pokemon/nuzlocke-tracker
1
1
Fork 0
Code Issues Pull Requests 10 Actions Packages Projects Releases Wiki Activity
Files
c5959cfd142b1512eb442bbdf84360a3ea4a2f36
nuzlocke-tracker/.beans/nuzlocke-tracker-i0rn--infer-genlocke-visibility-from-first-legs-run.md
Julian Tabel a4fa5bf1e4 feat: infer genlocke visibility from first leg's run 
Genlockes now inherit visibility from their first leg's run:
- Private runs make genlockes hidden from public listings
- All genlocke read endpoints now accept optional auth
- Returns 404 for private genlockes to non-owners

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-21 13:47:05 +01:00

2.5 KiB
Raw Blame History

title, status, type, created_at, updated_at
title status type created_at updated_at
Infer genlocke visibility from first leg's run completed feature 2026-03-21T12:46:56Z 2026-03-21T12:46:56Z

Problem

Genlockes are always public — they have no visibility setting. They should inherit visibility from their first leg's run, so if a user makes their run private, the genlocke is also hidden from public listings.

Approach

Rather than adding a visibility column to the genlockes table, infer it from the first leg's run at query time. This avoids sync issues and keeps the first leg's run as the source of truth.

Backend

  • list_genlockes endpoint: filter out genlockes whose first leg's run is private (unless the requesting user is the owner)
  • get_genlocke endpoint: return 404 if the first leg's run is private and the user is not the owner
  • Add optional auth (not required) to genlocke read endpoints to check ownership

Frontend

  • No changes needed — private genlockes simply won't appear in listings for non-owners

Files modified

  • backend/src/app/api/genlockes.py — add visibility filtering to all read endpoints

Checklist

  • Add get_current_user (optional auth) dependency to genlocke read endpoints
  • Filter private genlockes from list_genlockes for non-owners
  • Return 404 for private genlockes in get_genlocke for non-owners
  • Apply same filtering to graveyard, lineages, survivors, and retired-families endpoints
  • Test: private run's genlocke hidden from unauthenticated users
  • Test: owner can still see their private genlocke

Summary of Changes

  • Added _is_genlocke_visible() helper function to check visibility based on first leg's run
  • Added optional auth (get_current_user) to all genlocke read endpoints:
    • list_genlockes: filters out private genlockes for non-owners
    • get_genlocke: returns 404 for private genlockes to non-owners
    • get_genlocke_graveyard: returns 404 for private genlockes
    • get_genlocke_lineages: returns 404 for private genlockes
    • get_leg_survivors: returns 404 for private genlockes
    • get_retired_families: returns 404 for private genlockes
  • Added 9 new tests in TestGenlockeVisibility class covering:
    • Private genlockes hidden from unauthenticated list
    • Private genlockes visible to owner in list
    • 404 for all detail endpoints when accessed by unauthenticated users
    • 404 for private genlockes when accessed by different authenticated user
    • Owner can still access their private genlocke
Reference in New Issue View Git Blame Copy Permalink