feat(manager-core,picloud): expose instance_role + email on /auth/me

Login and /auth/me now return the same shape — id, username, instance_role, email — so the dashboard can gate UI on role from either the login response or the layout's me() refetch without an extra round-trip. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-27 07:39:06 +02:00
parent 2aab92af31
commit 3688c26cb4
2 changed files with 47 additions and 6 deletions
--- a/crates/picloud/tests/api.rs
+++ b/crates/picloud/tests/api.rs
@@ -93,6 +93,27 @@ async fn healthz_responds_ok(pool: PgPool) {
    assert_eq!(r.text(), "ok");
 }

+// ============================================================================
+// Auth
+// ============================================================================
+
+#[ignore = "needs DATABASE_URL pointing at a running Postgres"]
+#[sqlx::test(migrations = "../manager-core/migrations")]
+async fn auth_me_returns_principal_with_role_and_email(pool: PgPool) {
+    let s = server(pool).await;
+    let r = s.get("/api/v1/admin/auth/me").await;
+    r.assert_status_ok();
+    let body: Value = r.json();
+    assert_eq!(body["username"], "test-admin");
+    assert_eq!(body["instance_role"], "owner");
+    // Seeded admin has no email — must round-trip as null, not be missing.
+    assert!(
+        body.get("email").map(Value::is_null).unwrap_or(false),
+        "email should be present and null, got: {body}"
+    );
+    assert!(body["id"].as_str().is_some());
+}
+
 // ============================================================================
 // Script CRUD
 // ============================================================================