feat(api/v2): add saved filter CRUD on /api/v2
This commit is contained in:
parent
a52ee1593a
commit
ed4ae0cd43
|
|
@ -0,0 +1,137 @@
|
|||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package apiv2
|
||||
|
||||
import (
|
||||
"context"
|
||||
"net/http"
|
||||
|
||||
"code.vikunja.io/api/pkg/models"
|
||||
"code.vikunja.io/api/pkg/web/handler"
|
||||
|
||||
"github.com/danielgtaylor/huma/v2"
|
||||
"github.com/danielgtaylor/huma/v2/conditional"
|
||||
)
|
||||
|
||||
// RegisterSavedFilterRoutes wires saved filter CRUD onto the Huma API.
|
||||
// No list operation, by design — v1 has none either.
|
||||
func RegisterSavedFilterRoutes(api huma.API) {
|
||||
tags := []string{"filters"}
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "filters-read",
|
||||
Summary: "Get a saved filter",
|
||||
Description: "Returns a single saved filter. Only the owner may see it. Sends an ETag; pass it as If-None-Match on a later read to get a 304 Not Modified.",
|
||||
Method: http.MethodGet,
|
||||
Path: "/filters/{filter}",
|
||||
Tags: tags,
|
||||
}, savedFiltersRead)
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "filters-create",
|
||||
Summary: "Create a saved filter",
|
||||
Description: "Creates a saved filter; the authenticated user becomes its owner. The filter query is validated before it is stored.",
|
||||
Method: http.MethodPost,
|
||||
Path: "/filters",
|
||||
Tags: tags,
|
||||
}, savedFiltersCreate)
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "filters-update",
|
||||
Summary: "Update a saved filter",
|
||||
Description: "Replaces all of a saved filter's fields — only the owner may update it. Use PATCH for a partial update.",
|
||||
Method: http.MethodPut,
|
||||
Path: "/filters/{filter}",
|
||||
Tags: tags,
|
||||
}, savedFiltersUpdate)
|
||||
|
||||
Register(api, huma.Operation{
|
||||
OperationID: "filters-delete",
|
||||
Summary: "Delete a saved filter",
|
||||
Description: "Deletes a saved filter. Only the owner may delete it.",
|
||||
Method: http.MethodDelete,
|
||||
Path: "/filters/{filter}",
|
||||
Tags: tags,
|
||||
}, savedFiltersDelete)
|
||||
}
|
||||
|
||||
func init() { AddRouteRegistrar(RegisterSavedFilterRoutes) }
|
||||
|
||||
type savedFilterReadBody struct {
|
||||
models.SavedFilter
|
||||
MaxPermission models.Permission `json:"max_permission" readOnly:"true" doc:"The maximum permission the requesting user has on this saved filter (0=read, 1=read/write, 2=admin). Filters are owner-only, so this is always 2 for a successful read."`
|
||||
}
|
||||
|
||||
func savedFiltersRead(ctx context.Context, in *struct {
|
||||
ID int64 `path:"filter"`
|
||||
conditional.Params
|
||||
}) (*singleReadBody[savedFilterReadBody], error) {
|
||||
a, err := authFromCtx(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
filter := &models.SavedFilter{ID: in.ID}
|
||||
maxPermission, err := handler.DoReadOne(ctx, filter, a)
|
||||
if err != nil {
|
||||
return nil, translateDomainError(err)
|
||||
}
|
||||
body := &savedFilterReadBody{SavedFilter: *filter, MaxPermission: models.Permission(maxPermission)}
|
||||
return conditionalReadResponse(&in.Params, body, filter.Updated, maxPermission)
|
||||
}
|
||||
|
||||
func savedFiltersCreate(ctx context.Context, in *struct {
|
||||
Body models.SavedFilter
|
||||
}) (*singleBody[models.SavedFilter], error) {
|
||||
a, err := authFromCtx(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := handler.DoCreate(ctx, &in.Body, a); err != nil {
|
||||
return nil, translateDomainError(err)
|
||||
}
|
||||
return &singleBody[models.SavedFilter]{Body: &in.Body}, nil
|
||||
}
|
||||
|
||||
// Body matches the read shape so AutoPatch's GET→PUT echo of max_permission validates.
|
||||
func savedFiltersUpdate(ctx context.Context, in *struct {
|
||||
ID int64 `path:"filter"`
|
||||
Body savedFilterReadBody
|
||||
}) (*singleBody[models.SavedFilter], error) {
|
||||
a, err := authFromCtx(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
filter := &in.Body.SavedFilter
|
||||
filter.ID = in.ID // URL wins over body
|
||||
if err := handler.DoUpdate(ctx, filter, a); err != nil {
|
||||
return nil, translateDomainError(err)
|
||||
}
|
||||
return &singleBody[models.SavedFilter]{Body: filter}, nil
|
||||
}
|
||||
|
||||
func savedFiltersDelete(ctx context.Context, in *struct {
|
||||
ID int64 `path:"filter"`
|
||||
}) (*emptyBody, error) {
|
||||
a, err := authFromCtx(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := handler.DoDelete(ctx, &models.SavedFilter{ID: in.ID}, a); err != nil {
|
||||
return nil, translateDomainError(err)
|
||||
}
|
||||
return &emptyBody{}, nil
|
||||
}
|
||||
|
|
@ -0,0 +1,185 @@
|
|||
// Vikunja is a to-do list application to facilitate your life.
|
||||
// Copyright 2018-present Vikunja and contributors. All rights reserved.
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU Affero General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU Affero General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU Affero General Public License
|
||||
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
|
||||
package webtests
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// TestHumaSavedFilter ports the owner-only matrix from saved_filters_test.go
|
||||
// onto the HTTP surface; v1 has no /filters webtest, so this is the only one.
|
||||
// Fixture: filter #1 is owned by user1 (saved_filters.yml).
|
||||
func TestHumaSavedFilter(t *testing.T) {
|
||||
testHandler := webHandlerTestV2{
|
||||
user: &testuser1,
|
||||
basePath: "/api/v2/filters",
|
||||
idParam: "filter",
|
||||
t: t,
|
||||
}
|
||||
require.NoError(t, testHandler.ensureEnv())
|
||||
// Share the one Echo (and its single fixture load) as user2; v2 doesn't
|
||||
// reload fixtures per request, so Update/Delete of #1 are ordered last.
|
||||
otherUserHandler := webHandlerTestV2{
|
||||
user: &testuser2,
|
||||
basePath: "/api/v2/filters",
|
||||
idParam: "filter",
|
||||
t: t,
|
||||
e: testHandler.e,
|
||||
}
|
||||
|
||||
t.Run("ReadOne", func(t *testing.T) {
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
rec, err := testHandler.testReadOneWithUser(nil, map[string]string{"filter": "1"})
|
||||
require.NoError(t, err)
|
||||
assert.Contains(t, rec.Body.String(), `"title":"testfilter1"`)
|
||||
// Owner-only resource → admin permission for a successful read.
|
||||
assert.Contains(t, rec.Body.String(), `"max_permission":2`)
|
||||
assert.NotEmpty(t, rec.Result().Header.Get("ETag"))
|
||||
})
|
||||
t.Run("Nonexisting", func(t *testing.T) {
|
||||
// canDoFilter loads the filter, so a missing id surfaces 404.
|
||||
_, err := testHandler.testReadOneWithUser(nil, map[string]string{"filter": "9999"})
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusNotFound, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Forbidden - not owner", func(t *testing.T) {
|
||||
// #1 is user1's; saved filters are owner-only, so user2 is refused.
|
||||
_, err := otherUserHandler.testReadOneWithUser(nil, map[string]string{"filter": "1"})
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusForbidden, getHTTPErrorCode(err))
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Create", func(t *testing.T) {
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
rec, err := testHandler.testCreateWithUser(nil, nil,
|
||||
`{"title":"Lorem","description":"Ipsum","filters":{"filter":"done = true"}}`)
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, http.StatusCreated, rec.Code)
|
||||
assert.Contains(t, rec.Body.String(), `"title":"Lorem"`)
|
||||
assert.Contains(t, rec.Body.String(), `"description":"Ipsum"`)
|
||||
})
|
||||
t.Run("Empty title", func(t *testing.T) {
|
||||
// 422 (not Huma's schema 400): central govalidator on `valid:"required"`.
|
||||
_, err := testHandler.testCreateWithUser(nil, nil,
|
||||
`{"title":"","filters":{"filter":"done = true"}}`)
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusUnprocessableEntity, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Invalid filter string", func(t *testing.T) {
|
||||
// 400 from the model's filter parser, not the 422 validation path.
|
||||
_, err := testHandler.testCreateWithUser(nil, nil,
|
||||
`{"title":"BadFilter","filters":{"filter":"foo = bar"}}`)
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusBadRequest, getHTTPErrorCode(err))
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("Update", func(t *testing.T) {
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
rec, err := testHandler.testUpdateWithUser(nil, map[string]string{"filter": "1"},
|
||||
`{"title":"NewTitle","filters":{"filter":"done = true"}}`)
|
||||
require.NoError(t, err)
|
||||
assert.Contains(t, rec.Body.String(), `"title":"NewTitle"`)
|
||||
})
|
||||
t.Run("Nonexisting", func(t *testing.T) {
|
||||
_, err := testHandler.testUpdateWithUser(nil, map[string]string{"filter": "9999"},
|
||||
`{"title":"NewTitle","filters":{"filter":"done = true"}}`)
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusNotFound, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Empty title", func(t *testing.T) {
|
||||
_, err := testHandler.testUpdateWithUser(nil, map[string]string{"filter": "1"},
|
||||
`{"title":"","filters":{"filter":"done = true"}}`)
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusUnprocessableEntity, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Forbidden - not owner", func(t *testing.T) {
|
||||
_, err := otherUserHandler.testUpdateWithUser(nil, map[string]string{"filter": "1"},
|
||||
`{"title":"NewTitle","filters":{"filter":"done = true"}}`)
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusForbidden, getHTTPErrorCode(err))
|
||||
})
|
||||
})
|
||||
|
||||
// Normal is last: it removes #1, which the negatives above still need.
|
||||
t.Run("Delete", func(t *testing.T) {
|
||||
t.Run("Nonexisting", func(t *testing.T) {
|
||||
_, err := testHandler.testDeleteWithUser(nil, map[string]string{"filter": "9999"})
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusNotFound, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Forbidden - not owner", func(t *testing.T) {
|
||||
_, err := otherUserHandler.testDeleteWithUser(nil, map[string]string{"filter": "1"})
|
||||
require.Error(t, err)
|
||||
assert.Equal(t, http.StatusForbidden, getHTTPErrorCode(err))
|
||||
})
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
rec, err := testHandler.testDeleteWithUser(nil, map[string]string{"filter": "1"})
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, http.StatusNoContent, rec.Code)
|
||||
assert.Empty(t, rec.Body.String())
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
// v2-only behaviour, no v1 counterpart: ETag/304 and AutoPatch.
|
||||
|
||||
func TestHumaSavedFilter_ETagReturns304(t *testing.T) {
|
||||
e, err := setupTestEnv()
|
||||
require.NoError(t, err)
|
||||
token := humaTokenFor(t, &testuser1)
|
||||
|
||||
rec := humaRequest(t, e, http.MethodGet, "/api/v2/filters/1", "", token, "")
|
||||
require.Equal(t, http.StatusOK, rec.Code, "body: %s", rec.Body.String())
|
||||
etag := rec.Header().Get("ETag")
|
||||
require.NotEmpty(t, etag, "GET must return an ETag header")
|
||||
|
||||
req := httptest.NewRequest(http.MethodGet, "/api/v2/filters/1", strings.NewReader(""))
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
req.Header.Set("Authorization", "Bearer "+token)
|
||||
req.Header.Set("If-None-Match", etag)
|
||||
rec = httptest.NewRecorder()
|
||||
e.ServeHTTP(rec, req)
|
||||
require.Equal(t, http.StatusNotModified, rec.Code, "body: %s", rec.Body.String())
|
||||
}
|
||||
|
||||
func TestHumaSavedFilter_PATCHMergePatch(t *testing.T) {
|
||||
e, err := setupTestEnv()
|
||||
require.NoError(t, err)
|
||||
token := humaTokenFor(t, &testuser1)
|
||||
|
||||
// PATCH only the title; AutoPatch must leave the description alone.
|
||||
rec := humaRequest(t, e, http.MethodPatch, "/api/v2/filters/1",
|
||||
`{"title":"patched"}`, token, "application/merge-patch+json")
|
||||
require.Equal(t, http.StatusOK, rec.Code, "body: %s", rec.Body.String())
|
||||
|
||||
rec = humaRequest(t, e, http.MethodGet, "/api/v2/filters/1", "", token, "")
|
||||
require.Equal(t, http.StatusOK, rec.Code, "body: %s", rec.Body.String())
|
||||
var after struct {
|
||||
Title string `json:"title"`
|
||||
}
|
||||
require.NoError(t, json.Unmarshal(rec.Body.Bytes(), &after))
|
||||
assert.Equal(t, "patched", after.Title)
|
||||
}
|
||||
Loading…
Reference in New Issue