feat(timeline): add /zeitstrahl/events/[id]/edit curator edit + delete route

Load gates on hasWriteAll (null-user guard first, 403 error page) and seeds the form from GET /api/timeline/events/{id}, failing closed with 404 on ANY non-ok response so derived person-events (no UUID) and unknown ids never render a blank create form. The save action PUTs with the optimistic-lock version (threaded via a hidden input EventForm now emits), mapping 409 to the generic conflict message without redirecting. The delete action DELETEs behind getConfirmService(), returns fail(status) on a non-ok response (no redirect), and otherwise redirects to the UUID-validated nav target. 8/8 server specs green; EventForm 6/6 green. Refs #781 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-13 22:51:56 +02:00
parent 59d78150b3
commit 5cfb4608f6
4 changed files with 275 additions and 0 deletions
--- a/frontend/src/lib/timeline/EventForm.svelte
+++ b/frontend/src/lib/timeline/EventForm.svelte
@@ -149,6 +149,11 @@ async function confirmDelete(e: SubmitEvent) {
 		}}
 	>
 		<input type="hidden" name="originPersonId" value={originPersonId} />
+		{#if event}
+			<!-- Optimistic-lock version travels back to the PUT so #3 can reject a
+				 stale edit with 409. -->
+			<input type="hidden" name="version" value={event.version} />
+		{/if}

 		<div class="grid grid-cols-1 gap-6 lg:grid-cols-[2fr_1fr]">
 			<!-- Main column -->