VARASYS/ZDDC
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ZDDC/zddc/internal/handler/tablehandler_test.go
ZDDC 8b690b782f feat(tables): configurable column option source — dropdown from a live registry 
A table column can declare `options_source: <peer>` and the server fills its
`enum` from the live entries under <project>/<peer>/ — so the row editor renders
a dropdown of the current registry instead of free text. Generic + configurable
in the spec; no hardcoding.

- Server (tablehandler.go): resolveDynamicEnums + registryEntries resolve the
  peer directory (its *.yaml basenames + subfolders, sorted, dot/spec entries
  skipped) into the column enum at ServeTable time, before the context inject.
- Default risk register: add a `package` column with `options_source: ssr`
  (dropdown of the project's SSR packages) + the matching form property. The
  spec comment documents the key so operators can source other registries.
- Test covering the resolver (entries, skips, untouched columns).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-08 15:36:42 -05:00

495 lines
16 KiB
Go
Raw Blame History

package handler
import (
"bytes"
"context"
"net/http"
"net/http/httptest"
"os"
"path/filepath"
"strings"
"testing"
"gopkg.in/yaml.v3"
"codeberg.org/VARASYS/ZDDC/zddc/internal/config"
"codeberg.org/VARASYS/ZDDC/zddc/internal/zddc"
)
const sampleTableSpec = `title: Master Deliverables List
description: Sample MDL.
columns:
- field: id
title: ID
width: 6em
- field: title
title: Deliverable
- field: status
title: Status
enum: [pending, submitted, accepted]
defaults:
sort:
- { field: id, dir: asc }
`
const sampleRowFormSpec = `title: Deliverable
schema:
type: object
required: [id, title]
additionalProperties: false
properties:
id:
type: string
title:
type: string
status:
type: string
enum: [pending, submitted, accepted]
`
// tableTestSetup writes a directory tree under a temp root with the
// in-dir layout:
//
// <root>/Working/MDL/table.yaml → spec
// <root>/Working/MDL/form.yaml → row schema
// <root>/Working/MDL/<file>.yaml → row data (one per entry in rows)
//
// Optional extra .zddc files at relative paths can be supplied via zddcFiles.
// Returns (config, do) where do dispatches a request through ServeTable via
// the same recognize → serve path the production catch-all uses.
//
// Note: under the client-side rendering architecture the handler does not
// parse the spec or list row files — the rows/spec on disk are written
// only because the ACL cascade may evaluate paths under them.
func tableTestSetup(t *testing.T, rows map[string]string, zddcFiles map[string]string) (config.Config, func(method, target, email string) *httptest.ResponseRecorder) {
t.Helper()
root := t.TempDir()
mdlDir := filepath.Join(root, "Working", "MDL")
if err := os.MkdirAll(mdlDir, 0o755); err != nil {
t.Fatalf("mkdir: %v", err)
}
if err := os.WriteFile(filepath.Join(mdlDir, "table.yaml"), []byte(sampleTableSpec), 0o644); err != nil {
t.Fatalf("write spec: %v", err)
}
if err := os.WriteFile(filepath.Join(mdlDir, "form.yaml"), []byte(sampleRowFormSpec), 0o644); err != nil {
t.Fatalf("write form spec: %v", err)
}
for name, body := range rows {
if err := os.WriteFile(filepath.Join(mdlDir, name), []byte(body), 0o644); err != nil {
t.Fatalf("write row %s: %v", name, err)
}
}
if _, ok := zddcFiles["Working"]; !ok {
if zddcFiles == nil {
zddcFiles = make(map[string]string)
}
zddcFiles["Working"] = `acl:
permissions:
"*@example.com": rwcd
`
}
for rel, body := range zddcFiles {
dir := filepath.Join(root, rel)
if err := os.MkdirAll(dir, 0o755); err != nil {
t.Fatalf("mkdir %s: %v", dir, err)
}
zddc.InvalidateCache(dir)
if body == "" {
continue
}
if err := os.WriteFile(filepath.Join(dir, ".zddc"), []byte(body), 0o644); err != nil {
t.Fatalf("write .zddc: %v", err)
}
}
cfg := config.Config{Root: root, EmailHeader: "X-Auth-Request-Email"}
do := func(method, target, email string) *httptest.ResponseRecorder {
req := httptest.NewRequest(method, target, bytes.NewReader(nil))
ctx := context.WithValue(req.Context(), EmailKey, email)
ctx = context.WithValue(ctx, ElevatedKey, true)
req = req.WithContext(ctx)
rec := httptest.NewRecorder()
tableReq := RecognizeTableRequest(cfg.Root, method, target)
if tableReq == nil {
rec.WriteHeader(http.StatusNotFound)
return rec
}
ServeTable(cfg, tableReq, rec, req)
return rec
}
return cfg, do
}
func TestRecognizeTableRequest(t *testing.T) {
root := t.TempDir()
mdlDir := filepath.Join(root, "Working", "MDL")
if err := os.MkdirAll(mdlDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(mdlDir, "table.yaml"), []byte(sampleTableSpec), 0o644); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(mdlDir, "form.yaml"), []byte(sampleRowFormSpec), 0o644); err != nil {
t.Fatal(err)
}
zddc.InvalidateCache(mdlDir)
cases := []struct {
method, url string
wantNil bool
wantSpec string
wantName string
}{
{"GET", "/Working/MDL/table.html", false, "Working/MDL/table.yaml", "MDL"},
// Same URL but POST → tables are read-only at the URL level.
{"POST", "/Working/MDL/table.html", true, "", ""},
{"PUT", "/Working/MDL/table.html", true, "", ""},
{"DELETE", "/Working/MDL/table.html", true, "", ""},
// No table.yaml in this dir → not a table request.
{"GET", "/Working/Other/table.html", true, "", ""},
// /<project>/mdl/ now resolves as the project-level virtual MDL
// rollup (independent of any on-disk file). Recognized as the
// virtual table named "mdl"; the spec bytes are served from
// embedded defaults via IsDefaultSpec on the client fetch.
{"GET", "/Other/mdl/table.html", false, "Other/mdl/table.yaml", "mdl"},
// Random .html → falls through.
{"GET", "/index.html", true, "", ""},
// /form.html in the same dir is form territory, not a table.
{"GET", "/Working/MDL/form.html", true, "", ""},
// Path traversal attempt.
{"GET", "/../etc/passwd/table.html", true, "", ""},
}
for _, tc := range cases {
t.Run(tc.method+" "+tc.url, func(t *testing.T) {
got := RecognizeTableRequest(root, tc.method, tc.url)
if tc.wantNil {
if got != nil {
t.Errorf("got %+v, want nil", got)
}
return
}
if got == nil {
t.Fatalf("got nil, want a TableRequest")
}
if got.Name != tc.wantName {
t.Errorf("Name = %q want %q", got.Name, tc.wantName)
}
wantSpec := filepath.Join(root, tc.wantSpec)
if got.SpecPath != wantSpec {
t.Errorf("SpecPath = %q want %q", got.SpecPath, wantSpec)
}
})
}
}
// TestServeTable_ServesEmbeddedHTML — an ACL-passing GET returns the
// embedded tables.html with the resolved table spec server-injected into
// #table-context (the embedded default for this virtual MDL dir), so the
// client renders without a separate spec fetch.
func TestServeTable_ServesEmbeddedHTML(t *testing.T) {
rows := map[string]string{
"D-001.yaml": "id: D-001\ntitle: One\nstatus: pending\n",
}
_, do := tableTestSetup(t, rows, nil)
rec := do(http.MethodGet, "/Working/MDL/table.html", "casey@example.com")
if rec.Code != http.StatusOK {
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
}
if ct := rec.Result().Header.Get("Content-Type"); !strings.HasPrefix(ct, "text/html") {
t.Errorf("Content-Type = %q want text/html…", ct)
}
body := rec.Body.String()
if !strings.Contains(body, `<table id="table-root"`) {
t.Error("body missing #table-root markup; embedded HTML may be stale or empty")
}
// #table-context is no longer the empty placeholder — the resolved spec
// is injected (the client uses it instead of fetching table.yaml).
if strings.Contains(body, `<script id="table-context" type="application/json">{}</script>`) {
t.Error("#table-context still empty; expected the resolved spec to be injected")
}
if !strings.Contains(body, `id="table-context"`) || !strings.Contains(body, `"spec"`) {
t.Error("expected the resolved table spec injected into #table-context")
}
}
func TestServeTable_ACLForbidden(t *testing.T) {
zddcs := map[string]string{
"Working": `acl:
permissions:
"root@example.com": rwcd
tables:
MDL: ./MDL.table.yaml
`,
}
_, do := tableTestSetup(t, map[string]string{"D.yaml": "id: D\n"}, zddcs)
rec := do(http.MethodGet, "/Working/MDL/table.html", "stranger@example.com")
if rec.Code != http.StatusForbidden {
t.Errorf("status = %d want 403; body = %s", rec.Code, rec.Body.String())
}
}
// --- default MDL spec fallback ---------------------------------------------
// archivePartyTestSetup builds a minimal Project/archive/<party>/ tree
// with no operator-supplied tables: declaration. RecognizeTableRequest
// should still fire for "mdl" thanks to the default-spec fallback.
func archivePartyTestSetup(t *testing.T, partyZddcExtras string) (string, func(method, target, email string) *httptest.ResponseRecorder) {
t.Helper()
root := t.TempDir()
if err := os.WriteFile(filepath.Join(root, ".zddc"),
[]byte("acl:\n permissions:\n \"*@example.com\": rwcda\n"), 0o644); err != nil {
t.Fatal(err)
}
partyDir := filepath.Join(root, "Project", "archive", "Acme")
if err := os.MkdirAll(partyDir, 0o755); err != nil {
t.Fatal(err)
}
if partyZddcExtras != "" {
if err := os.WriteFile(filepath.Join(partyDir, ".zddc"), []byte(partyZddcExtras), 0o644); err != nil {
t.Fatal(err)
}
}
zddc.InvalidateCache(root)
cfg := config.Config{
Root: root,
EmailHeader: "X-Auth-Request-Email",
}
do := func(method, target, email string) *httptest.ResponseRecorder {
req := httptest.NewRequest(method, target, bytes.NewReader(nil))
ctx := context.WithValue(req.Context(), EmailKey, email)
ctx = context.WithValue(ctx, ElevatedKey, true)
req = req.WithContext(ctx)
tr := RecognizeTableRequest(cfg.Root, method, target)
rec := httptest.NewRecorder()
if tr == nil {
rec.WriteHeader(http.StatusNotFound)
return rec
}
ServeTable(cfg, tr, rec, req)
return rec
}
return root, do
}
func TestRecognizeTableRequest_DefaultMdlAtArchiveParty(t *testing.T) {
_, do := archivePartyTestSetup(t, "")
rec := do(http.MethodGet, "/Project/mdl/Acme/table.html", "alice@example.com")
if rec.Code != http.StatusOK {
t.Fatalf("default mdl recognition: want 200, got %d: %s", rec.Code, rec.Body.String())
}
body := rec.Body.String()
if !strings.Contains(body, "<html") {
t.Errorf("expected tables.html bytes, got %q…", body[:min(80, len(body))])
}
}
func TestRecognizeTableRequest_DefaultOnlyAtPartyLevel(t *testing.T) {
// Default fallback is scoped to <project>/archive/<party>/. A
// request at a deeper path (e.g. archive/Acme/mdl/sub/) or a
// non-archive path should return nil (no recognition).
_, do := archivePartyTestSetup(t, "")
rec := do(http.MethodGet, "/Project/archive/Acme/incoming/mdl/table.html", "alice@example.com")
if rec.Code != http.StatusNotFound {
t.Errorf("mdl deeper than party level should not recognise; got %d", rec.Code)
}
rec = do(http.MethodGet, "/Project/working/mdl/table.html", "alice@example.com")
if rec.Code != http.StatusNotFound {
t.Errorf("mdl outside archive/ should not recognise; got %d", rec.Code)
}
}
func TestIsDefaultSpec_MDL_ServesEmbeddedYAML(t *testing.T) {
root := t.TempDir()
// archive/Acme/ exists but no mdl/table.yaml on disk.
if err := os.MkdirAll(filepath.Join(root, "Project", "archive", "Acme"), 0o755); err != nil {
t.Fatal(err)
}
bts, ok := IsDefaultSpec(root, "/Project/mdl/Acme/table.yaml")
if !ok {
t.Fatalf("expected fallback to fire")
}
if !strings.Contains(string(bts), "Master Deliverables List") {
t.Errorf("default table spec missing expected header; got %q…", string(bts)[:min(80, len(bts))])
}
bts, ok = IsDefaultSpec(root, "/Project/mdl/Acme/form.yaml")
if !ok {
t.Fatalf("expected form fallback to fire")
}
if !strings.Contains(string(bts), "Deliverable") {
t.Errorf("default form spec missing expected title")
}
}
func TestIsDefaultSpec_MDL_OperatorFileWins(t *testing.T) {
root := t.TempDir()
mdlDir := filepath.Join(root, "Project", "mdl", "Acme")
if err := os.MkdirAll(mdlDir, 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(mdlDir, "table.yaml"), []byte("custom: yes\n"), 0o644); err != nil {
t.Fatal(err)
}
if _, ok := IsDefaultSpec(root, "/Project/mdl/Acme/table.yaml"); ok {
t.Errorf("operator file should win over embedded fallback")
}
}
func TestIsDefaultSpec_MDL_OnlyAtArchivePartyLevel(t *testing.T) {
root := t.TempDir()
cases := []string{
"/Project/working/mdl/table.yaml",
"/Project/archive/mdl/table.yaml", // depth 3 — no party segment
"/Project/archive/Acme/sub/mdl/table.yaml",
}
for _, p := range cases {
if _, ok := IsDefaultSpec(root, p); ok {
t.Errorf("path %q should NOT trigger default fallback", p)
}
}
}
// --- RSK + SSR + project-rollup default-spec recognition --------------------
func TestRecognizeTableRequest_DefaultRskAtArchiveParty(t *testing.T) {
_, do := archivePartyTestSetup(t, "")
rec := do(http.MethodGet, "/Project/rsk/Acme/table.html", "alice@example.com")
if rec.Code != http.StatusOK {
t.Fatalf("default rsk recognition: want 200, got %d: %s", rec.Code, rec.Body.String())
}
}
func TestRecognizeTableRequest_ProjectVirtualTables(t *testing.T) {
_, do := archivePartyTestSetup(t, "")
for _, slot := range []string{"ssr", "mdl", "rsk"} {
rec := do(http.MethodGet, "/Project/"+slot+"/table.html", "alice@example.com")
if rec.Code != http.StatusOK {
t.Errorf("project-level virtual table %q: want 200, got %d", slot, rec.Code)
}
}
}
func TestIsDefaultSpec_RSK_ServesEmbeddedYAML(t *testing.T) {
root := t.TempDir()
if err := os.MkdirAll(filepath.Join(root, "Project", "archive", "Acme"), 0o755); err != nil {
t.Fatal(err)
}
bts, ok := IsDefaultSpec(root, "/Project/rsk/Acme/table.yaml")
if !ok {
t.Fatalf("expected RSK table fallback to fire")
}
if !strings.Contains(string(bts), "Risk Register") {
t.Errorf("default RSK table spec missing expected header; got %q…", string(bts)[:min(80, len(bts))])
}
bts, ok = IsDefaultSpec(root, "/Project/rsk/Acme/form.yaml")
if !ok {
t.Fatalf("expected RSK form fallback to fire")
}
if !strings.Contains(string(bts), "Risk") {
t.Error("default RSK form spec missing expected title")
}
}
func TestIsDefaultSpec_SSR_PerParty(t *testing.T) {
root := t.TempDir()
// ssr/ is the flat registry; its form spec is /Project/ssr/form.yaml.
bts, ok := IsDefaultSpec(root, "/Project/ssr/form.yaml")
if !ok {
t.Fatalf("expected SSR schema fallback to fire")
}
if !strings.Contains(string(bts), "Supplier") {
t.Errorf("SSR schema missing expected header")
}
}
func TestIsDefaultSpec_ProjectLevel(t *testing.T) {
root := t.TempDir()
cases := []struct {
url string
contains string
}{
{"/Project/ssr/table.yaml", "Supplier"},
{"/Project/ssr/form.yaml", "Supplier"},
{"/Project/mdl/table.yaml", "Project Deliverables"},
{"/Project/mdl/form.yaml", "Deliverable"},
{"/Project/rsk/table.yaml", "Project Risk Register"},
{"/Project/rsk/form.yaml", "Risk"},
}
for _, tc := range cases {
bts, ok := IsDefaultSpec(root, tc.url)
if !ok {
t.Errorf("%s: expected fallback to fire", tc.url)
continue
}
if !strings.Contains(string(bts), tc.contains) {
t.Errorf("%s: body missing %q; got %q…", tc.url, tc.contains, string(bts)[:min(120, len(bts))])
}
}
}
func TestIsDefaultSpec_ProjectLevel_OperatorOverrides(t *testing.T) {
root := t.TempDir()
if err := os.MkdirAll(filepath.Join(root, "Project", "ssr"), 0o755); err != nil {
t.Fatal(err)
}
if err := os.WriteFile(filepath.Join(root, "Project", "ssr", "table.yaml"), []byte("custom: yes\n"), 0o644); err != nil {
t.Fatal(err)
}
if _, ok := IsDefaultSpec(root, "/Project/ssr/table.yaml"); ok {
t.Errorf("operator file should win at /Project/ssr/table.yaml")
}
}
// TestResolveDynamicEnums verifies that a column declaring
// `options_source: <peer>` is filled with the live registry entries from
// <project>/<peer>/ — the configurable-source feature (e.g. the risk
// register's package column sourced from ssr).
func TestResolveDynamicEnums(t *testing.T) {
root := t.TempDir()
// <root>/Proj/ssr/{Acme,Globex}.yaml + a Beta/ folder; specs + dotfiles
// must be skipped.
ssr := filepath.Join(root, "Proj", "ssr")
if err := os.MkdirAll(filepath.Join(ssr, "Beta"), 0o755); err != nil {
t.Fatal(err)
}
for _, n := range []string{"Acme.yaml", "Globex.yaml", "table.yaml", ".hidden.yaml", "notes.txt"} {
if err := os.WriteFile(filepath.Join(ssr, n), []byte("x: 1\n"), 0o644); err != nil {
t.Fatal(err)
}
}
rskDir := filepath.Join(root, "Proj", "rsk", "Acme")
spec := []byte("columns:\n - field: package\n options_source: ssr\n - field: title\n")
out := resolveDynamicEnums(root, rskDir, spec)
var parsed map[string]interface{}
if err := yaml.Unmarshal(out, &parsed); err != nil {
t.Fatalf("re-parse: %v", err)
}
cols := parsed["columns"].([]interface{})
pkg := cols[0].(map[string]interface{})
enum, ok := pkg["enum"].([]interface{})
if !ok {
t.Fatalf("package column got no enum: %+v", pkg)
}
got := make([]string, len(enum))
for i, e := range enum {
got[i] = e.(string)
}
want := "Acme,Beta,Globex" // sorted; specs + dot/non-yaml skipped
if strings.Join(got, ",") != want {
t.Errorf("enum = %v, want %s", got, want)
}
// The non-sourced column is untouched.
if _, has := cols[1].(map[string]interface{})["enum"]; has {
t.Errorf("title column should not get an enum")
}
}
Reference in a new issue View git blame Copy permalink