mirror of
https://github.com/azaion/ui.git
synced 2026-06-21 20:11:13 +00:00
Oleksandr Bezdieniezhnykh
ecacfa8b43
Implements the cycle-3-deferred AZ-512 task under the user-authorized
Option B path (MSW-stubbed; live deploy gates at Step 16 on AZ-513).
Code:
- src/features/admin/AdminPage.tsx — inline edit affordance:
editingId/editForm state, handleStartEdit/Cancel/Update, Enter+Escape
keyboard handling, colspan row swap when editing, pencil (✎) button
per row. Full-body PATCH (Risk 2). Single editingId enforces the
one-row-at-a-time invariant (Risk 3). Disabled buttons during the
in-flight PATCH (Risk 4). Inline role="alert" on validation/server
errors (no alert() per Finding B4 anti-pattern).
- src/i18n/{en,ua}.json — `admin.classes` flat → nested with `title`
+ 6 new keys (edit, save, cancel, nameRequired,
maxSizeMustBePositive, updateFailed). Parity gate FT-P-22 PASS.
Test infrastructure:
- tests/msw/handlers/admin.ts — PATCH /api/admin/classes/:id
partial-merge handler.
- tests/admin_class_edit.test.tsx — 12 tests covering AC-1..AC-6
+ AC-8 (AC-7 satisfied by static FT-P-22 gate).
- tests/destructive_ux.test.tsx — adjacent-hygiene selector fix
at 3 call sites: the new ✎ button moved the first-button
position; targeting × explicitly preserves the existing
it.fails()/control semantics.
Docs:
- _docs/02_document/components/08_admin/description.md — recorded
edit affordance + PATCH wiring + AZ-513 cross-workspace note.
- _docs/03_implementation/batch_16_cycle4_report.md
- _docs/03_implementation/implementation_report_admin_class_edit_cycle4.md
- _docs/02_tasks/todo → done — AZ-512 archived.
Quality gates: 32 files / 243 tests / 13 quarantined skips PASS;
all 35 static checks PASS (FT-P-22/23, STC-ARCH-01/02, STC-SEC*,
banned-deps incl. SEC1B/C/D).
Cross-workspace dependency: admin/ AZ-513 (POST + PATCH + DELETE
/classes routes) NOT yet shipped. Step 11 (Run Tests) passes on
stubs; Step 16 (Deploy) holds until AZ-513 lands live. Leftover
record at _docs/_process_leftovers/2026-05-13_az-512-admin-
classes-prereq.md stays open.
Discovered pre-existing bug (NOT bundled): tests/msw/handlers/
admin.ts returns paginate(seedUsers) for GET /api/admin/users,
but AdminPage consumes as flat User[] → users.map crash. Test
files use the same flat-array workaround
destructive_ux.test.tsx documented. Flagged in batch + impl
reports for separate triage.
Co-authored-by: Cursor <cursoragent@cursor.com>
105 lines
3.8 KiB
TypeScript
105 lines
3.8 KiB
TypeScript
import { http } from 'msw'
|
|
import { jsonResponse, noContent, paginate } from '../helpers'
|
|
import { seedUsers, opAlice, seedPermissions } from '../../fixtures/seed_users'
|
|
import { seedClasses } from '../../fixtures/seed_classes'
|
|
|
|
// Default `/api/admin/*` handlers — auth round-trip, users, classes-write,
|
|
// system settings. Tests override per-scenario via `server.use(...)`.
|
|
|
|
const SEED_BEARER = 'test-bearer-default'
|
|
|
|
export const adminHandlers = [
|
|
http.post('/api/admin/auth/login', async ({ request }) => {
|
|
const body = (await request.json().catch(() => ({}))) as { email?: string; password?: string }
|
|
const user = seedUsers.find((u) => u.email === body.email) ?? opAlice
|
|
return new Response(JSON.stringify({ token: SEED_BEARER, user }), {
|
|
status: 200,
|
|
headers: {
|
|
'Content-Type': 'application/json',
|
|
// AC-03 contract — refresh cookie is HttpOnly + Secure + SameSite=Strict.
|
|
'Set-Cookie': 'refreshToken=test-refresh; HttpOnly; Secure; SameSite=Strict; Path=/api/admin/auth',
|
|
},
|
|
})
|
|
}),
|
|
|
|
http.post('/api/admin/auth/refresh', () => {
|
|
return jsonResponse({ token: SEED_BEARER })
|
|
}),
|
|
|
|
http.post('/api/admin/auth/logout', () => noContent()),
|
|
|
|
// AZ-510 chains GET /users/me after POST refresh during AuthProvider
|
|
// bootstrap. The default user shape includes `permissions` so production
|
|
// code paths (e.g., hasPermission, RBAC route gates) get a realistic
|
|
// payload without each test having to override.
|
|
http.get('/api/admin/users/me', () =>
|
|
jsonResponse({ ...opAlice, permissions: seedPermissions[opAlice.id] ?? [] }),
|
|
),
|
|
|
|
http.get('/api/admin/users', () => jsonResponse(paginate(seedUsers))),
|
|
|
|
http.get('/api/admin/users/:id', ({ params }) => {
|
|
const user = seedUsers.find((u) => u.id === params.id)
|
|
if (!user) return new Response(null, { status: 404 })
|
|
return jsonResponse(user)
|
|
}),
|
|
|
|
http.get('/api/admin/classes', () => jsonResponse(seedClasses)),
|
|
|
|
http.post('/api/admin/classes', async ({ request }) => {
|
|
const body = await request.json()
|
|
return jsonResponse(body, { status: 201 })
|
|
}),
|
|
|
|
http.put('/api/admin/classes/:id', async ({ request }) => {
|
|
const body = await request.json()
|
|
return jsonResponse(body)
|
|
}),
|
|
|
|
// AZ-512 — PATCH partial-merge over the seeded class. Default-handler
|
|
// returns the merged shape so the UI's PATCH-then-refetch sequence sees the
|
|
// updated row. Tests that need 404/5xx semantics override per-scenario.
|
|
http.patch('/api/admin/classes/:id', async ({ params, request }) => {
|
|
const idParam = String(params.id)
|
|
const id = Number(idParam)
|
|
const body = (await request.json().catch(() => ({}))) as Partial<{
|
|
name: string
|
|
shortName: string
|
|
color: string
|
|
maxSizeM: number
|
|
photoMode: number
|
|
}>
|
|
const existing =
|
|
seedClasses.find((c) => String(c.id) === idParam) ??
|
|
({ id: Number.isFinite(id) ? id : 0, name: '', shortName: '', color: '#FF0000', maxSizeM: 5, photoMode: 0 } as const)
|
|
return jsonResponse({ ...existing, ...body, id: existing.id })
|
|
}),
|
|
|
|
http.delete('/api/admin/classes/:id', () => noContent()),
|
|
|
|
http.get('/api/admin/settings', () =>
|
|
jsonResponse({
|
|
id: 'sys-settings-1',
|
|
name: 'Test System',
|
|
militaryUnit: null,
|
|
defaultCameraWidth: 1920,
|
|
defaultCameraFoV: 60,
|
|
thumbnailWidth: 256,
|
|
thumbnailHeight: 256,
|
|
thumbnailBorder: 2,
|
|
generateAnnotatedImage: true,
|
|
silentDetection: false,
|
|
}),
|
|
),
|
|
|
|
http.put('/api/admin/settings', async ({ request }) => {
|
|
const body = await request.json()
|
|
return jsonResponse(body)
|
|
}),
|
|
|
|
// Test-only suite endpoint — gated behind a non-production build flag in the
|
|
// real `admin/` service. The fast-profile MSW just returns 204 so isolation
|
|
// helpers can call it uniformly with the e2e profile.
|
|
http.post('/api/admin/test-only/reset', () => noContent()),
|
|
]
|