From fb8062a6c20dfb2e8a66035db446923353f47249 Mon Sep 17 00:00:00 2001 From: Marcel Date: Sat, 9 May 2026 14:51:50 +0200 Subject: [PATCH] fix(comment): declare missing @PathVariable params on block comment endpoints MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit getBlockComments was missing documentId; replyToBlockComment was missing blockId. Spring silently ignored undeclared path variables — the segments were parsed but never bound. Now both parameters are explicitly declared so Spring rejects non-UUID values with 400. Co-Authored-By: Claude Sonnet 4.6 --- .../document/comment/CommentController.java | 5 ++++- .../document/comment/CommentControllerTest.java | 17 +++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/org/raddatz/familienarchiv/document/comment/CommentController.java b/backend/src/main/java/org/raddatz/familienarchiv/document/comment/CommentController.java index 8efd25b8..788c9df8 100644 --- a/backend/src/main/java/org/raddatz/familienarchiv/document/comment/CommentController.java +++ b/backend/src/main/java/org/raddatz/familienarchiv/document/comment/CommentController.java @@ -27,7 +27,9 @@ public class CommentController { // ─── Block (transcription) comments ──────────────────────────────────────── @GetMapping("/api/documents/{documentId}/transcription-blocks/{blockId}/comments") - public List getBlockComments(@PathVariable UUID blockId) { + public List getBlockComments( + @PathVariable UUID documentId, + @PathVariable UUID blockId) { return commentService.getCommentsForBlock(blockId); } @@ -48,6 +50,7 @@ public class CommentController { @RequirePermission({Permission.ANNOTATE_ALL, Permission.WRITE_ALL}) public DocumentComment replyToBlockComment( @PathVariable UUID documentId, + @PathVariable UUID blockId, @PathVariable UUID commentId, @RequestBody CreateCommentDTO dto, Authentication authentication) { diff --git a/backend/src/test/java/org/raddatz/familienarchiv/document/comment/CommentControllerTest.java b/backend/src/test/java/org/raddatz/familienarchiv/document/comment/CommentControllerTest.java index d3593c65..e4630ae7 100644 --- a/backend/src/test/java/org/raddatz/familienarchiv/document/comment/CommentControllerTest.java +++ b/backend/src/test/java/org/raddatz/familienarchiv/document/comment/CommentControllerTest.java @@ -44,6 +44,14 @@ class CommentControllerTest { // ─── Block comment endpoints ───────────────────────────────────────────── + @Test + @WithMockUser + void getBlockComments_returns400_when_documentId_is_not_a_UUID() throws Exception { + UUID blockId = UUID.randomUUID(); + mockMvc.perform(get("/api/documents/NOT-A-UUID/transcription-blocks/" + blockId + "/comments")) + .andExpect(status().isBadRequest()); + } + @Test @WithMockUser void getBlockComments_returns200() throws Exception { @@ -115,6 +123,15 @@ class CommentControllerTest { // ─── Block reply endpoints ─────────────────────────────────────────────── + @Test + @WithMockUser(authorities = "ANNOTATE_ALL") + void replyToBlockComment_returns400_when_blockId_is_not_a_UUID() throws Exception { + mockMvc.perform(post("/api/documents/" + DOC_ID + "/transcription-blocks/NOT-A-UUID" + + "/comments/" + COMMENT_ID + "/replies") + .contentType(MediaType.APPLICATION_JSON).content(COMMENT_JSON)) + .andExpect(status().isBadRequest()); + } + @Test void replyToBlockComment_returns401_whenUnauthenticated() throws Exception { UUID blockId = UUID.randomUUID(); -- 2.49.1