feat: add FETCH_PRICE permission for manual price fetch endpoint

The POST /api/audit/price-history/fetch endpoint now requires FETCH_PRICE permission instead of VIEW_AUDIT, which is more semantically correct since it's a write operation.
2025-12-22 16:22:54 +01:00 · 2025-12-22 16:22:54 +01:00 · 3806361fac
commit 3806361fac
parent 54709888e1
4 changed files with 5 additions and 2 deletions
--- a/backend/tests/test_price_history.py
+++ b/backend/tests/test_price_history.py
@ -215,7 +215,7 @@ class TestManualFetch:
        assert response.status_code == 401

    @pytest.mark.asyncio
-    async def test_requires_view_audit_permission(self, client_factory, regular_user):
+    async def test_requires_fetch_price_permission(self, client_factory, regular_user):
        """Verify regular users cannot trigger manual fetch."""
        async with client_factory.create(cookies=regular_user["cookies"]) as authed:
            response = await authed.post("/api/audit/price-history/fetch")