marcel/familienarchiv
1
0
Fork 0
Code Issues 111 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

cleanup(legibility): polish — CLEANUP-2, CLEANUP-3, CLEANUP-4 #455

Merged
marcel merged 5 commits from feat/issue-411-legibility-cleanup into main 2026-05-07 13:22:18 +02:00
Conversation 7 Commits 5 Files Changed 75 +5 -11
4 changed files with 5 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 0fa90d58cb - Show all commits

1
backend/src/main/java/org/raddatz/familienarchiv/exception/GlobalExceptionHandler.java
View File

@@ -15,6 +15,7 @@ import org.springframework.web.server.ResponseStatusException;
import lombok.extern.slf4j.Slf4j;
// "Handler" is Spring's @RestControllerAdvice naming convention — not a generic suffix.
@RestControllerAdvice
@Slf4j
public class GlobalExceptionHandler {

1
backend/src/main/java/org/raddatz/familienarchiv/security/SecurityUtils.java
View File

@@ -7,6 +7,7 @@ import org.springframework.security.core.Authentication;
import java.util.UUID;
// Cross-cutting auth helper; no domain home — "Utils" is the correct suffix here.
public final class SecurityUtils {
private SecurityUtils() {}

11
frontend/src/lib/activity/ChronikRow.svelte
View File

@@ -159,15 +159,8 @@ const rowHref: string = $derived(
</p>
{#if variant === 'comment'}
<!--
TODO: the backend does not yet expose a comment body preview on
ActivityFeedItemDTO. Render an ellipsis placeholder until it does —
duplicating the document title here looks like the comment is
quoting itself (Leonie, PR #288 review).
SECURITY: once item.commentPreview lands, render via {text}, never
{@html}. The backend must truncate and strip tags server-side (Nora,
issue #285 comment #3552).
-->
<!-- TODO(#454): add commentPreview to ActivityFeedItemDTO, then render here -->
<!-- SECURITY: render via {text} not {@html} when commentPreview arrives — XSS risk (#285) -->
<p
data-testid="chronik-comment-preview"
class="mt-1 line-clamp-1 font-serif text-sm text-ink-2 italic sm:line-clamp-2"

3
frontend/src/routes/admin/+layout.server.ts
View File

@@ -26,8 +26,7 @@ export async function load({ fetch, locals }) {
const api = createApiClient(fetch);
const canManageUsers = hasPerm(user, 'ADMIN_USER');
// TODO: replace with a dedicated /api/admin/stats endpoint that returns counts only,
// so the System page does not load full entity lists it does not render.
// TODO(#453): replace with dedicated /api/admin/stats endpoint returning counts only
const [usersResult, groupsResult, tagsResult] = await Promise.all([
api.GET('/api/users'),
api.GET('/api/groups'),