feat(geschichten): show blog writers' own drafts on the Geschichten overview (#807) #813

Merged

marcel merged 13 commits from feat/issue-807-drafts-overview into main 2026-06-12 19:46:05 +02:00

Conversation 0 Commits 13 Files Changed 14 +316 -35

marcel commented 2026-06-12 18:56:17 +02:00

Owner

Copy Link

Closes #807.

Why this PR exists (again)

The #807 implementation was completed on feat/issue-807-drafts-overview on top of the lesereisen integration branch, but the branch was never pushed or merged — the lesereisen squash (b33d0eb8) landed without it, and the issue was closed anyway. This PR rebases the original 9 commits onto current main and adds the one specced item the original implementation missed.

Security fix — CWE-639 (broken access control)

GeschichteService.list() forwarded a null status straight to the repository for BLOG_WRITE users, returning all stories from all authors including other writers' DRAFTs. Now null always resolves to PUBLISHED; only an explicit status=DRAFT request (blog writers only) returns drafts, scoped to the caller's own. The two false-safety-net tests that asserted the vulnerable behaviour were rewritten into real regression fixtures (eq(...) argument verification, @DisplayName("security: ...")).

Feature

• Blog writers see an Entwürfe section at the top of /geschichten, showing their own drafts unfiltered (separate from the filtered published list), with an (alle Entwürfe) caption
• A gated Veröffentlicht heading appears above the published list whenever the Entwürfe section is visible (balanced h2 outline for screen readers)
• Each draft row carries an Entwurf badge (desktop meta column + mobile row, reusing the journey badge tokens)
• The DRAFT fetch uses Promise.allSettled and degrades gracefully to drafts: [] — the overview never 500s on a drafts-fetch failure
• settled<T>() extracted to $lib/shared/server/settled.ts and reused by both the home and geschichten loaders
• 4 new i18n keys (de/en/es)

Rebase conflict resolutions (vs. the original branch)

• +page.server.ts: combined the drafts fetch with main's documentFilter title resolution (from #803) in one Promise.allSettled with fixed-position placeholders instead of slice-offset arithmetic
• page.server.test.ts: kept main's richer mockApi (path-keyed), took the new callLoad(url, parentData) signature
• messages/*.json: kept both key sets (#803 chip keys + #807 draft keys)

New on top of the original branch

The original implementation skipped the spec's gated "Veröffentlicht" heading (the i18n key existed but was unused). Added via red/green TDD as the final two commits.

Verification

• GeschichteServiceTest: 45/45 pass (includes the 2 new security regression tests)
• page.server.test.ts: 16/16 pass
• Browser specs page.svelte.spec.ts + GeschichteListRow.svelte.spec.ts: 25 + 12 pass
• svelte-check: no errors in any touched file (baseline errors in untouched home/admin specs remain)

🤖 Generated with Claude Code

Closes #807. ## Why this PR exists (again) The #807 implementation was completed on `feat/issue-807-drafts-overview` on top of the lesereisen integration branch, but the branch was **never pushed or merged** — the lesereisen squash (b33d0eb8) landed without it, and the issue was closed anyway. This PR rebases the original 9 commits onto current `main` and adds the one specced item the original implementation missed. ## Security fix — CWE-639 (broken access control) `GeschichteService.list()` forwarded a `null` status straight to the repository for `BLOG_WRITE` users, returning **all stories from all authors including other writers' DRAFTs**. Now `null` always resolves to `PUBLISHED`; only an explicit `status=DRAFT` request (blog writers only) returns drafts, scoped to the caller's own. The two false-safety-net tests that asserted the vulnerable behaviour were rewritten into real regression fixtures (`eq(...)` argument verification, `@DisplayName("security: ...")`). ## Feature - Blog writers see an **Entwürfe** section at the top of `/geschichten`, showing their own drafts unfiltered (separate from the filtered published list), with an `(alle Entwürfe)` caption - A gated **Veröffentlicht** heading appears above the published list whenever the Entwürfe section is visible (balanced h2 outline for screen readers) - Each draft row carries an **Entwurf** badge (desktop meta column + mobile row, reusing the journey badge tokens) - The DRAFT fetch uses `Promise.allSettled` and degrades gracefully to `drafts: []` — the overview never 500s on a drafts-fetch failure - `settled<T>()` extracted to `$lib/shared/server/settled.ts` and reused by both the home and geschichten loaders - 4 new i18n keys (de/en/es) ## Rebase conflict resolutions (vs. the original branch) - `+page.server.ts`: combined the drafts fetch with main's documentFilter title resolution (from #803) in one `Promise.allSettled` with fixed-position placeholders instead of slice-offset arithmetic - `page.server.test.ts`: kept main's richer `mockApi` (path-keyed), took the new `callLoad(url, parentData)` signature - `messages/*.json`: kept both key sets (#803 chip keys + #807 draft keys) ## New on top of the original branch The original implementation skipped the spec's gated "Veröffentlicht" heading (the i18n key existed but was unused). Added via red/green TDD as the final two commits. ## Verification - `GeschichteServiceTest`: 45/45 pass (includes the 2 new security regression tests) - `page.server.test.ts`: 16/16 pass - Browser specs `page.svelte.spec.ts` + `GeschichteListRow.svelte.spec.ts`: 25 + 12 pass - `svelte-check`: no errors in any touched file (baseline errors in untouched home/admin specs remain) 🤖 Generated with [Claude Code](https://claude.com/claude-code)

marcel added 11 commits 2026-06-12 18:56:18 +02:00

test(geschichte): rewrite false-safety-net null-status tests to catch CWE-639 ... b37aa6155e

Rename list_passes_null_status_through_for_BLOG_WRITER_so_drafts_are_visible
to list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories and
rewrite to verify eq(PUBLISHED) is passed — this test is now RED against the
vulnerable list() implementation.

Strengthen list_forces_PUBLISHED_status_for_reader_without_BLOG_WRITE with
eq(PUBLISHED) and isNull() matchers — both tests are now real regression fixtures.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(geschichte): add security regression tests for CWE-639 null-status and DRAFT scoping ... 4541f90ce8

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(geschichte): null status always resolves to PUBLISHED, fixing CWE-639 ... e3140c4f99

A blog writer passing null status previously forwarded null to the repository,
returning all stories including other authors' drafts. Now only an explicit
DRAFT request (blog writer only) scopes to the caller's own stories.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(geschichten): add failing tests for draft fetch in page loader ... 66281c9929

RED: loader does not yet call parent() or fetch DRAFT stories.
Also extracts settled<T>() helper to $lib/shared/server/settled.ts
and seeds makeData/callLoad factories with drafts/parent defaults.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(geschichten): fetch own drafts in page loader for blog writers ... d5bfe77a73

Blog writers now get a separate resilient DRAFT fetch alongside the
PUBLISHED list. A network failure degrades to drafts: [] rather than
a 500, so the overview stays usable even if the draft fetch times out.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(GeschichteListRow): add failing tests for DRAFT status badge ... df66cf6605

RED: component has no draft badge yet.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(GeschichteListRow): show DRAFT badge on desktop meta column and mobile row ... b626698543

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(geschichten/page): add failing tests for Entwürfe section ... cb87695834

RED: page does not yet render a drafts section.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

feat(geschichten): add Entwürfe section above published list for blog writers ... 439b2133bd

Drafts appear in a separate unfiltered section at the top of the overview,
clearly separated by a divider and labelled with the draft badge on each row.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

test(geschichten/page): add failing tests for gated Veröffentlicht heading ... 2185150990

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

feat(geschichten): show Veröffentlicht heading when Entwürfe section is visible ... 52019f7e69

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

marcel added 2 commits 2026-06-12 19:45:52 +02:00

test(geschichte): drop duplicate null-status security test ... f26874937d

list_with_null_status_and_BLOG_WRITE_returns_PUBLISHED_not_all_stories
was byte-for-byte identical to the @DisplayName("security: ...") variant;
keep the named one.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

fix(shared): null-harden settled() against placeholder slots ... 17b0625a73

A Promise.resolve(null) placeholder (e.g. the gated drafts slot) fulfils
with a null value; settled() dereferenced v.response unconditionally and
threw. Now any nullish value resolves to null. Adds unit tests for all
settled() branches.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

marcel merged commit 38a6d6b0fc into main 2026-06-12 19:46:05 +02:00

marcel deleted branch feat/issue-807-drafts-overview 2026-06-12 19:46:05 +02:00

marcel referenced this issue from a commit 2026-06-12 19:46:07 +02:00

feat(geschichten): show blog writers' own drafts on the Geschichten overview (#807) (#813)

marcel referenced this pull request 2026-06-12 22:03:51 +02:00

CI red on main: geschichten overview component tests crash on missing drafts mock #814

marcel referenced this issue from a commit 2026-06-12 22:06:16 +02:00

test(geschichten): add drafts to the overview page test mock data

marcel referenced this pull request 2026-06-12 22:06:27 +02:00

test(geschichten): add drafts to the overview page test mock data #815

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

needs-discussion

Has an open decision or design question that must be resolved before implementation can start.

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#813