From b508273a52fda9d2b9a19d2451c0b9351c716851 Mon Sep 17 00:00:00 2001 From: Anders Olsson Date: Thu, 4 Jun 2026 14:09:08 +0200 Subject: [PATCH] feat(api): POST /api/admin/field-definitions (create field definition) Co-Authored-By: Claude Sonnet 4.6 --- crates/api/src/admin_objects.rs | 103 +++++++++++++++- crates/api/src/openapi.rs | 3 + crates/api/tests/admin_fields.rs | 196 +++++++++++++++++++++++++++++++ web/src/api/schema.d.ts | 76 +++++++++++- 4 files changed, 374 insertions(+), 4 deletions(-) create mode 100644 crates/api/tests/admin_fields.rs diff --git a/crates/api/src/admin_objects.rs b/crates/api/src/admin_objects.rs index fa9d2a2..ce0b302 100644 --- a/crates/api/src/admin_objects.rs +++ b/crates/api/src/admin_objects.rs @@ -9,11 +9,15 @@ use axum::{ response::IntoResponse, routing::{get, put}, }; -use domain::{AuditActor, CatalogueObject, ObjectId, ObjectInput, Visibility}; +use domain::{ + AuditActor, AuthorityKind, CatalogueObject, FieldType, LocalizedLabel, NewFieldDefinition, + ObjectId, ObjectInput, Visibility, VocabularyId, +}; + use serde::{Deserialize, Serialize}; use utoipa::ToSchema; -use crate::{AppState, pagination::Pagination, reindex}; +use crate::{AppState, admin_vocab::LabelInput, pagination::Pagination, reindex}; /// A localized label `{ lang, label }` (shared across admin views). #[derive(Serialize, ToSchema)] @@ -364,6 +368,23 @@ pub(crate) struct FieldDefinitionView { pub labels: Vec, } +#[derive(serde::Deserialize, utoipa::ToSchema)] +pub(crate) struct NewFieldDefinitionRequest { + pub key: String, + /// text | localized_text | integer | date | boolean | term | authority + pub data_type: String, + pub vocabulary_id: Option, + pub authority_kind: Option, + pub required: bool, + pub group: Option, + pub labels: Vec, +} + +#[derive(serde::Serialize, utoipa::ToSchema)] +pub(crate) struct CreatedField { + pub key: String, +} + /// List all field definitions. Requires `ViewInternal`. #[utoipa::path( get, path = "/api/admin/field-definitions", @@ -407,6 +428,79 @@ pub(crate) async fn list_field_definitions( )) } +/// Create a field definition. Requires `EditCatalogue`. All type/binding consistency +/// (term needs a vocabulary, authority takes no vocabulary, scalars take no binding) is +/// validated by `FieldType::from_parts`, which returns `None` for any bad combination. +#[utoipa::path( + post, path = "/api/admin/field-definitions", + request_body = NewFieldDefinitionRequest, + responses( + (status = 201, body = CreatedField), + (status = 400, description = "Malformed vocabulary_id or authority_kind"), + (status = 401), + (status = 403), + (status = 409, description = "Duplicate key"), + (status = 422, description = "Inconsistent type/binding") + ) +)] +pub(crate) async fn create_field_definition( + _auth: Authorized, + State(state): State, + Json(req): Json, +) -> Result<(StatusCode, Json), StatusCode> { + let vocabulary_id = match req.vocabulary_id.as_deref() { + None | Some("") => None, + Some(s) => Some( + s.parse::() + .map_err(|_| StatusCode::BAD_REQUEST)?, + ), + }; + + let authority_kind = match req.authority_kind.as_deref() { + None | Some("") => None, + Some(s) => Some(AuthorityKind::from_db(s).ok_or(StatusCode::BAD_REQUEST)?), + }; + + let field_type = FieldType::from_parts(&req.data_type, vocabulary_id, authority_kind) + .ok_or(StatusCode::UNPROCESSABLE_ENTITY)?; + + let new = NewFieldDefinition { + key: req.key, + field_type, + required: req.required, + group_key: req.group, + labels: req + .labels + .into_iter() + .map(|l| LocalizedLabel { + lang: l.lang, + label: l.label, + }) + .collect(), + }; + + let mut tx = state + .db + .pool() + .begin() + .await + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; + + match db::fields::create_field_definition(&mut tx, &new).await { + Ok(_) => { + tx.commit() + .await + .map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?; + + Ok((StatusCode::CREATED, Json(CreatedField { key: new.key }))) + } + Err(err) if err.as_database_error().and_then(|e| e.code()).as_deref() == Some("23505") => { + Err(StatusCode::CONFLICT) + } + Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR), + } +} + /// Replace an object's flexible-field values (validated against the registry). /// /// **Replace semantics:** the body is the *complete* desired field set. Omitting a key @@ -470,5 +564,8 @@ pub(crate) fn routes() -> Router { get(get_object).put(update_object).delete(delete_object), ) .route("/api/admin/objects/{id}/fields", put(set_fields)) - .route("/api/admin/field-definitions", get(list_field_definitions)) + .route( + "/api/admin/field-definitions", + get(list_field_definitions).post(create_field_definition), + ) } diff --git a/crates/api/src/openapi.rs b/crates/api/src/openapi.rs index 7d08eae..e40d9ba 100644 --- a/crates/api/src/openapi.rs +++ b/crates/api/src/openapi.rs @@ -23,6 +23,7 @@ use crate::{ admin_objects::update_object, admin_objects::delete_object, admin_objects::list_field_definitions, + admin_objects::create_field_definition, admin_objects::set_fields, admin_vocab::list_vocabularies, admin_vocab::create_vocabulary, @@ -47,6 +48,8 @@ use crate::{ admin_objects::ObjectUpdateRequest, admin_objects::CreatedObject, admin_objects::FieldDefinitionView, + admin_objects::NewFieldDefinitionRequest, + admin_objects::CreatedField, admin_vocab::VocabularyView, admin_vocab::NewVocabularyRequest, admin_vocab::NewTermRequest, diff --git a/crates/api/tests/admin_fields.rs b/crates/api/tests/admin_fields.rs new file mode 100644 index 0000000..e7675a1 --- /dev/null +++ b/crates/api/tests/admin_fields.rs @@ -0,0 +1,196 @@ +use api::{AppState, build_app, migrate_sessions}; +use axum::body::Body; +use axum::http::{Request, StatusCode, header}; +use db::users; +use domain::{AuditActor, Email, NewUser, Role}; +use http_body_util::BodyExt; +use sqlx::PgPool; +use tower::ServiceExt; + +fn state(pool: PgPool) -> AppState { + AppState { + db: db::Db::from_pool(pool), + app_name: "Test".into(), + cookie_secure: false, + search: None, + } +} + +async fn seed_user(pool: &PgPool, email: &str, password: &str, role: Role) { + let db = db::Db::from_pool(pool.clone()); + let mut tx = db.pool().begin().await.unwrap(); + + users::create_user( + &mut tx, + AuditActor::System, + &NewUser { + email: Email::parse(email).unwrap(), + password_hash: auth::hash_password(password).unwrap(), + role, + }, + ) + .await + .unwrap(); + + tx.commit().await.unwrap(); +} + +async fn login(app: &axum::Router, email: &str, password: &str) -> String { + let resp = app + .clone() + .oneshot( + Request::builder() + .method("POST") + .uri("/api/admin/login") + .header(header::CONTENT_TYPE, "application/json") + .body(Body::from(format!( + r#"{{"email":"{email}","password":"{password}"}}"# + ))) + .unwrap(), + ) + .await + .unwrap(); + + assert_eq!(resp.status(), StatusCode::NO_CONTENT); + + resp.headers() + .get(header::SET_COOKIE) + .unwrap() + .to_str() + .unwrap() + .split(';') + .next() + .unwrap() + .to_owned() +} + +async fn post_field(app: &axum::Router, cookie: &str, body: &str) -> axum::http::Response { + app.clone() + .oneshot( + Request::builder() + .method("POST") + .uri("/api/admin/field-definitions") + .header(header::COOKIE, cookie) + .header(header::CONTENT_TYPE, "application/json") + .body(Body::from(body.to_owned())) + .unwrap(), + ) + .await + .unwrap() +} + +#[sqlx::test(migrations = "../db/migrations")] +async fn create_requires_auth(pool: PgPool) { + migrate_sessions(&db::Db::from_pool(pool.clone())) + .await + .unwrap(); + + let app = build_app(state(pool)); + + let resp = app + .oneshot( + Request::builder() + .method("POST") + .uri("/api/admin/field-definitions") + .header(header::CONTENT_TYPE, "application/json") + .body(Body::from( + r#"{"key":"x","data_type":"text","required":false,"labels":[{"lang":"en","label":"X"}]}"#, + )) + .unwrap(), + ) + .await + .unwrap(); + + assert_eq!(resp.status(), StatusCode::UNAUTHORIZED); +} + +#[sqlx::test(migrations = "../db/migrations")] +async fn create_scalar_field_then_lists_it(pool: PgPool) { + migrate_sessions(&db::Db::from_pool(pool.clone())) + .await + .unwrap(); + + seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await; + + let app = build_app(state(pool)); + let cookie = login(&app, "ed@example.com", "pw-editor-123").await; + + let resp = post_field( + &app, + &cookie, + r#"{"key":"height_cm","data_type":"integer","required":true,"group":"Dimensions","labels":[{"lang":"en","label":"Height"},{"lang":"sv","label":"Höjd"}]}"#, + ) + .await; + + assert_eq!(resp.status(), StatusCode::CREATED); + + let body: serde_json::Value = + serde_json::from_slice(&resp.into_body().collect().await.unwrap().to_bytes()).unwrap(); + + assert_eq!(body["key"], "height_cm"); + + let list = app + .oneshot( + Request::builder() + .uri("/api/admin/field-definitions") + .header(header::COOKIE, &cookie) + .body(Body::empty()) + .unwrap(), + ) + .await + .unwrap(); + + let defs: serde_json::Value = + serde_json::from_slice(&list.into_body().collect().await.unwrap().to_bytes()).unwrap(); + + assert!( + defs.as_array() + .unwrap() + .iter() + .any(|d| d["key"] == "height_cm") + ); +} + +#[sqlx::test(migrations = "../db/migrations")] +async fn term_without_vocabulary_is_422(pool: PgPool) { + migrate_sessions(&db::Db::from_pool(pool.clone())) + .await + .unwrap(); + + seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await; + + let app = build_app(state(pool)); + let cookie = login(&app, "ed@example.com", "pw-editor-123").await; + + let resp = post_field( + &app, + &cookie, + r#"{"key":"material","data_type":"term","required":false,"labels":[{"lang":"en","label":"Material"}]}"#, + ) + .await; + + assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY); +} + +#[sqlx::test(migrations = "../db/migrations")] +async fn duplicate_key_is_409(pool: PgPool) { + migrate_sessions(&db::Db::from_pool(pool.clone())) + .await + .unwrap(); + + seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await; + + let app = build_app(state(pool)); + let cookie = login(&app, "ed@example.com", "pw-editor-123").await; + + let body = r#"{"key":"dup","data_type":"text","required":false,"labels":[{"lang":"en","label":"Dup"}]}"#; + + assert_eq!( + post_field(&app, &cookie, body).await.status(), + StatusCode::CREATED + ); + assert_eq!( + post_field(&app, &cookie, body).await.status(), + StatusCode::CONFLICT + ); +} diff --git a/web/src/api/schema.d.ts b/web/src/api/schema.d.ts index 6959d49..e372e04 100644 --- a/web/src/api/schema.d.ts +++ b/web/src/api/schema.d.ts @@ -30,7 +30,12 @@ export interface paths { /** List all field definitions. Requires `ViewInternal`. */ get: operations["list_field_definitions"]; put?: never; - post?: never; + /** + * Create a field definition. Requires `EditCatalogue`. All type/binding consistency + * (term needs a vocabulary, authority takes no vocabulary, scalars take no binding) is + * validated by `FieldType::from_parts`, which returns `None` for any bad combination. + */ + post: operations["create_field_definition"]; delete?: never; options?: never; head?: never; @@ -339,6 +344,9 @@ export interface components { kind: string; labels: components["schemas"]["LabelView"][]; }; + CreatedField: { + key: string; + }; CreatedId: { id: string; }; @@ -382,6 +390,16 @@ export interface components { kind: string; labels: components["schemas"]["LabelInput"][]; }; + NewFieldDefinitionRequest: { + authority_kind?: string | null; + /** @description text | localized_text | integer | date | boolean | term | authority */ + data_type: string; + group?: string | null; + key: string; + labels: components["schemas"]["LabelInput"][]; + required: boolean; + vocabulary_id?: string | null; + }; NewTermRequest: { external_uri?: string | null; labels: components["schemas"]["LabelInput"][]; @@ -599,6 +617,62 @@ export interface operations { }; }; }; + create_field_definition: { + parameters: { + query?: never; + header?: never; + path?: never; + cookie?: never; + }; + requestBody: { + content: { + "application/json": components["schemas"]["NewFieldDefinitionRequest"]; + }; + }; + responses: { + 201: { + headers: { + [name: string]: unknown; + }; + content: { + "application/json": components["schemas"]["CreatedField"]; + }; + }; + /** @description Malformed vocabulary_id or authority_kind */ + 400: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + 401: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + 403: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Duplicate key */ + 409: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + /** @description Inconsistent type/binding */ + 422: { + headers: { + [name: string]: unknown; + }; + content?: never; + }; + }; + }; login: { parameters: { query?: never;