fix(a11y): fix ProgressRing text label contrast and add no-restricted-syntax lint rule for text-accent

ProgressRing used text-accent (#a1dcd8) on a percentage text label — same WCAG 2.1 AA failure as #341. Switched to text-primary. Also adds ESLint no-restricted-syntax rule (scoped to *.svelte files) that blocks future text-accent usage in JavaScript string literals inside Svelte class expressions. The rule caught both violations at once; both are now fixed. The rule is scoped to .svelte files so test assertions against 'text-accent' strings in .spec.ts files are unaffected. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
fix(viewer): replace text-accent with text-primary on annotation toggle inactive state
2026-04-26 21:03:12 +02:00 · 2026-04-26 21:02:39 +02:00 · 2026-04-26 17:44:03 +02:00 · 2026-04-26 17:41:56 +02:00 · 2026-04-26 17:39:09 +02:00
9 changed files with 172 additions and 21 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/service/UserService.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/service/UserService.java
@@ -80,6 +80,34 @@ public class UserService {
        return saved;
    }

+    @Transactional
+    public AppUser createUserForBootstrap(CreateUserRequest request) {
+        log.info("Bootstrap user creation (no audit): {}", request.getEmail());
+
+        Set<UserGroup> groups = new HashSet<>();
+        if (request.getGroupIds() != null && !request.getGroupIds().isEmpty()) {
+            groups.addAll(groupRepository.findAllById(request.getGroupIds()));
+        }
+
+        Optional<AppUser> existingUser = userRepository.findByEmail(request.getEmail());
+        if (existingUser.isPresent()) {
+            AppUser updated = existingUser.get().updateFromRequest(request, passwordEncoder, groups);
+            return userRepository.save(updated);
+        }
+
+        AppUser user = AppUser.builder()
+                .email(request.getEmail())
+                .password(passwordEncoder.encode(request.getInitialPassword()))
+                .groups(groups)
+                .firstName(request.getFirstName())
+                .lastName(request.getLastName())
+                .birthDate(request.getBirthDate())
+                .contact(request.getContact())
+                .enabled(true)
+                .build();
+        return userRepository.save(user);
+    }
+
    @Transactional
    public AppUser createUser(String email, String rawPassword, String firstName, String lastName, Set<UUID> groupIds) {
        userRepository.findByEmail(email).ifPresent(existing -> {
--- a/backend/src/test/java/org/raddatz/familienarchiv/audit/UserManagementAuditIntegrationTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/audit/UserManagementAuditIntegrationTest.java
@@ -45,18 +45,13 @@ class UserManagementAuditIntegrationTest {

    @Test
    void createAndDeleteUser_producesOrderedAuditEntries() {
-        // Create the actor (admin) user directly — bypasses audit logging so no FK issue
+        // Bootstrap actor with no audit event — clean slate guaranteed by @BeforeEach
        CreateUserRequest adminReq = new CreateUserRequest();
        adminReq.setEmail("admin@test.example.com");
        adminReq.setInitialPassword("admin-secret");
-        AppUser actor = transactionTemplate.execute(status ->
-                userService.createUserOrUpdate(null, adminReq));
+        AppUser actor = transactionTemplate.execute(status -> userService.createUserForBootstrap(adminReq));
        UUID actorId = actor.getId();

-        // The admin creation is logged with null actorId — clear to start with a clean slate
-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));
-        transactionTemplate.execute(status -> { auditLogRepository.deleteAll(); return null; });
-
        // Create the target user — should emit USER_CREATED
        CreateUserRequest req = new CreateUserRequest();
        req.setEmail("audit-test@example.com");
@@ -65,7 +60,7 @@ class UserManagementAuditIntegrationTest {
            userService.createUserOrUpdate(actorId, req);
            return null;
        });
-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));
+        await().atMost(10, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));

        // Delete the target user — should emit USER_DELETED
        AppUser created = userRepository.findByEmail("audit-test@example.com").orElseThrow();
@@ -73,7 +68,7 @@ class UserManagementAuditIntegrationTest {
            userService.deleteUser(actorId, created.getId());
            return null;
        });
-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_DELETED));
+        await().atMost(10, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_DELETED));

        List<AuditLog> events = auditLogQueryService.findRecentUserManagementEvents(10);
        assertThat(events).hasSize(2);
@@ -83,27 +78,24 @@ class UserManagementAuditIntegrationTest {

    @Test
    void updateUserGroups_producesGroupMembershipChangedEvent() {
-        // Create groups before creating users — required for group assignment on creation
        GroupDTO groupADto = new GroupDTO(); groupADto.setName("Viewers"); groupADto.setPermissions(Set.of("READ_ALL"));
        GroupDTO groupBDto = new GroupDTO(); groupBDto.setName("Editors"); groupBDto.setPermissions(Set.of("WRITE_ALL"));
        UserGroup gA = transactionTemplate.execute(status -> userService.createGroup(groupADto));
        UserGroup gB = transactionTemplate.execute(status -> userService.createGroup(groupBDto));

-        // Create actor (bootstrap — null actorId, event not relevant)
+        // Bootstrap actor with no audit event — clean slate guaranteed by @BeforeEach
        CreateUserRequest actorReq = new CreateUserRequest();
        actorReq.setEmail("actor-group-test@test.example.com");
        actorReq.setInitialPassword("secret");
-        AppUser actor = transactionTemplate.execute(status -> userService.createUserOrUpdate(null, actorReq));
-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));
-        transactionTemplate.execute(status -> { auditLogRepository.deleteAll(); return null; });
+        AppUser actor = transactionTemplate.execute(status -> userService.createUserForBootstrap(actorReq));

-        // Create target user pre-assigned to gA
+        // Create target user pre-assigned to gA — emits USER_CREATED
        CreateUserRequest targetReq = new CreateUserRequest();
        targetReq.setEmail("target-group-test@test.example.com");
        targetReq.setInitialPassword("secret");
        targetReq.setGroupIds(List.of(gA.getId()));
        transactionTemplate.execute(status -> userService.createUserOrUpdate(actor.getId(), targetReq));
-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));
+        await().atMost(10, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.USER_CREATED));
        transactionTemplate.execute(status -> { auditLogRepository.deleteAll(); return null; });

        AppUser target = userRepository.findByEmail("target-group-test@test.example.com").orElseThrow();
@@ -113,7 +105,7 @@ class UserManagementAuditIntegrationTest {
        dto.setGroupIds(List.of(gB.getId()));
        transactionTemplate.execute(status -> userService.adminUpdateUser(actor.getId(), target.getId(), dto));

-        await().atMost(5, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.GROUP_MEMBERSHIP_CHANGED));
+        await().atMost(10, SECONDS).until(() -> auditLogRepository.existsByKind(AuditKind.GROUP_MEMBERSHIP_CHANGED));

        List<AuditLog> events = auditLogQueryService.findRecentUserManagementEvents(10);
        assertThat(events).hasSize(1);
--- a/backend/src/test/java/org/raddatz/familienarchiv/controller/UserControllerTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/controller/UserControllerTest.java
@@ -133,4 +133,28 @@ class UserControllerTest {
        mockMvc.perform(delete("/api/users/" + UUID.randomUUID()))
                .andExpect(status().isForbidden());
    }
+
+    // ─── unauthenticated access ───────────────────────────────────────────────
+
+    @Test
+    void createUser_returns401_whenUnauthenticated() throws Exception {
+        mockMvc.perform(post("/api/users")
+                        .contentType(org.springframework.http.MediaType.APPLICATION_JSON)
+                        .content("{\"email\":\"x@x.com\",\"initialPassword\":\"secret123\"}"))
+                .andExpect(status().isUnauthorized());
+    }
+
+    @Test
+    void adminUpdateUser_returns401_whenUnauthenticated() throws Exception {
+        mockMvc.perform(put("/api/users/" + UUID.randomUUID())
+                        .contentType(org.springframework.http.MediaType.APPLICATION_JSON)
+                        .content("{}"))
+                .andExpect(status().isUnauthorized());
+    }
+
+    @Test
+    void deleteUser_returns401_whenUnauthenticated() throws Exception {
+        mockMvc.perform(delete("/api/users/" + UUID.randomUUID()))
+                .andExpect(status().isUnauthorized());
+    }
 }
--- a/backend/src/test/java/org/raddatz/familienarchiv/service/UserServiceTest.java
+++ b/backend/src/test/java/org/raddatz/familienarchiv/service/UserServiceTest.java
@@ -837,6 +837,26 @@ class UserServiceTest {
        verify(auditService, never()).logAfterCommit(any(), any(), any(), any());
    }

+    // ─── createUserForBootstrap ───────────────────────────────────────────────
+
+    @Test
+    void createUserForBootstrap_createsUserWithoutAuditEvent() {
+        CreateUserRequest req = new CreateUserRequest();
+        req.setEmail("bootstrap@example.com");
+        req.setInitialPassword("secret");
+        req.setGroupIds(List.of());
+
+        when(userRepository.findByEmail("bootstrap@example.com")).thenReturn(Optional.empty());
+        when(passwordEncoder.encode("secret")).thenReturn("encoded");
+        AppUser saved = AppUser.builder().id(UUID.randomUUID()).email("bootstrap@example.com").build();
+        when(userRepository.save(any())).thenReturn(saved);
+
+        AppUser result = userService.createUserForBootstrap(req);
+
+        assertThat(result).isEqualTo(saved);
+        verify(auditService, never()).logAfterCommit(any(), any(), any(), any());
+    }
+
    // ─── createGroup ──────────────────────────────────────────────────────────

    @Test
--- a/frontend/eslint.config.js
+++ b/frontend/eslint.config.js
@@ -40,6 +40,26 @@ export default defineConfig(
 				parser: ts.parser,
 				svelteConfig
 			}
+		},
+		rules: {
+			// text-accent resolves to #a1dcd8 in light mode (1.52:1 on white — WCAG fail).
+			// layout.css documents it as decorative-only (borders, icon tints, bg fills).
+			// For any text label use text-primary or text-ink instead. This rule catches
+			// the pattern where text-accent appears inside a JavaScript string literal
+			// (e.g. conditional ternary class expressions in Svelte templates).
+			'no-restricted-syntax': [
+				'error',
+				{
+					selector: 'Literal[value=/\\btext-accent\\b/]',
+					message:
+						'text-accent is decorative-only (#a1dcd8 in light mode = 1.52:1 contrast — WCAG fail). Use text-primary or text-ink-2 for text labels.'
+				},
+				{
+					selector: 'TemplateLiteral > TemplateElement[value.raw=/\\btext-accent\\b/]',
+					message:
+						'text-accent is decorative-only (#a1dcd8 in light mode = 1.52:1 contrast — WCAG fail). Use text-primary or text-ink-2 for text labels.'
+				}
+			]
 		}
 	}
 );
--- a/frontend/src/lib/components/PdfControls.svelte
+++ b/frontend/src/lib/components/PdfControls.svelte
@@ -91,7 +91,7 @@ let {
 			aria-label={showAnnotations ? m.pdf_annotations_hide() : m.pdf_annotations_show()}
 			class="flex items-center gap-1.5 rounded px-2 py-1 font-sans text-xs transition {showAnnotations
 				? 'text-ink-2 hover:bg-surface/10'
-				: 'bg-surface/10 text-accent'}"
+				: 'bg-surface/10 text-primary'}"
 		>
 			<svg
 				class="h-3.5 w-3.5 shrink-0"
--- a/frontend/src/lib/components/PdfControls.svelte.spec.ts
+++ b/frontend/src/lib/components/PdfControls.svelte.spec.ts
@@ -0,0 +1,67 @@
+import { vi, describe, it, expect, afterEach } from 'vitest';
+import { cleanup, render } from 'vitest-browser-svelte';
+import { page } from 'vitest/browser';
+
+import PdfControls from './PdfControls.svelte';
+
+afterEach(cleanup);
+
+const defaultProps = {
+	currentPage: 1,
+	totalPages: 3,
+	isLoaded: true,
+	showAnnotations: false,
+	annotationCount: 0,
+	onPrev: vi.fn(),
+	onNext: vi.fn(),
+	onZoomIn: vi.fn(),
+	onZoomOut: vi.fn(),
+	onToggleAnnotations: vi.fn()
+};
+
+describe('PdfControls — annotation toggle visibility', () => {
+	it('renders annotation toggle when annotationCount is greater than zero', async () => {
+		render(PdfControls, { ...defaultProps, annotationCount: 3 });
+		await expect
+			.element(page.getByRole('button', { name: /annotierungen anzeigen/i }))
+			.toBeInTheDocument();
+	});
+
+	it('does not render annotation toggle when annotationCount is zero', async () => {
+		render(PdfControls, { ...defaultProps, annotationCount: 0 });
+		await expect
+			.element(page.getByRole('button', { name: /annotierungen/i }))
+			.not.toBeInTheDocument();
+	});
+});
+
+describe('PdfControls — annotation toggle label', () => {
+	it('shows "Annotierungen anzeigen" label when annotations are hidden', async () => {
+		render(PdfControls, { ...defaultProps, annotationCount: 2, showAnnotations: false });
+		const btn = page.getByRole('button', { name: /annotierungen anzeigen/i });
+		await expect.element(btn).toBeInTheDocument();
+	});
+
+	it('shows "Annotierungen verbergen" label when annotations are visible', async () => {
+		render(PdfControls, { ...defaultProps, annotationCount: 2, showAnnotations: true });
+		const btn = page.getByRole('button', { name: /annotierungen verbergen/i });
+		await expect.element(btn).toBeInTheDocument();
+	});
+});
+
+describe('PdfControls — annotation toggle contrast (WCAG 2.1 AA)', () => {
+	it('uses text-primary class on annotation toggle button when annotations are hidden', async () => {
+		const { container } = render(PdfControls, {
+			...defaultProps,
+			annotationCount: 2,
+			showAnnotations: false
+		});
+		const allButtons = container.querySelectorAll('button');
+		const annotationBtn = Array.from(allButtons).find((b) =>
+			b.getAttribute('aria-label')?.toLowerCase().includes('annotierungen')
+		);
+		expect(annotationBtn).not.toBeNull();
+		expect(annotationBtn!.className).toContain('text-primary');
+		expect(annotationBtn!.className).not.toContain('text-accent');
+	});
+});
--- a/frontend/src/lib/components/ProgressRing.svelte
+++ b/frontend/src/lib/components/ProgressRing.svelte
@@ -19,7 +19,7 @@ let { percentage }: { percentage: number } = $props();
 		/>
 	</svg>
 	<span
-		class="block text-center font-sans text-xs font-bold {percentage > 0 ? 'text-accent' : 'text-gray-400'}"
+		class="block text-center font-sans text-xs font-bold {percentage > 0 ? 'text-primary' : 'text-gray-400'}"
 	>
 		{percentage}%
 	</span>
--- a/frontend/src/lib/components/ProgressRing.svelte.spec.ts
+++ b/frontend/src/lib/components/ProgressRing.svelte.spec.ts
@@ -25,12 +25,12 @@ describe('ProgressRing', () => {
 		expect(el.className).toContain('text-gray-400');
 	});

-	it('renders a mint-colored label when percentage is > 0', async () => {
+	it('renders a primary-colored label when percentage is > 0', async () => {
 		render(ProgressRing, { percentage: 75 });
 		const label = page.getByText('75%');
 		await expect.element(label).toBeInTheDocument();
 		const el = (await label.element()) as HTMLElement;
-		expect(el.className).toContain('text-accent');
+		expect(el.className).toContain('text-primary');
 	});

 	it('renders a fully filled arc for 100%', async () => {
Author	SHA1	Message	Date
Marcel	379bc84e11	fix(a11y): fix ProgressRing text label contrast and add no-restricted-syntax lint rule for text-accent Some checks failed CI / Unit & Component Tests (push) Failing after 4m16s Details CI / OCR Service Tests (push) Successful in 33s Details CI / Backend Unit Tests (push) Failing after 3m2s Details CI / Unit & Component Tests (pull_request) Failing after 3m0s Details CI / OCR Service Tests (pull_request) Successful in 36s Details CI / Backend Unit Tests (pull_request) Failing after 2m55s Details ProgressRing used text-accent (#a1dcd8) on a percentage text label — same WCAG 2.1 AA failure as #341. Switched to text-primary. Also adds ESLint no-restricted-syntax rule (scoped to *.svelte files) that blocks future text-accent usage in JavaScript string literals inside Svelte class expressions. The rule caught both violations at once; both are now fixed. The rule is scoped to .svelte files so test assertions against 'text-accent' strings in .spec.ts files are unaffected. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 21:03:12 +02:00
Marcel	110da9b8b0	fix(viewer): replace text-accent with text-primary on annotation toggle inactive state Fixes WCAG 2.1 AA contrast failure (#341): text-accent (#a1dcd8) on light PDF control bar was 1.52:1 — well below the 4.5:1 AA minimum. text-primary resolves to #012851 in light mode (14.5:1) and #a1dcd8 in dark mode (9:1) — both states pass AA in both themes. Adds PdfControls.svelte.spec.ts with 5 tests covering toggle visibility, label strings, and the contrast-safe class assertion. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 21:02:39 +02:00
Marcel	ce41e96a45	test(audit): add 401 unauthenticated tests for createUser, adminUpdateUser, deleteUser Some checks failed CI / Unit & Component Tests (pull_request) Failing after 3m1s Details CI / OCR Service Tests (pull_request) Successful in 34s Details CI / Backend Unit Tests (pull_request) Failing after 3m0s Details CI / Unit & Component Tests (push) Failing after 2m59s Details CI / OCR Service Tests (push) Successful in 40s Details CI / Backend Unit Tests (push) Failing after 2m55s Details Regression guards verifying that Spring Security returns 401 (not 200) when no credentials are provided, complementing the existing 403 permission tests. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:44:03 +02:00
Marcel	a6c8af0971	test(audit): replace null-actorId bootstrap calls with createUserForBootstrap(), increase timeouts to 10s Removes the wait+clear cycles that existed only to drain the audit events emitted by createUserOrUpdate(null, ...). Timeouts increased 5 → 10 s to reduce CI flakiness under load. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:41:56 +02:00
Marcel	6d9910b805	refactor(audit): extract createUserForBootstrap() to make null actorId contract explicit createUserOrUpdate(UUID actorId, ...) is always called from the controller with a real authenticated actor. createUserForBootstrap() handles seeding/test setup without emitting an audit event, making the two contracts unambiguous. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-26 17:39:09 +02:00