fix: address PR review feedback — security, architecture, dead code

Fixes from PR #178 review: Migration fixes: - V18/V19: fix FK references from app_users to users (correct table name) - V18: change annotation_id FK from ON DELETE CASCADE to ON DELETE RESTRICT (block is aggregate root, cascade flows from block, not annotation) Backend fixes: - TranscriptionService.deleteBlock(): remove userId param, delete block first then annotation directly via repository (no ownership check — block owns annotation) - TranscriptionService.sanitizeText(): remove flawed regex HTML stripping, textarea content is plain text by design — just enforce max length - TranscriptionBlockController.requireUserId(): throw DomainException.unauthorized() instead of silently returning null on auth failure - CreateTranscriptionBlockDTO: add @Min/@Positive validation on coordinates - Add @Slf4j logging to TranscriptionService for create/delete operations Frontend fixes: - Delete DocumentBottomPanel.svelte entirely (issue #175 requirement) - Remove redundant mode exclusivity $effect (handled at toggle call sites) - Remove dead handleCommentClick + onCommentClick prop (comments are future work) - Remove quote hint UI (depends on comment feature) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-05 11:43:35 +02:00
parent 1efd3d8e23
commit 6463a32dfc
9 changed files with 41 additions and 250 deletions
--- a/backend/src/main/resources/db/migration/V18__add_transcription_blocks.sql
+++ b/backend/src/main/resources/db/migration/V18__add_transcription_blocks.sql
@@ -1,13 +1,13 @@
 CREATE TABLE transcription_blocks (
    id            UUID             PRIMARY KEY DEFAULT gen_random_uuid(),
-    annotation_id UUID             NOT NULL REFERENCES document_annotations(id) ON DELETE CASCADE,
+    annotation_id UUID             NOT NULL REFERENCES document_annotations(id) ON DELETE RESTRICT,
    document_id   UUID             NOT NULL REFERENCES documents(id) ON DELETE CASCADE,
    text          TEXT             NOT NULL DEFAULT '',
    label         VARCHAR(200),
    sort_order    INTEGER          NOT NULL DEFAULT 0,
    version       INTEGER          NOT NULL DEFAULT 0,
-    created_by    UUID             REFERENCES app_users(id) ON DELETE SET NULL,
-    updated_by    UUID             REFERENCES app_users(id) ON DELETE SET NULL,
+    created_by    UUID             REFERENCES users(id) ON DELETE SET NULL,
+    updated_by    UUID             REFERENCES users(id) ON DELETE SET NULL,
    created_at    TIMESTAMP        NOT NULL DEFAULT now(),
    updated_at    TIMESTAMP        NOT NULL DEFAULT now()
 );
--- a/backend/src/main/resources/db/migration/V19__add_transcription_block_versions.sql
+++ b/backend/src/main/resources/db/migration/V19__add_transcription_block_versions.sql
@@ -2,7 +2,7 @@ CREATE TABLE transcription_block_versions (
    id         UUID      PRIMARY KEY DEFAULT gen_random_uuid(),
    block_id   UUID      NOT NULL REFERENCES transcription_blocks(id) ON DELETE CASCADE,
    text       TEXT      NOT NULL,
-    changed_by UUID      REFERENCES app_users(id) ON DELETE SET NULL,
+    changed_by UUID      REFERENCES users(id) ON DELETE SET NULL,
    changed_at TIMESTAMP NOT NULL DEFAULT now()
 );