feat(tradein/auth): expire praktika trial access + trial-ended screen (contact Artem) #1977
No reviewers
Labels
No labels
admin
analytics
auth
automation
bug
business
chore
ci
compliance
data
data-moat
docs
duplicate
dx
enhancement
Fable 5 ревью
feedback/max
generative
GG-форсайт
needs-discussion
needs-human
observability
pause-bots
performance
priority/p0
priority/p1
priority/p2
priority/p3
scope/backend
scope/db
scope/devops
scope/frontend
scope/qa
scrapers
security
site-finder
stage/1
stage/2
status/blocked
status/done
status/needs-analysis
status/needs-fix
status/qa
status/ready
status/review
status/wip
tech-debt
tradein
ux
week ревью 1
wontfix
вторичка
ИРД
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lekss361/gendesign#1977
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "feat/tradein-praktika-trial-ended"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Revoke the
praktikapilot trial account's access to the Мера (trade-in) section and show it a dedicated "пробный доступ закончился → contact Артём Копылов" screen. Soft block at the app layer — praktika keeps Caddy basic-auth so it still reaches the frontend and sees the message (rather than a raw browser 401). Onlypraktikais cut;kopylov(= Артём Копылов, the contact) is unaffected and keeps full access + unlimited quota.Mechanism:
expiredrole inauth/roles.yaml(paths: [],deny: ["/**"]);praktika: pilot → expired./menow returnsrole: "expired"for praktika →RouteGuardrenders a newNoAccessScreen variant="trial"with a real Telegram link (https://t.me/ArtemKopylov87).Roletype extended with"expired"in backend (app/core/auth.py) and frontend (useMe.ts).Trial screen copy:
Test plan
test_rbac.py,test_me_brand.py,test_account_quota.py— 60 passed (kopylov stillpilot/unlimited; praktika nowexpired, no trade-in access).tsc --noEmitclean (source; pre-existing.next/cache noise unrelated).Notes
RouteGuard) per theroles.yamlarchitecture; the backend hard-gates only/api/v1/admin/**. So this blocks praktika in the UI (as requested). A backend hard-block forexpired(defense-in-depth against manual API calls) is an easy follow-up if wanted.auth/roles.yamlis repo-root (shared with the Site Finder stack). Theexpiredrole validates fine in both backends; the change reaches prod via the deploygit reset --hard+ tradein-backend restart (lru_cache reload).