ZDDC
9ca36f25d8
Tables is the eighth HTML tool: a read-only tabular view over a
directory of YAML files declared via `tables:` in `.zddc`. Anchor use
case is the Master Deliverables List, where each row is one
`<tracking>.yaml` under `Archive/<Party>/MDL/`. Rows click through to
the existing form renderer for editing.
Schema (zddc/internal/zddc/file.go)
- New `Tables map[string]string` on ZddcFile. Map key becomes the URL
stem (`tables[MDL]` → `<dir>/MDL.table.html`); the value is a path
relative to the .zddc pointing at a `*.table.yaml` spec describing
columns + the rows directory. No upward cascade in v1 — each
directory hosting a table declares it directly.
Server handler (zddc/internal/handler/tablehandler.go)
- `RecognizeTableRequest` matches GET `/<dir>/<name>.table.html`
against the cascade's `tables:` declarations. Dispatch routes
table requests before the form-system intercept.
- `ServeTable` ACL-gates with `policy.ActionRead` and serves the
embedded `tables.html` template; client walks the directory itself
via the listing JSON or FS Access API.
- tables.html embedded via //go:embed — same pattern as form.html.
Frontend (tables/)
- Vanilla JS: app/context/util/filters/sort/render/main modules.
- Reads spec + row YAML files via window.zddc.source (HTTP polyfill
or local FS handle); js-yaml 4.1.0 vendored in shared/vendor for
client-side parsing.
- Sample fixtures under tables/sample/ for local testing.
Build + CI
- Lockstep build registers tables alongside the other 7 tools (HTML
output, embed mirror, versions.txt, release-output, tags).
- Playwright project added; `npx playwright test --project=tables`
is part of `npm test`.
Drive-by: rename mdedit Playwright selectors `#select-directory` →
`#addDirectoryBtn` to fix three pre-existing failing tests.
Drive-by: ignore locally-built `zddc/zddc-server` binary so it doesn't
get accidentally staged.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
229 lines
7 KiB
Go
229 lines
7 KiB
Go
package handler
|
|
|
|
import (
|
|
"bytes"
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"os"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
|
|
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
|
|
"codeberg.org/VARASYS/ZDDC/zddc/internal/zddc"
|
|
)
|
|
|
|
const sampleTableSpec = `title: Master Deliverables List
|
|
description: Sample MDL.
|
|
rowSchema: ./MDL.form.yaml
|
|
rows: ./MDL
|
|
columns:
|
|
- field: id
|
|
title: ID
|
|
width: 6em
|
|
- field: title
|
|
title: Deliverable
|
|
- field: status
|
|
title: Status
|
|
enum: [pending, submitted, accepted]
|
|
defaults:
|
|
sort:
|
|
- { field: id, dir: asc }
|
|
`
|
|
|
|
const sampleRowFormSpec = `title: Deliverable
|
|
schema:
|
|
type: object
|
|
required: [id, title]
|
|
additionalProperties: false
|
|
properties:
|
|
id:
|
|
type: string
|
|
title:
|
|
type: string
|
|
status:
|
|
type: string
|
|
enum: [pending, submitted, accepted]
|
|
`
|
|
|
|
// tableTestSetup writes a directory tree under a temp root with:
|
|
//
|
|
// <root>/Working/.zddc → declares tables: { MDL: ./MDL.table.yaml }
|
|
// <root>/Working/MDL.table.yaml → spec
|
|
// <root>/Working/MDL.form.yaml → row schema
|
|
// <root>/Working/MDL/<file>.yaml → row data (one per entry in rows)
|
|
//
|
|
// Optional extra .zddc files at relative paths can be supplied via zddcFiles.
|
|
// Returns (config, do) where do dispatches a request through ServeTable via
|
|
// the same recognize → serve path the production catch-all uses.
|
|
//
|
|
// Note: under the client-side rendering architecture the handler does not
|
|
// parse the spec or list row files — the rows/spec on disk are written
|
|
// only because the ACL cascade may evaluate paths under them.
|
|
func tableTestSetup(t *testing.T, rows map[string]string, zddcFiles map[string]string) (config.Config, func(method, target, email string) *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
root := t.TempDir()
|
|
|
|
working := filepath.Join(root, "Working")
|
|
if err := os.MkdirAll(filepath.Join(working, "MDL"), 0o755); err != nil {
|
|
t.Fatalf("mkdir: %v", err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.table.yaml"), []byte(sampleTableSpec), 0o644); err != nil {
|
|
t.Fatalf("write spec: %v", err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.form.yaml"), []byte(sampleRowFormSpec), 0o644); err != nil {
|
|
t.Fatalf("write form spec: %v", err)
|
|
}
|
|
for name, body := range rows {
|
|
if err := os.WriteFile(filepath.Join(working, "MDL", name), []byte(body), 0o644); err != nil {
|
|
t.Fatalf("write row %s: %v", name, err)
|
|
}
|
|
}
|
|
if _, ok := zddcFiles["Working"]; !ok {
|
|
if zddcFiles == nil {
|
|
zddcFiles = make(map[string]string)
|
|
}
|
|
zddcFiles["Working"] = `acl:
|
|
permissions:
|
|
"*@example.com": rwcd
|
|
tables:
|
|
MDL: ./MDL.table.yaml
|
|
`
|
|
}
|
|
for rel, body := range zddcFiles {
|
|
dir := filepath.Join(root, rel)
|
|
if err := os.MkdirAll(dir, 0o755); err != nil {
|
|
t.Fatalf("mkdir %s: %v", dir, err)
|
|
}
|
|
zddc.InvalidateCache(dir)
|
|
if body == "" {
|
|
continue
|
|
}
|
|
if err := os.WriteFile(filepath.Join(dir, ".zddc"), []byte(body), 0o644); err != nil {
|
|
t.Fatalf("write .zddc: %v", err)
|
|
}
|
|
}
|
|
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
|
|
|
|
do := func(method, target, email string) *httptest.ResponseRecorder {
|
|
req := httptest.NewRequest(method, target, bytes.NewReader(nil))
|
|
ctx := context.WithValue(req.Context(), EmailKey, email)
|
|
req = req.WithContext(ctx)
|
|
rec := httptest.NewRecorder()
|
|
|
|
tableReq := RecognizeTableRequest(cfg.Root, method, target)
|
|
if tableReq == nil {
|
|
rec.WriteHeader(http.StatusNotFound)
|
|
return rec
|
|
}
|
|
ServeTable(cfg, tableReq, rec, req)
|
|
return rec
|
|
}
|
|
return cfg, do
|
|
}
|
|
|
|
func TestRecognizeTableRequest(t *testing.T) {
|
|
root := t.TempDir()
|
|
working := filepath.Join(root, "Working")
|
|
if err := os.MkdirAll(filepath.Join(working, "MDL"), 0o755); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.table.yaml"), []byte(sampleTableSpec), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, "MDL.form.yaml"), []byte(sampleRowFormSpec), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(working, ".zddc"), []byte(`tables:
|
|
MDL: ./MDL.table.yaml
|
|
`), 0o644); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
zddc.InvalidateCache(working)
|
|
|
|
cases := []struct {
|
|
method, url string
|
|
wantNil bool
|
|
wantSpec string
|
|
wantName string
|
|
}{
|
|
{"GET", "/Working/MDL.table.html", false, "Working/MDL.table.yaml", "MDL"},
|
|
// Same URL but POST → tables are read-only at the URL level.
|
|
{"POST", "/Working/MDL.table.html", true, "", ""},
|
|
{"PUT", "/Working/MDL.table.html", true, "", ""},
|
|
{"DELETE", "/Working/MDL.table.html", true, "", ""},
|
|
// Not declared in .zddc → not a table request.
|
|
{"GET", "/Working/Other.table.html", true, "", ""},
|
|
// No .zddc at the dir → not a table request.
|
|
{"GET", "/Other/MDL.table.html", true, "", ""},
|
|
// Random .html → falls through.
|
|
{"GET", "/index.html", true, "", ""},
|
|
// .form.html (form territory) → falls through to form handler.
|
|
{"GET", "/Working/MDL.form.html", true, "", ""},
|
|
// Path traversal attempt.
|
|
{"GET", "/../etc/passwd.table.html", true, "", ""},
|
|
}
|
|
|
|
for _, tc := range cases {
|
|
t.Run(tc.method+" "+tc.url, func(t *testing.T) {
|
|
got := RecognizeTableRequest(root, tc.method, tc.url)
|
|
if tc.wantNil {
|
|
if got != nil {
|
|
t.Errorf("got %+v, want nil", got)
|
|
}
|
|
return
|
|
}
|
|
if got == nil {
|
|
t.Fatalf("got nil, want a TableRequest")
|
|
}
|
|
if got.Name != tc.wantName {
|
|
t.Errorf("Name = %q want %q", got.Name, tc.wantName)
|
|
}
|
|
wantSpec := filepath.Join(root, tc.wantSpec)
|
|
if got.SpecPath != wantSpec {
|
|
t.Errorf("SpecPath = %q want %q", got.SpecPath, wantSpec)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
// TestServeTable_ServesEmbeddedHTML — an ACL-passing GET returns the
|
|
// embedded tables.html bytes verbatim, with the empty inline context
|
|
// placeholder intact (so the client knows to walk the directory).
|
|
func TestServeTable_ServesEmbeddedHTML(t *testing.T) {
|
|
rows := map[string]string{
|
|
"D-001.yaml": "id: D-001\ntitle: One\nstatus: pending\n",
|
|
}
|
|
_, do := tableTestSetup(t, rows, nil)
|
|
rec := do(http.MethodGet, "/Working/MDL.table.html", "casey@example.com")
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
if ct := rec.Result().Header.Get("Content-Type"); !strings.HasPrefix(ct, "text/html") {
|
|
t.Errorf("Content-Type = %q want text/html…", ct)
|
|
}
|
|
body := rec.Body.String()
|
|
if !strings.Contains(body, `<table id="table-root"`) {
|
|
t.Error("body missing #table-root markup; embedded HTML may be stale or empty")
|
|
}
|
|
if !strings.Contains(body, `<script id="table-context" type="application/json">{}</script>`) {
|
|
t.Error("inline context placeholder not preserved verbatim — client expects {} so it knows to walk")
|
|
}
|
|
}
|
|
|
|
func TestServeTable_ACLForbidden(t *testing.T) {
|
|
zddcs := map[string]string{
|
|
"Working": `acl:
|
|
permissions:
|
|
"root@example.com": rwcd
|
|
tables:
|
|
MDL: ./MDL.table.yaml
|
|
`,
|
|
}
|
|
_, do := tableTestSetup(t, map[string]string{"D.yaml": "id: D\n"}, zddcs)
|
|
rec := do(http.MethodGet, "/Working/MDL.table.html", "stranger@example.com")
|
|
if rec.Code != http.StatusForbidden {
|
|
t.Errorf("status = %d want 403; body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
}
|