fix(geschichte): stop exposing author email in the list projection

GET /api/geschichten shipped every author's AppUser email to all readers via GeschichteSummary.AuthorSummary — contradicting the documented rule that author projections never expose email or group memberships. The frontend only used it as a display-name fallback; it now falls back to [Unbekannt], matching the server-side rule in GeschichteService.toView. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-10 07:25:11 +02:00
parent b3d54a12c4
commit e077dba595
9 changed files with 28 additions and 24 deletions
--- a/frontend/src/routes/geschichten/[id]/page.svelte.test.ts
+++ b/frontend/src/routes/geschichten/[id]/page.svelte.test.ts
@@ -76,7 +76,7 @@ describe('geschichten/[id] page', () => {
 		await expect.element(page.getByText(/Anna Schmidt/)).toBeVisible();
 	});

-	it('falls back to author email when no name is set', async () => {
+	it('renders the server-computed author displayName verbatim', async () => {
 		render(GeschichtePage, {
 			context: new Map([[CONFIRM_KEY, createConfirmService()]]),
 			props: {
--- a/frontend/src/routes/geschichten/page.svelte.test.ts
+++ b/frontend/src/routes/geschichten/page.svelte.test.ts
@@ -26,7 +26,7 @@ const baseData = (overrides: Record<string, unknown> = {}) => ({
 		title: string;
 		body?: string;
 		publishedAt?: string;
-		author?: { firstName?: string; lastName?: string; email: string };
+		author?: { firstName?: string; lastName?: string };
 	}>,
 	personFilters: [] as { id?: string; displayName: string }[],
 	documentFilter: null,
@@ -127,7 +127,7 @@ describe('geschichten/+ page', () => {
 							title: 'Reise nach Berlin',
 							body: '<p>Im Jahr 1923...</p>',
 							publishedAt: '2026-04-15T10:00:00Z',
-							author: { firstName: 'Anna', lastName: 'Schmidt', email: 'a@x' }
+							author: { firstName: 'Anna', lastName: 'Schmidt' }
 						}
 					]
 				})
@@ -139,7 +139,7 @@ describe('geschichten/+ page', () => {
 			.toBeVisible();
 	});

-	it('authorName falls back to email when first/last names are missing', async () => {
+	it('authorName falls back to [Unbekannt] when first/last names are missing', async () => {
 		render(GeschichtenListPage, {
 			props: {
 				data: baseData({
@@ -147,14 +147,14 @@ describe('geschichten/+ page', () => {
 						{
 							id: 'g1',
 							title: 'Anonym',
-							author: { email: 'anon@example.com' }
+							author: {}
 						}
 					]
 				})
 			}
 		});

-		expect(document.body.textContent).toContain('anon@example.com');
+		expect(document.body.textContent).toContain('[Unbekannt]');
 	});

 	it('authorName renders empty when author is undefined', async () => {
@@ -178,7 +178,7 @@ describe('geschichten/+ page', () => {
 						{
 							id: 'g1',
 							title: 'Draft',
-							author: { firstName: 'Anna', lastName: 'Schmidt', email: 'a@x' }
+							author: { firstName: 'Anna', lastName: 'Schmidt' }
 						}
 					]
 				})
@@ -202,7 +202,7 @@ describe('geschichten/+ page', () => {
 							id: 'g1',
 							title: 'No Body',
 							body: '',
-							author: { firstName: 'Anna', lastName: 'Schmidt', email: 'a@x' }
+							author: { firstName: 'Anna', lastName: 'Schmidt' }
 						}
 					]
 				})