M14: TaskDialog (create/edit) + story auto-promotion (#21)
* chore(ST-1112): add deps for task dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add shared zod schema for task dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add missing MD3 tokens for task dialog outline-variant, on-error-container, status-review (light + dark) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add saveTask and deleteTask server actions for TaskDialog Unified create/edit action (saveTask) replaces separate formData-based actions for the new TaskDialog. Uses shared zod schema, structured SaveTaskResult union type, and context-aware revalidatePath for both sprint and backlog routes. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add TaskDialog component (create & edit mode) Builds the full TaskDialog on top of the existing @base-ui/react Dialog primitive. Covers create mode, edit mode (status field + created_at metadata + delete), dirty-check AlertDialog, delete confirm AlertDialog, Cmd+Enter submit, and per-field char counters. Uses react-hook-form + zodResolver against the shared taskSchema. Priority and status are extracted to PrioritySegmented and StatusSelect sub-components using MD3 tokens throughout. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): refactor task-list to open TaskDialog via URL params Replaces inline create/edit forms with router.push navigation: - Clicking a task row → ?editTask=<id> - "+ Taak" button → ?newTask=1&storyId=<storyId> Removes CreateTaskForm, EditSubmitButton, updateTaskAction, and createTaskAction from the component. Status toggle and DnD remain unchanged. Rows now have cursor-pointer and keyboard a11y. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): wire TaskDialog into sprint page via searchParams Sprint page now reads ?newTask, ?storyId, and ?editTask query params. For edit mode: fetches the task server-side with productAccessFilter scope (invalid/foreign IDs redirect to closePath). Renders TaskDialog when either param is present. closePath is the sprint route without query params. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add Suspense skeleton for edit-mode task loading Extracts task fetch into EditTaskLoader (async server component) so the sprint board renders immediately while the task loads. TaskDialogSkeleton shows 3 grey bars during the fetch. Invalid or out-of-scope task IDs redirect to closePath. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): render description as markdown in task-detail-dialog Solo task detail now renders description via react-markdown + remark-gfm with prose styling. Sanitizes script/iframe elements. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * test(ST-1112): add saveTask/deleteTask server action tests Covers all three demo-policy layers and cross-tenant scope: demo blocked (403), unauthenticated blocked, validation 422, edit cross-tenant forbidden, create cross-tenant forbidden, and happy-path for both edit and create. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): add updateTaskStatusWithStoryPromotion helper Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1112): wire story-promotion into saveTask and PATCH /api/tasks/:id Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * docs(ST-1112): add task-dialog doc and architecture note Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: extend allowed tools in settings.local.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1113): add 200ms animation-delay to TaskDialogSkeleton to prevent flicker Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1114): add DirtyCloseGuard reusable component for dirty-form close confirmation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(ST-1114): add shared Markdown wrapper, apply to task-detail and story-dialog Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * chore: allow grep -E pattern in settings.local.json Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
GitHub
parent
64e3f610a6
commit
6cd98129f2
27 changed files with 3665 additions and 130 deletions
225
__tests__/actions/tasks-dialog.test.ts
Normal file
225
__tests__/actions/tasks-dialog.test.ts
Normal file
|
|
@ -0,0 +1,225 @@
|
|||
import { describe, it, expect, vi, beforeEach } from 'vitest'
|
||||
|
||||
vi.mock('next/cache', () => ({ revalidatePath: vi.fn() }))
|
||||
vi.mock('next/headers', () => ({ cookies: vi.fn().mockResolvedValue({}) }))
|
||||
vi.mock('iron-session', () => ({
|
||||
getIronSession: vi.fn().mockResolvedValue({ userId: 'user-1', isDemo: false }),
|
||||
}))
|
||||
vi.mock('@/lib/session', () => ({
|
||||
sessionOptions: { cookieName: 'test', password: 'test' },
|
||||
}))
|
||||
vi.mock('@/lib/product-access', () => ({
|
||||
productAccessFilter: vi.fn().mockReturnValue({}),
|
||||
}))
|
||||
vi.mock('@/lib/prisma', () => ({
|
||||
prisma: {
|
||||
task: {
|
||||
findFirst: vi.fn(),
|
||||
create: vi.fn(),
|
||||
update: vi.fn(),
|
||||
delete: vi.fn(),
|
||||
findMany: vi.fn(),
|
||||
},
|
||||
story: {
|
||||
findFirst: vi.fn(),
|
||||
findUniqueOrThrow: vi.fn(),
|
||||
update: vi.fn(),
|
||||
},
|
||||
$transaction: vi.fn(),
|
||||
},
|
||||
}))
|
||||
|
||||
import { prisma } from '@/lib/prisma'
|
||||
import { getIronSession } from 'iron-session'
|
||||
import { saveTask, deleteTask } from '@/actions/tasks'
|
||||
|
||||
const mockPrisma = prisma as unknown as {
|
||||
task: {
|
||||
findFirst: ReturnType<typeof vi.fn>
|
||||
create: ReturnType<typeof vi.fn>
|
||||
update: ReturnType<typeof vi.fn>
|
||||
delete: ReturnType<typeof vi.fn>
|
||||
findMany: ReturnType<typeof vi.fn>
|
||||
}
|
||||
story: {
|
||||
findFirst: ReturnType<typeof vi.fn>
|
||||
findUniqueOrThrow: ReturnType<typeof vi.fn>
|
||||
update: ReturnType<typeof vi.fn>
|
||||
}
|
||||
$transaction: ReturnType<typeof vi.fn>
|
||||
}
|
||||
const mockSession = getIronSession as ReturnType<typeof vi.fn>
|
||||
|
||||
const VALID_INPUT = {
|
||||
title: 'Test taak',
|
||||
description: 'Beschrijving',
|
||||
implementation_plan: 'Plan',
|
||||
priority: 3,
|
||||
}
|
||||
|
||||
const TASK = {
|
||||
id: 'task-1',
|
||||
title: 'Test taak',
|
||||
status: 'TO_DO',
|
||||
}
|
||||
|
||||
const STORY = { sprint_id: 'sprint-1' }
|
||||
|
||||
beforeEach(() => {
|
||||
vi.clearAllMocks()
|
||||
mockSession.mockResolvedValue({ userId: 'user-1', isDemo: false })
|
||||
// Pass-through transaction so saveTask's $transaction wrapper executes its callback inline.
|
||||
mockPrisma.$transaction.mockImplementation(async (run: (tx: typeof prisma) => Promise<unknown>) => {
|
||||
return run(prisma)
|
||||
})
|
||||
})
|
||||
|
||||
// ─── saveTask ────────────────────────────────────────────────────────────────
|
||||
|
||||
describe('saveTask — demo-readonly (laag 2)', () => {
|
||||
it('blokkeert demo-sessie', async () => {
|
||||
mockSession.mockResolvedValue({ userId: 'user-1', isDemo: true })
|
||||
const result = await saveTask(VALID_INPUT, { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'demo_readonly' })
|
||||
})
|
||||
})
|
||||
|
||||
describe('saveTask — unauthenticated', () => {
|
||||
it('blokkeert niet-ingelogde gebruiker', async () => {
|
||||
mockSession.mockResolvedValue({ userId: undefined, isDemo: false })
|
||||
const result = await saveTask(VALID_INPUT, { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'forbidden' })
|
||||
})
|
||||
})
|
||||
|
||||
describe('saveTask — validatie', () => {
|
||||
it('retourneert 422 bij lege titel', async () => {
|
||||
const result = await saveTask({ ...VALID_INPUT, title: '' }, { productId: 'p-1', storyId: 's-1' })
|
||||
expect(result).toMatchObject({ ok: false, code: 422, error: 'validation' })
|
||||
})
|
||||
|
||||
it('retourneert 422 bij te lange titel (>120 tekens)', async () => {
|
||||
const result = await saveTask(
|
||||
{ ...VALID_INPUT, title: 'a'.repeat(121) },
|
||||
{ productId: 'p-1', storyId: 's-1' },
|
||||
)
|
||||
expect(result).toMatchObject({ ok: false, code: 422, error: 'validation' })
|
||||
})
|
||||
})
|
||||
|
||||
describe('saveTask — edit (cross-tenant scope)', () => {
|
||||
it('retourneert forbidden als task buiten scope valt', async () => {
|
||||
mockPrisma.task.findFirst.mockResolvedValue(null) // out-of-scope
|
||||
const result = await saveTask(VALID_INPUT, { taskId: 'task-1', productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'forbidden' })
|
||||
})
|
||||
|
||||
it('update slaagt voor een geautoriseerde task', async () => {
|
||||
mockPrisma.task.findFirst.mockResolvedValue(TASK)
|
||||
mockPrisma.task.update.mockResolvedValue(TASK)
|
||||
const result = await saveTask(VALID_INPUT, { taskId: 'task-1', productId: 'p-1' })
|
||||
expect(result).toMatchObject({ ok: true })
|
||||
// scope-filter is toegepast: findFirst bevat `story.product`
|
||||
expect(mockPrisma.task.findFirst).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
where: expect.objectContaining({ id: 'task-1', story: expect.anything() }),
|
||||
}),
|
||||
)
|
||||
})
|
||||
})
|
||||
|
||||
describe('saveTask — edit met status-promotie', () => {
|
||||
it('promotes story naar DONE wanneer status flip naar DONE alle siblings DONE maakt', async () => {
|
||||
mockPrisma.task.findFirst.mockResolvedValue({ id: 'task-1', status: 'IN_PROGRESS' })
|
||||
mockPrisma.task.update.mockResolvedValue({
|
||||
id: 'task-1',
|
||||
title: 'Test taak',
|
||||
status: 'IN_PROGRESS',
|
||||
story_id: 'story-1',
|
||||
implementation_plan: null,
|
||||
})
|
||||
// Wanneer de helper draait, gebruikt-ie tx.task.update voor de status-flip.
|
||||
// Dezelfde mock vangt beide updates op; tweede return-value voor de status-update.
|
||||
mockPrisma.task.update.mockResolvedValueOnce({
|
||||
id: 'task-1',
|
||||
title: 'Test taak',
|
||||
status: 'IN_PROGRESS',
|
||||
story_id: 'story-1',
|
||||
implementation_plan: null,
|
||||
}).mockResolvedValueOnce({
|
||||
id: 'task-1',
|
||||
title: 'Test taak',
|
||||
status: 'DONE',
|
||||
story_id: 'story-1',
|
||||
implementation_plan: null,
|
||||
})
|
||||
mockPrisma.task.findMany.mockResolvedValue([{ status: 'DONE' }, { status: 'DONE' }])
|
||||
mockPrisma.story.findUniqueOrThrow.mockResolvedValue({ status: 'IN_SPRINT' })
|
||||
|
||||
const result = await saveTask(
|
||||
{ ...VALID_INPUT, status: 'DONE' },
|
||||
{ taskId: 'task-1', productId: 'p-1' },
|
||||
)
|
||||
|
||||
expect(result).toMatchObject({ ok: true })
|
||||
expect(mockPrisma.story.update).toHaveBeenCalledWith({
|
||||
where: { id: 'story-1' },
|
||||
data: { status: 'DONE' },
|
||||
})
|
||||
})
|
||||
})
|
||||
|
||||
describe('saveTask — create (cross-tenant scope)', () => {
|
||||
it('retourneert forbidden als story buiten scope valt', async () => {
|
||||
mockPrisma.story.findFirst.mockResolvedValue(null)
|
||||
const result = await saveTask(VALID_INPUT, { storyId: 's-1', productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'forbidden' })
|
||||
})
|
||||
|
||||
it('aanmaken slaagt voor een geautoriseerde story', async () => {
|
||||
mockPrisma.story.findFirst.mockResolvedValue(STORY)
|
||||
mockPrisma.task.findFirst.mockResolvedValue(null) // geen vorige taak
|
||||
mockPrisma.task.create.mockResolvedValue(TASK)
|
||||
const result = await saveTask(VALID_INPUT, { storyId: 's-1', productId: 'p-1' })
|
||||
expect(result).toMatchObject({ ok: true })
|
||||
})
|
||||
})
|
||||
|
||||
// ─── deleteTask ──────────────────────────────────────────────────────────────
|
||||
|
||||
describe('deleteTask — demo-readonly (laag 2)', () => {
|
||||
it('blokkeert demo-sessie', async () => {
|
||||
mockSession.mockResolvedValue({ userId: 'user-1', isDemo: true })
|
||||
const result = await deleteTask('task-1', { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'demo_readonly' })
|
||||
})
|
||||
})
|
||||
|
||||
describe('deleteTask — unauthenticated', () => {
|
||||
it('blokkeert niet-ingelogde gebruiker', async () => {
|
||||
mockSession.mockResolvedValue({ userId: undefined, isDemo: false })
|
||||
const result = await deleteTask('task-1', { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'forbidden' })
|
||||
})
|
||||
})
|
||||
|
||||
describe('deleteTask — cross-tenant scope', () => {
|
||||
it('retourneert forbidden als task buiten scope valt', async () => {
|
||||
mockPrisma.task.findFirst.mockResolvedValue(null)
|
||||
const result = await deleteTask('task-1', { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: false, code: 403, error: 'forbidden' })
|
||||
})
|
||||
|
||||
it('verwijderen slaagt voor een geautoriseerde task', async () => {
|
||||
mockPrisma.task.findFirst.mockResolvedValue(TASK)
|
||||
mockPrisma.task.delete.mockResolvedValue(TASK)
|
||||
const result = await deleteTask('task-1', { productId: 'p-1' })
|
||||
expect(result).toEqual({ ok: true })
|
||||
// scope-filter toegepast
|
||||
expect(mockPrisma.task.findFirst).toHaveBeenCalledWith(
|
||||
expect.objectContaining({
|
||||
where: expect.objectContaining({ id: 'task-1', story: expect.anything() }),
|
||||
}),
|
||||
)
|
||||
})
|
||||
})
|
||||
Loading…
Add table
Add a link
Reference in a new issue