PR #175 proves the admin gate fires before writes on the create path by asserting that a forbidden create does not insert a row. Follow-up: - extend the same style of DB-state assertion to the rejected update and delete paths - for update: create a row, attempt forbidden update, verify the row is unchanged - for delete: create a row, attempt forbidden delete, verify the row still exists This is non-blocking regression-hardening for the registered_clients admin gate tests.
PR #175 proves the admin gate fires before writes on the create path by asserting that a forbidden create does not insert a row.
Follow-up:
This is non-blocking regression-hardening for the registered_clients admin gate tests.