Add Test for get_all_goals Owner Isolation #106
Description
Description:
get_all_goals(owner) must return only goals whose owner field equals the given address. If the filter were wrong or missing, one user could see another user's goals (privacy and security issue). This issue adds a test that creates goals for two different owner addresses (A and B), then calls get_all_goals(A) and get_all_goals(B) and asserts that A's list contains only goals owned by A (no goal from B) and B's list contains only goals owned by B (no goal from A).
Requirements
Test scenario: Create owner_a and owner_b. Create one or more goals as owner_a, one or more as owner_b. Call get_all_goals(owner_a) and assert every returned goal has goal.owner == owner_a. Call get_all_goals(owner_b) and assert every returned goal has goal.owner == owner_b. Optionally assert that the goal IDs in A's list and B's list are disjoint.
Acceptance Criteria
- Test creates goals for two owners and asserts get_all_goals returns only that owner's goals.
- Test is in savings_goals test suite and runs in CI.