration tests' afterAll teardown
(student deletes its own rows; was silently failing → THI-334 pollution) AND
gives users the RGPD Art.17 right to erase their own reports.
- super_admin delete all → triage purge (already present, kept).
- Idempotent (drop-if-exists) so it re-applies cleanly. anon stays revoked.
Frontend:
- useSupportTickets: deleteTicket(id) — optimistic removal, 42501/PGRST301 → FR error.
- SupportTicketsSection: per-ticket "Supprimer" with a two-step inline confirm
(no native dialog). super_admin can now purge spam/obsolete/test rows from the UI.
Tests:
- hook: deleteTicket success (optimistic) + RLS-denial mapping.
- UI: two-step confirm calls deleteTicket; cancel does not.
- integration: inverted the obsolete "student cannot delete" → "student CAN delete
own" (033) + NEW isolation test (a non-owner non-admin gets 0 rows). 16/16, the
teardown now purges → no more test-row pollution.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
There was a problem hiding this comment.
Sorry @thierryvm, you have reached your weekly rate limit of 500000 diff characters.
Please try again later or upgrade to continue using Sourcery
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
…ader (THI-347) - ui-auditor W1: aria-label on the "Annuler" button (context for screen readers, consistent with the two other confirm buttons). Test name matcher updated. - supabase-backend-auditor MEDIUM: the 033 header comment was factually wrong (said "028 no DELETE policy") — migration 029 already had super_admin-delete-all + grant; 033's only NEW policy is user-delete-own. Corrected the docstring. Voie A: delete end-to-end verified (super_admin, demo ticket removed UI+DB, real ticket intact). 28/28 tests, type-check + lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…THI-347) - isMountedRef gates setState in updateStatus + deleteTicket so a mutation resolving after unmount (navigation away mid-flight) can't touch a dead instance — same pattern already used by ScreenshotViewer in this file. - cross-guard: updateStatus bails if a delete is in flight and vice versa, so an UPDATE can't commit on a row a concurrent DELETE removed (super_admin UI). 90 support/admin tests pass, type-check + lint clean. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
THI-347 volet 3 — Supprimer un ticket support (+ fix THI-334 racine)
Le panneau admin pouvait filtrer/changer le statut d'un ticket mais pas le supprimer (les tickets de test ne se purgeaient que par SQL → THI-334). Cette PR ajoute la suppression et fixe THI-334 à la racine.
Backend (migration 033, déjà appliquée prod)
super_admin delete all. Il manquaituser delete own→ je l'ajoute. RLS OR-combine :user delete own(user_id = auth.uid()) → débloque le teardown des tests d'intégration (le student supprimait ses lignes enafterAll, ça échouait silencieusement = THI-334) + droit RGPD Art. 17 (un user efface ses propres signalements).super_admin delete all→ purge triage (déjà présent).anonreste revoqué.Frontend
useSupportTickets.deleteTicket(id)— retrait optimiste, 42501/PGRST301 → message FR.SupportTicketsSection: bouton Supprimer par ticket, confirmation inline 2 étapes (pas de dialog natif). super_admin purge spam/obsolète/test.Tests
Gates
supabase-backend-auditor(policy DELETE) +ui-auditor(bouton) +feature-dev:code-revieweren cours + Voie A super_admin à suivre.Closes THI-334 (root cause). THI-347 volet 3.
🤖 Generated with Claude Code