logaritmisk/biggus-dickus
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): admin authority management (create + list by kind)

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Anders Olsson
2026-06-02 22:33:44 +02:00
parent d81b069b8f
commit 01abd5cbbc
4 changed files with 225 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/api/src/admin_authorities.rs
+133
View File
@@ -0,0 +1,133 @@
//! Admin authority-record management. Reads require `ViewInternal`; writes `EditCatalogue`.
use auth::{Authorized, EditCatalogue, ViewInternal};
use axum::{
Json, Router,
extract::{Query, State},
http::StatusCode,
routing::get,
};
use domain::{AuthorityKind, LocalizedLabel, NewAuthority};
use serde::{Deserialize, Serialize};
use utoipa::ToSchema;
use crate::AppState;
use crate::admin_objects::LabelView;
use crate::admin_vocab::{CreatedId, LabelInput};
#[derive(Serialize, ToSchema)]
pub(crate) struct AuthorityView {
pub id: String,
pub kind: String,
pub external_uri: Option<String>,
pub labels: Vec<LabelView>,
}
#[derive(Deserialize, ToSchema)]
pub(crate) struct NewAuthorityRequest {
/// "person" | "organisation" | "place".
pub kind: String,
pub external_uri: Option<String>,
pub labels: Vec<LabelInput>,
}
#[derive(Deserialize)]
pub(crate) struct KindQuery {
kind: String,
}
#[utoipa::path(
get, path = "/api/admin/authorities",
params(("kind" = String, Query, description = "person | organisation | place")),
responses(
(status = 200, body = [AuthorityView]),
(status = 401),
(status = 403),
(status = 422)
)
)]
pub(crate) async fn list_authorities(
_auth: Authorized<ViewInternal>,
State(state): State<AppState>,
Query(q): Query<KindQuery>,
) -> Result<Json<Vec<AuthorityView>>, StatusCode> {
let kind = AuthorityKind::from_db(&q.kind).ok_or(StatusCode::UNPROCESSABLE_ENTITY)?;
let authorities = db::authority::list_by_kind(state.db.pool(), kind)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok(Json(
authorities
.into_iter()
.map(|authority| AuthorityView {
id: authority.id.to_string(),
kind: authority.kind.as_str().to_owned(),
external_uri: authority.external_uri,
labels: authority
.labels
.into_iter()
.map(|label| LabelView {
lang: label.lang,
label: label.label,
})
.collect(),
})
.collect(),
))
}
#[utoipa::path(
post, path = "/api/admin/authorities",
request_body = NewAuthorityRequest,
responses(
(status = 201, body = CreatedId),
(status = 401),
(status = 403),
(status = 422)
)
)]
pub(crate) async fn create_authority(
_auth: Authorized<EditCatalogue>,
State(state): State<AppState>,
Json(req): Json<NewAuthorityRequest>,
) -> Result<(StatusCode, Json<CreatedId>), StatusCode> {
let kind = AuthorityKind::from_db(&req.kind).ok_or(StatusCode::UNPROCESSABLE_ENTITY)?;
let new = NewAuthority {
kind,
external_uri: req.external_uri,
labels: req
.labels
.into_iter()
.map(|label| LocalizedLabel {
lang: label.lang,
label: label.label,
})
.collect(),
};
let mut tx = state
.db
.pool()
.begin()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
let id = db::authority::create_authority(&mut tx, &new)
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
tx.commit()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok((StatusCode::CREATED, Json(CreatedId { id: id.to_string() })))
}
pub(crate) fn routes() -> Router<AppState> {
Router::new().route(
"/api/admin/authorities",
get(list_authorities).post(create_authority),
)
}
crates/api/src/lib.rs
+2
View File
@@ -1,6 +1,7 @@
//! HTTP API: router, handlers, and OpenAPI document.
mod admin;
mod admin_authorities;
mod admin_objects;
mod admin_vocab;
mod health;
@@ -45,6 +46,7 @@ pub fn build_app(state: AppState) -> Router {
.merge(admin::routes())
.merge(admin_objects::routes())
.merge(admin_vocab::routes())
.merge(admin_authorities::routes())
.layer(session_layer)
.with_state(state)
}
crates/api/src/openapi.rs
+7 -3
View File
@@ -1,7 +1,7 @@
use axum::{Json, Router, extract::State, routing::get};
use utoipa::OpenApi;
use crate::{AppState, admin, admin_objects, admin_vocab, health, public};
use crate::{AppState, admin, admin_authorities, admin_objects, admin_vocab, health, public};
#[derive(OpenApi)]
#[openapi(
@@ -25,7 +25,9 @@ use crate::{AppState, admin, admin_objects, admin_vocab, health, public};
admin_vocab::list_vocabularies,
admin_vocab::create_vocabulary,
admin_vocab::list_terms,
admin_vocab::add_term
admin_vocab::add_term,
admin_authorities::list_authorities,
admin_authorities::create_authority
),
components(schemas(
health::Live,
@@ -47,7 +49,9 @@ use crate::{AppState, admin, admin_objects, admin_vocab, health, public};
admin_vocab::NewTermRequest,
admin_vocab::LabelInput,
admin_vocab::TermView,
admin_vocab::CreatedId
admin_vocab::CreatedId,
admin_authorities::AuthorityView,
admin_authorities::NewAuthorityRequest
)),
info(title = "Collection Management System", version = "0.0.0")
)]
crates/api/tests/admin_catalog.rs
+83
View File
@@ -176,3 +176,86 @@ async fn vocabulary_create_requires_auth(pool: PgPool) {
.unwrap();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
async fn app2_get(app: &axum::Router, cookie: &str, uri: &str) -> StatusCode {
app.clone()
.oneshot(
Request::builder()
.uri(uri)
.header(header::COOKIE, cookie)
.body(Body::empty())
.unwrap(),
)
.await
.unwrap()
.status()
}
#[sqlx::test(migrations = "../db/migrations")]
async fn create_and_list_authorities_by_kind(pool: PgPool) {
migrate_sessions(&db::Db::from_pool(pool.clone()))
.await
.unwrap();
seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await;
let app = build_app(state(pool));
let cookie = login(&app, "ed@example.com", "pw-editor-123").await;
let created = app
.clone()
.oneshot(
Request::builder()
.method("POST")
.uri("/api/admin/authorities")
.header(header::COOKIE, &cookie)
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from(
r#"{"kind":"person","external_uri":null,"labels":[{"lang":"en","label":"Ada Lovelace"}]}"#,
))
.unwrap(),
)
.await
.unwrap();
assert_eq!(created.status(), StatusCode::CREATED);
// list by kind
let list = app
.clone()
.oneshot(
Request::builder()
.uri("/api/admin/authorities?kind=person")
.header(header::COOKIE, &cookie)
.body(Body::empty())
.unwrap(),
)
.await
.unwrap();
assert_eq!(list.status(), StatusCode::OK);
let json: serde_json::Value =
serde_json::from_slice(&list.into_body().collect().await.unwrap().to_bytes()).unwrap();
assert_eq!(json.as_array().unwrap().len(), 1);
assert_eq!(json[0]["kind"], "person");
// a different kind is empty
let places = app
.clone()
.oneshot(
Request::builder()
.uri("/api/admin/authorities?kind=place")
.header(header::COOKIE, &cookie)
.body(Body::empty())
.unwrap(),
)
.await
.unwrap();
let places_json: serde_json::Value =
serde_json::from_slice(&places.into_body().collect().await.unwrap().to_bytes()).unwrap();
assert!(places_json.as_array().unwrap().is_empty());
// bad kind → 422
let bad = app2_get(&app, &cookie, "/api/admin/authorities?kind=alien").await;
assert_eq!(bad, StatusCode::UNPROCESSABLE_ENTITY);
}