test(transcription): 400 + VALIDATION_ERROR when mention displayName exceeds 200 chars

Wires @Valid on the @RequestBody parameter of TranscriptionBlockController's createBlock and updateBlock methods so JSR-303 actually fires for incoming DTOs. With @Valid on the field-level mentionedPersons in the DTO (added in the previous commit), Jakarta validation now recurses into each PersonMention element and rejects displayName values past the @Size(max=200) ceiling. The test posts a 201-char displayName and asserts the global handler maps the resulting MethodArgumentNotValidException to 400 + code:VALIDATION_ERROR. Refs #362 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-28 20:12:53 +02:00
parent 80ddfb47ac
commit 4e8df66a79
2 changed files with 19 additions and 2 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/controller/TranscriptionBlockController.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/controller/TranscriptionBlockController.java
@@ -1,5 +1,6 @@
 package org.raddatz.familienarchiv.controller;

+import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.raddatz.familienarchiv.dto.CreateTranscriptionBlockDTO;
@@ -45,7 +46,7 @@ public class TranscriptionBlockController {
    @RequirePermission(Permission.WRITE_ALL)
    public TranscriptionBlock createBlock(
            @PathVariable UUID documentId,
-            @RequestBody CreateTranscriptionBlockDTO dto,
+            @Valid @RequestBody CreateTranscriptionBlockDTO dto,
            Authentication authentication) {
        UUID userId = requireUserId(authentication);
        return transcriptionService.createBlock(documentId, dto, userId);
@@ -56,7 +57,7 @@ public class TranscriptionBlockController {
    public TranscriptionBlock updateBlock(
            @PathVariable UUID documentId,
            @PathVariable UUID blockId,
-            @RequestBody UpdateTranscriptionBlockDTO dto,
+            @Valid @RequestBody UpdateTranscriptionBlockDTO dto,
            Authentication authentication) {
        UUID userId = requireUserId(authentication);
        return transcriptionService.updateBlock(documentId, blockId, dto, userId);
--- a/backend/src/test/java/org/raddatz/familienarchiv/controller/TranscriptionBlockControllerTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/controller/TranscriptionBlockControllerTest.java
@@ -183,6 +183,22 @@ class TranscriptionBlockControllerTest {
                .andExpect(status().isUnauthorized());
    }

+    @Test
+    @WithMockUser(authorities = "WRITE_ALL")
+    void createBlock_returns400_whenMentionedPersonDisplayNameExceeds200Chars() throws Exception {
+        when(userService.findByEmail(any())).thenReturn(mockUser());
+        String longName = "A".repeat(201);
+        String body = "{\"pageNumber\":1,\"x\":0.1,\"y\":0.2,\"width\":0.3,\"height\":0.4,\"text\":\"x\","
+                + "\"mentionedPersons\":[{\"personId\":\"" + UUID.randomUUID()
+                + "\",\"displayName\":\"" + longName + "\"}]}";
+
+        mockMvc.perform(post(URL_BASE)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content(body))
+                .andExpect(status().isBadRequest())
+                .andExpect(jsonPath("$.code").value("VALIDATION_ERROR"));
+    }
+
    // ─── PUT /api/documents/{id}/transcription-blocks/{blockId} ─────────────

    @Test