feat(dashboard): add isReader flag + reader branch to page load

Read-only users (no WRITE_ALL or ANNOTATE_ALL) now receive lean reader data (stats, top-4 persons, 5 recent docs, 3 recent stories, and drafts when BLOG_WRITE) instead of the contributor transcription queues. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-07 19:04:04 +02:00
parent 6a46a1e3eb
commit a58e796ffa
2 changed files with 247 additions and 11 deletions
--- a/frontend/src/routes/page.server.spec.ts
+++ b/frontend/src/routes/page.server.spec.ts
@@ -19,6 +19,10 @@ function makeUrl(params: Record<string, string | string[]> = {}) {
 	return url;
 }

+function contributorParent() {
+	return vi.fn().mockResolvedValue({ canWrite: true, canAnnotate: false, canBlogWrite: false });
+}
+
 // ─── always-dashboard behaviour ───────────────────────────────────────────────

 it('never calls /api/documents/search regardless of URL params', async () => {
@@ -29,8 +33,9 @@ it('never calls /api/documents/search regardless of URL params', async () => {

 	await load({
 		url: makeUrl({ q: 'Urlaub', from: '2020-01-01' }),
-		fetch: vi.fn() as unknown as typeof fetch
-	});
+		fetch: vi.fn() as unknown as typeof fetch,
+		parent: contributorParent()
+	} as Parameters<typeof load>[0]);

 	const calledEndpoints = mockGet.mock.calls.map((c: unknown[]) => c[0]);
 	expect(calledEndpoints).not.toContain('/api/documents/search');
@@ -42,7 +47,11 @@ it('always fetches dashboard data regardless of URL params', async () => {
 		typeof createApiClient
 	>);

-	await load({ url: makeUrl({ q: 'Urlaub' }), fetch: vi.fn() as unknown as typeof fetch });
+	await load({
+		url: makeUrl({ q: 'Urlaub' }),
+		fetch: vi.fn() as unknown as typeof fetch,
+		parent: contributorParent()
+	} as Parameters<typeof load>[0]);

 	const calledEndpoints = mockGet.mock.calls.map((c: unknown[]) => c[0]);
 	expect(calledEndpoints).toContain('/api/stats');
@@ -99,7 +108,11 @@ describe('home page load — dashboard', () => {
 			typeof createApiClient
 		>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.stats).toEqual({ totalDocuments: 42, totalPersons: 7 });
 		expect(result.resumeDoc).not.toBeNull();
@@ -132,7 +145,11 @@ describe('home page load — dashboard', () => {
 			typeof createApiClient
 		>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.stats?.totalDocuments).toBe(248);
 		expect(result.stats?.totalPersons).toBe(34);
@@ -149,7 +166,11 @@ describe('home page load — dashboard', () => {
 			typeof createApiClient
 		>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.stats).toBeNull();
 	});
@@ -166,7 +187,11 @@ describe('home page load — dashboard', () => {
 			typeof createApiClient
 		>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.resumeDoc).toBeNull();
 	});
@@ -186,7 +211,11 @@ describe('home page load — dashboard', () => {
 			typeof createApiClient
 		>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.activityFeed).toEqual([]);
 	});
@@ -201,7 +230,11 @@ describe('home page load — auth redirect', () => {
 		} as ReturnType<typeof createApiClient>);

 		await expect(
-			load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch })
+			load({
+				url: makeUrl(),
+				fetch: vi.fn() as unknown as typeof fetch,
+				parent: contributorParent()
+			} as Parameters<typeof load>[0])
 		).rejects.toMatchObject({ location: '/login' });
 	});
 });
@@ -214,8 +247,132 @@ describe('home page load — network error fallback', () => {
 			GET: vi.fn().mockRejectedValue(new Error('Network failure'))
 		} as ReturnType<typeof createApiClient>);

-		const result = await load({ url: makeUrl(), fetch: vi.fn() as unknown as typeof fetch });
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: contributorParent()
+		} as Parameters<typeof load>[0]);

 		expect(result.error).toBe('Daten konnten nicht geladen werden.');
 	});
 });
+
+// ─── reader branch ─────────────────────────────────────────────────────────────
+
+describe('home page load — reader branch (isReader = !canWrite && !canAnnotate)', () => {
+	it('does not call /api/transcription/* endpoints for a read-only user', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi
+				.fn()
+				.mockResolvedValue({ canWrite: false, canAnnotate: false, canBlogWrite: false })
+		} as Parameters<typeof load>[0]);
+
+		const calledEndpoints = mockGet.mock.calls.map((c: unknown[]) => c[0] as string);
+		const transcriptionCalls = calledEndpoints.filter((ep: string) =>
+			ep.startsWith('/api/transcription')
+		);
+		expect(transcriptionCalls).toHaveLength(0);
+	});
+
+	it('calls /api/stats, /api/persons, /api/documents, /api/geschichten for a read-only user', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi
+				.fn()
+				.mockResolvedValue({ canWrite: false, canAnnotate: false, canBlogWrite: false })
+		} as Parameters<typeof load>[0]);
+
+		const calledEndpoints = mockGet.mock.calls.map((c: unknown[]) => c[0] as string);
+		expect(calledEndpoints).toContain('/api/stats');
+		expect(calledEndpoints).toContain('/api/persons');
+		expect(calledEndpoints).toContain('/api/documents');
+		expect(calledEndpoints).toContain('/api/geschichten');
+	});
+
+	it('does not call /api/geschichten with status=DRAFT when canBlogWrite is false', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi
+				.fn()
+				.mockResolvedValue({ canWrite: false, canAnnotate: false, canBlogWrite: false })
+		} as Parameters<typeof load>[0]);
+
+		const draftCalls = mockGet.mock.calls.filter(
+			(c: unknown[]) =>
+				c[0] === '/api/geschichten' &&
+				(c[1] as { params?: { query?: { status?: string } } })?.params?.query?.status === 'DRAFT'
+		);
+		expect(draftCalls).toHaveLength(0);
+	});
+
+	it('calls /api/geschichten with status=DRAFT when canBlogWrite is true', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi.fn().mockResolvedValue({ canWrite: false, canAnnotate: false, canBlogWrite: true })
+		} as Parameters<typeof load>[0]);
+
+		const draftCalls = mockGet.mock.calls.filter(
+			(c: unknown[]) =>
+				c[0] === '/api/geschichten' &&
+				(c[1] as { params?: { query?: { status?: string } } })?.params?.query?.status === 'DRAFT'
+		);
+		expect(draftCalls).toHaveLength(1);
+	});
+
+	it('returns isReader: true for read-only user', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi
+				.fn()
+				.mockResolvedValue({ canWrite: false, canAnnotate: false, canBlogWrite: false })
+		} as Parameters<typeof load>[0]);
+
+		expect(result.isReader).toBe(true);
+	});
+
+	it('returns isReader: false for contributor with WRITE_ALL', async () => {
+		const mockGet = vi.fn().mockResolvedValue({ response: { ok: true, status: 200 }, data: null });
+		vi.mocked(createApiClient).mockReturnValue({ GET: mockGet } as ReturnType<
+			typeof createApiClient
+		>);
+
+		const result = await load({
+			url: makeUrl(),
+			fetch: vi.fn() as unknown as typeof fetch,
+			parent: vi.fn().mockResolvedValue({ canWrite: true, canAnnotate: false, canBlogWrite: false })
+		} as Parameters<typeof load>[0]);
+
+		expect(result.isReader).toBe(false);
+	});
+});