- Move VBaseProvider initialization from init() to Init() function
- Move role initialization (admin/user) from api/init.go to Init()
- Remove global VBaseProvider variable reference from tests
- Use NewAuth factory function instead of direct auth.Factory.New call
- Rename appAuth to vbaseProvider implementing auth.Provider interface
- Replace auth.VBaseAuth with cfg.Auth (auth.Auth struct) for middleware
- Add global cfg.Auth instance with SetProvider injection in init.go
- Update all API handlers to use cfg.Auth.RequireXxx instead of PermXxx
- Update tests to use cfg.Auth for permission checks
- Remove Login/Perm methods from Provider (now in auth.Auth struct)
- Remove org-related test cases from edge_case_test.go
- Remove OrgResp type from main_test.go
- Update none_auth_test removing org endpoints
- Add permission grants in OAuth tests for proper access control
- Fix race condition tests with retry logic for SQLite locking
- Update resource_perm_test to accept 401 or 403 status codes
- Add new role_access_test.go for role API permission testing
- Add new scoped_auth_test.go for scoped permission testing
- Delete org API endpoints (add_member, create, del, get, list, member, patch, tree)
- Delete models/org.go and remove Org/OrgMember models
- Delete org-related test files (org_crud, org_load_middleware, org_permission, multi_tenant)
- Delete org test scripts (03_org_permission.sh, 04_org_load_middleware.sh)
- Simplify auth/auth.go by removing org context and role loading logic
- Remove org claims from JWT tokens and login/register responses
- Redesign Permission model with hierarchical level-based access control
- Add auth/design.md with new permission system specification
- Update user and role APIs to work without org context
- Rename cfg.Config to cfg.Global for consistency
- Simplify cli/main.go to use vbase.App.Run() pattern
- Update init.go to create app with vigo.New and Init function
- Update all references from cfg.Config to cfg.Global across api, libs, models, and tests
- Fix VBase constructor parameter order in ui/vbase.js
- Update ui/env.js to use new VBase('vb', '/') initialization
- Add OAuth client CRUD and access control tests
- Add organization CRUD, tree and access control tests
- Add role CRUD, access control and system role protection tests
- Remove user:read permission from default user role
- Add /api/auth/users endpoint for authenticated users to search other users
- Only return public info (id, username, nickname, avatar) in search results
- Change /api/user routes to require user:admin permission instead of user:read
- Update auth tests to use /api/auth/me for self updates
- Add tests for new user search endpoint
- Add tests/README.md with comprehensive documentation for running and adding tests
- Change TestDBFile from file-based 'test.db' to in-memory 'file::memory:?cache=shared'
- Remove file cleanup in setup() and teardown() functions since memory database requires no cleanup
- Simplify setup() by removing comments and streamlining database configuration
- Move and split 'auth/auth_test.go' into the 'tests/' directory
- Add 'tests/main_test.go' for global test suite setup
- Add 'tests/helpers_test.go' for shared test utilities
- Create separate test files for different auth scenarios ('auth_test.go', 'none_auth_test.go')
- Add focused tests for org permissions and middleware ('org_permission_test.go', 'resource_perm_test.go', 'org_load_middleware_test.go')
veypi