refactor(api): descriptive closure params; exhaustive FieldError match; field-endpoint auth tests

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

crates/api/src/admin_objects.rs

@@ -377,22 +377,22 @@ pub(crate) async fn list_field_definitions(
 
     Ok(Json(
         defs.into_iter()
-            .map(|d| {
+            .map(|def| {
-                let (data_type, vocabulary_id, authority_kind) = d.field_type.to_parts();
+                let (data_type, vocabulary_id, authority_kind) = def.field_type.to_parts();
 
                 FieldDefinitionView {
-                    key: d.key,
+                    key: def.key,
                     data_type: data_type.to_owned(),
-                    vocabulary_id: vocabulary_id.map(|v| v.to_string()),
+                    vocabulary_id: vocabulary_id.map(|vocab_id| vocab_id.to_string()),
-                    authority_kind: authority_kind.map(|k| k.as_str().to_owned()),
+                    authority_kind: authority_kind.map(|kind| kind.as_str().to_owned()),
-                    required: d.required,
+                    required: def.required,
-                    group: d.group_key,
+                    group: def.group_key,
-                    labels: d
+                    labels: def
                         .labels
                         .into_iter()
-                        .map(|l| LabelView {
+                        .map(|label| LabelView {
-                            lang: l.lang,
+                            lang: label.lang,
-                            label: l.label,
+                            label: label.label,
                         })
                         .collect(),
                 }
@@ -447,7 +447,9 @@ pub(crate) async fn set_fields(
         }
         Err(db::catalog::FieldError::ObjectNotFound) => Err(StatusCode::NOT_FOUND),
         Err(db::catalog::FieldError::Db(_)) => Err(StatusCode::INTERNAL_SERVER_ERROR),
-        Err(_) => Err(StatusCode::UNPROCESSABLE_ENTITY),
+        Err(db::catalog::FieldError::UnknownField(_)) => Err(StatusCode::UNPROCESSABLE_ENTITY),
+        Err(db::catalog::FieldError::TypeMismatch { .. }) => Err(StatusCode::UNPROCESSABLE_ENTITY),
+        Err(db::catalog::FieldError::Unresolved { .. }) => Err(StatusCode::UNPROCESSABLE_ENTITY),
     }
 }
 

crates/api/tests/admin_objects.rs

@@ -454,3 +454,41 @@ async fn create_requires_auth(pool: PgPool) {
         .unwrap();
     assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
 }
+
+#[sqlx::test(migrations = "../db/migrations")]
+async fn field_endpoints_require_auth(pool: PgPool) {
+    migrate_sessions(&db::Db::from_pool(pool.clone()))
+        .await
+        .unwrap();
+
+    let app = build_app(state(pool));
+
+    let defs = app
+        .clone()
+        .oneshot(
+            Request::builder()
+                .uri("/api/admin/field-definitions")
+                .body(Body::empty())
+                .unwrap(),
+        )
+        .await
+        .unwrap();
+
+    let set = app
+        .oneshot(
+            Request::builder()
+                .method("PUT")
+                .uri(format!(
+                    "/api/admin/objects/{}/fields",
+                    domain::ObjectId::new()
+                ))
+                .header(header::CONTENT_TYPE, "application/json")
+                .body(Body::from(r#"{"k":"v"}"#))
+                .unwrap(),
+        )
+        .await
+        .unwrap();
+
+    assert_eq!(defs.status(), StatusCode::UNAUTHORIZED);
+    assert_eq!(set.status(), StatusCode::UNAUTHORIZED);
+}