logaritmisk/biggus-dickus
1
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): POST /api/admin/field-definitions (create field definition)

Browse Source 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Anders Olsson
2026-06-04 14:09:08 +02:00
parent b490db13b1
commit b508273a52
4 changed files with 374 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
crates/api/src/admin_objects.rs
+100 -3
View File
@@ -9,11 +9,15 @@ use axum::{
response::IntoResponse,
routing::{get, put},
};
use domain::{AuditActor, CatalogueObject, ObjectId, ObjectInput, Visibility};
use domain::{
AuditActor, AuthorityKind, CatalogueObject, FieldType, LocalizedLabel, NewFieldDefinition,
ObjectId, ObjectInput, Visibility, VocabularyId,
};
use serde::{Deserialize, Serialize};
use utoipa::ToSchema;
use crate::{AppState, pagination::Pagination, reindex};
use crate::{AppState, admin_vocab::LabelInput, pagination::Pagination, reindex};
/// A localized label `{ lang, label }` (shared across admin views).
#[derive(Serialize, ToSchema)]
@@ -364,6 +368,23 @@ pub(crate) struct FieldDefinitionView {
pub labels: Vec<LabelView>,
}
#[derive(serde::Deserialize, utoipa::ToSchema)]
pub(crate) struct NewFieldDefinitionRequest {
pub key: String,
/// text | localized_text | integer | date | boolean | term | authority
pub data_type: String,
pub vocabulary_id: Option<String>,
pub authority_kind: Option<String>,
pub required: bool,
pub group: Option<String>,
pub labels: Vec<LabelInput>,
}
#[derive(serde::Serialize, utoipa::ToSchema)]
pub(crate) struct CreatedField {
pub key: String,
}
/// List all field definitions. Requires `ViewInternal`.
#[utoipa::path(
get, path = "/api/admin/field-definitions",
@@ -407,6 +428,79 @@ pub(crate) async fn list_field_definitions(
))
}
/// Create a field definition. Requires `EditCatalogue`. All type/binding consistency
/// (term needs a vocabulary, authority takes no vocabulary, scalars take no binding) is
/// validated by `FieldType::from_parts`, which returns `None` for any bad combination.
#[utoipa::path(
post, path = "/api/admin/field-definitions",
request_body = NewFieldDefinitionRequest,
responses(
(status = 201, body = CreatedField),
(status = 400, description = "Malformed vocabulary_id or authority_kind"),
(status = 401),
(status = 403),
(status = 409, description = "Duplicate key"),
(status = 422, description = "Inconsistent type/binding")
)
)]
pub(crate) async fn create_field_definition(
_auth: Authorized<EditCatalogue>,
State(state): State<AppState>,
Json(req): Json<NewFieldDefinitionRequest>,
) -> Result<(StatusCode, Json<CreatedField>), StatusCode> {
let vocabulary_id = match req.vocabulary_id.as_deref() {
None | Some("") => None,
Some(s) => Some(
s.parse::<VocabularyId>()
.map_err(|_| StatusCode::BAD_REQUEST)?,
),
};
let authority_kind = match req.authority_kind.as_deref() {
None | Some("") => None,
Some(s) => Some(AuthorityKind::from_db(s).ok_or(StatusCode::BAD_REQUEST)?),
};
let field_type = FieldType::from_parts(&req.data_type, vocabulary_id, authority_kind)
.ok_or(StatusCode::UNPROCESSABLE_ENTITY)?;
let new = NewFieldDefinition {
key: req.key,
field_type,
required: req.required,
group_key: req.group,
labels: req
.labels
.into_iter()
.map(|l| LocalizedLabel {
lang: l.lang,
label: l.label,
})
.collect(),
};
let mut tx = state
.db
.pool()
.begin()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
match db::fields::create_field_definition(&mut tx, &new).await {
Ok(_) => {
tx.commit()
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?;
Ok((StatusCode::CREATED, Json(CreatedField { key: new.key })))
}
Err(err) if err.as_database_error().and_then(|e| e.code()).as_deref() == Some("23505") => {
Err(StatusCode::CONFLICT)
}
Err(_) => Err(StatusCode::INTERNAL_SERVER_ERROR),
}
}
/// Replace an object's flexible-field values (validated against the registry).
///
/// **Replace semantics:** the body is the *complete* desired field set. Omitting a key
@@ -470,5 +564,8 @@ pub(crate) fn routes() -> Router<AppState> {
get(get_object).put(update_object).delete(delete_object),
)
.route("/api/admin/objects/{id}/fields", put(set_fields))
.route("/api/admin/field-definitions", get(list_field_definitions))
.route(
"/api/admin/field-definitions",
get(list_field_definitions).post(create_field_definition),
)
}
crates/api/src/openapi.rs
+3
View File
@@ -23,6 +23,7 @@ use crate::{
admin_objects::update_object,
admin_objects::delete_object,
admin_objects::list_field_definitions,
admin_objects::create_field_definition,
admin_objects::set_fields,
admin_vocab::list_vocabularies,
admin_vocab::create_vocabulary,
@@ -47,6 +48,8 @@ use crate::{
admin_objects::ObjectUpdateRequest,
admin_objects::CreatedObject,
admin_objects::FieldDefinitionView,
admin_objects::NewFieldDefinitionRequest,
admin_objects::CreatedField,
admin_vocab::VocabularyView,
admin_vocab::NewVocabularyRequest,
admin_vocab::NewTermRequest,
crates/api/tests/admin_fields.rs
+196
View File
@@ -0,0 +1,196 @@
use api::{AppState, build_app, migrate_sessions};
use axum::body::Body;
use axum::http::{Request, StatusCode, header};
use db::users;
use domain::{AuditActor, Email, NewUser, Role};
use http_body_util::BodyExt;
use sqlx::PgPool;
use tower::ServiceExt;
fn state(pool: PgPool) -> AppState {
AppState {
db: db::Db::from_pool(pool),
app_name: "Test".into(),
cookie_secure: false,
search: None,
}
}
async fn seed_user(pool: &PgPool, email: &str, password: &str, role: Role) {
let db = db::Db::from_pool(pool.clone());
let mut tx = db.pool().begin().await.unwrap();
users::create_user(
&mut tx,
AuditActor::System,
&NewUser {
email: Email::parse(email).unwrap(),
password_hash: auth::hash_password(password).unwrap(),
role,
},
)
.await
.unwrap();
tx.commit().await.unwrap();
}
async fn login(app: &axum::Router, email: &str, password: &str) -> String {
let resp = app
.clone()
.oneshot(
Request::builder()
.method("POST")
.uri("/api/admin/login")
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from(format!(
r#"{{"email":"{email}","password":"{password}"}}"#
)))
.unwrap(),
)
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::NO_CONTENT);
resp.headers()
.get(header::SET_COOKIE)
.unwrap()
.to_str()
.unwrap()
.split(';')
.next()
.unwrap()
.to_owned()
}
async fn post_field(app: &axum::Router, cookie: &str, body: &str) -> axum::http::Response<Body> {
app.clone()
.oneshot(
Request::builder()
.method("POST")
.uri("/api/admin/field-definitions")
.header(header::COOKIE, cookie)
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from(body.to_owned()))
.unwrap(),
)
.await
.unwrap()
}
#[sqlx::test(migrations = "../db/migrations")]
async fn create_requires_auth(pool: PgPool) {
migrate_sessions(&db::Db::from_pool(pool.clone()))
.await
.unwrap();
let app = build_app(state(pool));
let resp = app
.oneshot(
Request::builder()
.method("POST")
.uri("/api/admin/field-definitions")
.header(header::CONTENT_TYPE, "application/json")
.body(Body::from(
r#"{"key":"x","data_type":"text","required":false,"labels":[{"lang":"en","label":"X"}]}"#,
))
.unwrap(),
)
.await
.unwrap();
assert_eq!(resp.status(), StatusCode::UNAUTHORIZED);
}
#[sqlx::test(migrations = "../db/migrations")]
async fn create_scalar_field_then_lists_it(pool: PgPool) {
migrate_sessions(&db::Db::from_pool(pool.clone()))
.await
.unwrap();
seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await;
let app = build_app(state(pool));
let cookie = login(&app, "ed@example.com", "pw-editor-123").await;
let resp = post_field(
&app,
&cookie,
r#"{"key":"height_cm","data_type":"integer","required":true,"group":"Dimensions","labels":[{"lang":"en","label":"Height"},{"lang":"sv","label":"Höjd"}]}"#,
)
.await;
assert_eq!(resp.status(), StatusCode::CREATED);
let body: serde_json::Value =
serde_json::from_slice(&resp.into_body().collect().await.unwrap().to_bytes()).unwrap();
assert_eq!(body["key"], "height_cm");
let list = app
.oneshot(
Request::builder()
.uri("/api/admin/field-definitions")
.header(header::COOKIE, &cookie)
.body(Body::empty())
.unwrap(),
)
.await
.unwrap();
let defs: serde_json::Value =
serde_json::from_slice(&list.into_body().collect().await.unwrap().to_bytes()).unwrap();
assert!(
defs.as_array()
.unwrap()
.iter()
.any(|d| d["key"] == "height_cm")
);
}
#[sqlx::test(migrations = "../db/migrations")]
async fn term_without_vocabulary_is_422(pool: PgPool) {
migrate_sessions(&db::Db::from_pool(pool.clone()))
.await
.unwrap();
seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await;
let app = build_app(state(pool));
let cookie = login(&app, "ed@example.com", "pw-editor-123").await;
let resp = post_field(
&app,
&cookie,
r#"{"key":"material","data_type":"term","required":false,"labels":[{"lang":"en","label":"Material"}]}"#,
)
.await;
assert_eq!(resp.status(), StatusCode::UNPROCESSABLE_ENTITY);
}
#[sqlx::test(migrations = "../db/migrations")]
async fn duplicate_key_is_409(pool: PgPool) {
migrate_sessions(&db::Db::from_pool(pool.clone()))
.await
.unwrap();
seed_user(&pool, "ed@example.com", "pw-editor-123", Role::Editor).await;
let app = build_app(state(pool));
let cookie = login(&app, "ed@example.com", "pw-editor-123").await;
let body = r#"{"key":"dup","data_type":"text","required":false,"labels":[{"lang":"en","label":"Dup"}]}"#;
assert_eq!(
post_field(&app, &cookie, body).await.status(),
StatusCode::CREATED
);
assert_eq!(
post_field(&app, &cookie, body).await.status(),
StatusCode::CONFLICT
);
}
web/src/api/schema.d.ts
Vendored
+75 -1
View File
@@ -30,7 +30,12 @@ export interface paths {
/** List all field definitions. Requires `ViewInternal`. */
get: operations["list_field_definitions"];
put?: never;
post?: never;
/**
* Create a field definition. Requires `EditCatalogue`. All type/binding consistency
* (term needs a vocabulary, authority takes no vocabulary, scalars take no binding) is
* validated by `FieldType::from_parts`, which returns `None` for any bad combination.
*/
post: operations["create_field_definition"];
delete?: never;
options?: never;
head?: never;
@@ -339,6 +344,9 @@ export interface components {
kind: string;
labels: components["schemas"]["LabelView"][];
};
CreatedField: {
key: string;
};
CreatedId: {
id: string;
};
@@ -382,6 +390,16 @@ export interface components {
kind: string;
labels: components["schemas"]["LabelInput"][];
};
NewFieldDefinitionRequest: {
authority_kind?: string | null;
/** @description text | localized_text | integer | date | boolean | term | authority */
data_type: string;
group?: string | null;
key: string;
labels: components["schemas"]["LabelInput"][];
required: boolean;
vocabulary_id?: string | null;
};
NewTermRequest: {
external_uri?: string | null;
labels: components["schemas"]["LabelInput"][];
@@ -599,6 +617,62 @@ export interface operations {
};
};
};
create_field_definition: {
parameters: {
query?: never;
header?: never;
path?: never;
cookie?: never;
};
requestBody: {
content: {
"application/json": components["schemas"]["NewFieldDefinitionRequest"];
};
};
responses: {
201: {
headers: {
[name: string]: unknown;
};
content: {
"application/json": components["schemas"]["CreatedField"];
};
};
/** @description Malformed vocabulary_id or authority_kind */
400: {
headers: {
[name: string]: unknown;
};
content?: never;
};
401: {
headers: {
[name: string]: unknown;
};
content?: never;
};
403: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Duplicate key */
409: {
headers: {
[name: string]: unknown;
};
content?: never;
};
/** @description Inconsistent type/binding */
422: {
headers: {
[name: string]: unknown;
};
content?: never;
};
};
};
login: {
parameters: {
query?: never;