test(organizations): membership lifecycle HTTP e2e (add/accept/promote/leave/decline)

[PierreBrisorgueil]

Summary

Restores HTTP-level e2e coverage for the org membership lifecycle (P4 deleted the only HTTP coverage for promote/leave; P5a replaced it with mocked unit tests). New organizations.memberAdd.e2e.tests.js exercises the real routes through passport + CASL + param middleware:

• Lifecycle: signup A (owner) + B → A searches B by email → addMember → B sees it in mine/pending → B accepts → A promotes B → B leaves → members list back to A.
• Decline + guard: A re-adds B (pending row visible in the members list per ✨ owner_add lifecycle: invitee decline, owner cancel, pending visibility, last-owner scope, user-delete cleanup #3831) → re-add while pending → 422 duplicate guard → B declines via DELETE /membership-requests/:id → row gone from mine/pending and the members list.

Test plan

npm run test:all -- --testPathPatterns='organizations.memberAdd.e2e' → 1 suite, 2 tests green. Lint clean. (Test-only — no production code.)

Closes #3835

[coderabbitai]

Warning

Review limit reached

@PierreBrisorgueil, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 7 minutes and 19 seconds. Learn how PR review limits work.

Your organization has used up its prepaid credits, and credit purchases are no longer available. Enable the review add-on in the billing tab to keep reviews running — you're only billed for reviews past your plan's rate limits ($0.25/file).

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3832f9ab-26ec-418a-aa40-8a29ff601d82

📥 Commits

Reviewing files that changed from the base of the PR and between 12b961c and 6d631d2.

📒 Files selected for processing (1)

• modules/organizations/tests/organizations.memberAdd.e2e.tests.js

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/3835-membership-lifecycle-e2e

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.37%. Comparing base (12b961c) to head (6d631d2).

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #3860   +/-   ##
=======================================
  Coverage   92.37%   92.37%           
=======================================
  Files         160      160           
  Lines        5361     5361           
  Branches     1723     1723           
=======================================
  Hits         4952     4952           
  Misses        328      328           
  Partials       81       81           

Flag	Coverage Δ
integration	59.93% <ø> (ø)
unit	73.04% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 12b961c...6d631d2. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Copilot]

Pull request overview

Adds HTTP-level end-to-end coverage for the organizations “owner-add” membership lifecycle, exercising real Express routes with passport auth, CASL, and param middleware (restoring coverage previously lost for promote/leave flows).

Changes:

• Adds a new e2e suite that covers add-member → pending visibility → accept → promote → leave via real HTTP endpoints.
• Extends coverage to include the decline flow and the duplicate-add (422) guard.