44d61ae7a7
Cover two authz gaps left by the B9-B14 org item-CRUD work: 1. Grant-DENIAL on the read/mutate-by-query commands. A second member added with their own device key but NOT granted `prod` is rejected by every one of `org get`, `edit`, `rm`, `restore`, and `purge`, and `org get` (with and without --show) leaks no plaintext. Previously only `org add` had a denial test. Also asserts the item is untouched afterward (owner still reads the original password/username). 2. SecureNote body masking: `org get <note>` prints `********` and not the body; `org get <note> --show` reveals it. Mirrors the existing Login-password masking assertions in org_items.rs. New tests/org_authz.rs reuses the multi-member `Dev` harness pattern from org_lifecycle.rs (one XDG config home + ed25519 device key per member), so a second member joins with their own keypair. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01RXpTHcQzw1n8qjYwZqruzQ
9.2 KiB
9.2 KiB