feat(persons): add @Size constraints to PersonUpdateDTO + @Valid to controller

firstName/lastName max 100, alias max 200, notes max 5000 chars. PUT /api/persons/{id} returns 400 for oversized fields. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-29 19:35:59 +02:00
parent 93107e7c59
commit ef9a85eee8
3 changed files with 33 additions and 1 deletions
--- a/backend/src/test/java/org/raddatz/familienarchiv/controller/PersonControllerTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/controller/PersonControllerTest.java
@@ -305,6 +305,30 @@ class PersonControllerTest {
                .andExpect(status().isBadRequest());
    }

+    // ─── Phase 1.2: @Size constraints ─────────────────────────────────────────
+
+    @Test
+    @WithMockUser(authorities = "WRITE_ALL")
+    void updatePerson_returns400_whenNotesExceed5000Chars() throws Exception {
+        String oversizedNotes = "x".repeat(5001);
+        UUID id = UUID.randomUUID();
+        mockMvc.perform(put("/api/persons/{id}", id)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content("{\"firstName\":\"Hans\",\"lastName\":\"Müller\",\"notes\":\"" + oversizedNotes + "\"}"))
+                .andExpect(status().isBadRequest());
+    }
+
+    @Test
+    @WithMockUser(authorities = "WRITE_ALL")
+    void updatePerson_returns400_whenFirstNameExceeds100Chars() throws Exception {
+        String oversizedFirstName = "x".repeat(101);
+        UUID id = UUID.randomUUID();
+        mockMvc.perform(put("/api/persons/{id}", id)
+                        .contentType(MediaType.APPLICATION_JSON)
+                        .content("{\"firstName\":\"" + oversizedFirstName + "\",\"lastName\":\"Müller\"}"))
+                .andExpect(status().isBadRequest());
+    }
+
    // ─── Phase 1.1: @RequirePermission(WRITE_ALL) on write endpoints ──────────

    @Test