Skip to content
This repository was archived by the owner on May 29, 2026. It is now read-only.

fix(templates): same-user slug collision returns slug_collision 409 (closes #51)#76

Merged
rubenvdlinde merged 1 commit into
developmentfrom
fix/openbuilt-templates-slug-collision
May 16, 2026
Merged

fix(templates): same-user slug collision returns slug_collision 409 (closes #51)#76
rubenvdlinde merged 1 commit into
developmentfrom
fix/openbuilt-templates-slug-collision

Conversation

@rubenvdlinde

Copy link
Copy Markdown
Contributor

Summary

ApplicationsController::lookupOne was placing the optional `owner` filter at the top level of the OR search query — but OR records ownership under `@self.owner`. Every owner-scoped collision check therefore matched 0 rows, the check fell through, and provisioning then hit the org-wide register-slug unique constraint, returning the wrong error code (`clone_failed` 500 instead of the documented `slug_collision` 409).

One-line move of the filter into `@self` restores REQ-OBT-005 behaviour.

Out of scope

The cross-user case (different user, same slug → expected 201, currently 500) still misbehaves because OR register slugs are org-wide unique and OpenBuilt provisions `openbuilt-{slug}` without owner-scoping. Filing as a follow-up architectural ticket since it requires changing the register-naming scheme.

Test plan

  • Newman `POST createFromTemplate — same user + same slug → 409 slug_collision` now passes
  • Manual smoke: clone a template twice as the same user → second attempt returns `slug_collision` 409
  • Manual smoke: clone a template owned by user A as user B with a NEW slug → 201 (unaffected path)

Partially closes #51 (same-user path); the cross-user path will be tracked in a follow-up.

`ApplicationsController::lookupOne` placed the optional `owner` filter at
the top level of the OR search query, but OR records ownership under
`@self.owner`. Every owner-scoped lookup therefore matched 0 rows.

Net effect for the createFromTemplate flow (issue #51): when the same
user re-cloned a template with an already-used slug, the collision
check fell through, provisioning then hit the org-wide register-slug
unique constraint, and the response went out as `clone_failed` 500
instead of the documented `slug_collision` 409.

Moving the `owner` filter into the `@self` block restores the
documented behaviour (REQ-OBT-005).

Note: the cross-user case (different user, same slug) still mis-behaves
because OR register slugs are organisation-wide unique and OpenBuilt
provisions registers as `openbuilt-{slug}` regardless of owner — a
deeper architectural change that warrants its own ticket.
@rubenvdlinde rubenvdlinde merged commit 3702d85 into development May 16, 2026
8 of 14 checks passed
@github-actions

Copy link
Copy Markdown
Contributor

Quality Report — ConductionNL/openbuilt @ 36072ea

Check PHP Vue Security License Tests
lint
phpcs
phpmd
psalm
phpstan
phpmetrics
eslint
stylelint
composer ✅ 100/100
npm
PHPUnit ⏭️
Newman ⏭️
Playwright ⏭️

Quality workflow — 2026-05-16 12:34 UTC

Download the full PDF report from the workflow artifacts.

rubenvdlinde added a commit that referenced this pull request May 16, 2026
…ht env (#78)

* fix(wizard): namespace manifest config.schema alongside config.register (closes #75)

`substituteRegisterSlug` only rewrote `config.register` to the
per-version slug. The seeded `config.schema` value (`hello-message`)
was left bare even though `provisionRegister` namespaces every seed
schema as `{appSlug}-{versionSlug}-{originalSlug}`. Net effect: the
manifest pointed at a schema slug that didn't exist in the per-version
register, so the insights service couldn't resolve the schema-set and
every tier's KPI cards read the same global aggregate (openbuilt#75 —
all 3 pills showed `Object count: 246` regardless of selected tier).

Generalise to `substituteVersionContext(manifest, registerSlug,
schemaSlugPrefix)`. When the prefix is non-empty, every non-empty
`config.schema` that doesn't already start with the prefix is rewritten
to `{prefix}{originalSchemaSlug}`. The original `substituteRegisterSlug`
entry point now delegates with an empty prefix (preserves existing
unit tests / external callers).

Also backfill the cascading test regressions from PR #74 / #76:

- tests/store/schemas.spec.js — `registerObjectType` signature changed
  from 3-arg `(type, 'schemas', register)` to 4-arg with slugs map
  (`'api', { registerSlug: ... }`) when the schema store was retargeted
  at OR's `/api/schemas` CRUD.
- tests/views/SchemaDesigner.spec.js — fixture slug needs the
  `{appSlug}-` prefix to survive the new client-side filter.
- tests/Unit/Controller/ApplicationsControllerTest.php +
  tests/Unit/Controller/ApplicationsControllerDiffTest.php — add the
  `manifestResolver` constructor arg.
- tests/Unit/Repair/MigrateToVersionedModelTest.php — rewrite the
  short-circuit test to match the new row-shape detection (the old
  "schema-exists" probe was the very bug fixed in #69).

Verified: PHPUnit 204/204, Vitest 487/487.

* fix(e2e): remove global OCS-APIRequest header + accept pretty-URL redirects

Two unrelated fixes to the Playwright config and login helpers that
together unblock every spec from the Playwright baseline (24/26 failed
→ login itself worked but post-login waits/asserts timed out).

1. Drop `OCS-APIRequest: true` from `use.extraHTTPHeaders`. The header
   makes Nextcloud treat every browser request as an API call —
   including the HTML page loads — so the login form's redirect goes
   out as an empty JSON response with no Location header. Result: the
   browser stays on `/login` and every `waitForURL(/\/apps\//)` after
   login times out. Specs that need the header on their API calls
   (versionRouting, applicationDetailOverview, etc.) already set it
   explicitly on `request.fetch`; the global was redundant.

2. Relax the post-login `waitForURL` regex from `/index\.php\/apps\//`
   to `/\/apps\//` in template-gallery.spec.ts + export-zip.spec.ts.
   Pretty-URL rewrites in modern NC drop the `/index.php/` prefix on
   redirects.

Net effect locally: full Playwright run now drives every spec to its
content assertions instead of dying in `beforeEach`. Remaining failures
are real test-logic regressions (e.g. `.template-gallery` selector
mismatch) that this PR doesn't touch — they're tracked separately.

* test(newman): rewrite legacy CRUD folder for spec-C versioned model

The 'OpenRegister-backed Application CRUD' folder still POSTed
manifest/version/status directly on the Application object — the
pre-spec-C model where those lived on Application itself. Per ADR-002
the manifest + status + semver moved to ApplicationVersion, so 5 of
the 6 assertions silently dropped to `undefined` and the flow died at
the lifecycle transition.

Rewritten flow:

1. POST plain Application (no manifest / status fields).
2. GET Application by uuid — assert slug round-trip only.
3. POST ApplicationVersion under that Application via the OpenBuilt
   version-aware endpoint (carries the manifest now).
4. PUT the Application's `productionVersion` pointer to the new
   version UUID.
5. POST publish transition on the VERSION (transitions live there
   under the new state machine).
6. GET /api/applications/{slug}/manifest — should resolve via
   ManifestResolverService to the version's manifest.
7. DELETE the version + per-version register via the OB endpoint.

Note: step 5 currently returns 500 against a fresh dev container —
likely a separate publish-from-newman-context bug worth filing,
not a test-suite issue. Net Newman now goes 26/-5 (was 23/-6); the
remaining 5 failures cascade from the 500 on step 5.

* fix(#77): owner-namespaced register slug on cross-user collision + Playwright session reuse

## #77 — cross-user register slug collision

OR's register slug is organisation-wide unique. \`provisionPerAppRegister\`
unconditionally used \`openbuilt-{slug}\`, which silently shared a
register across users when two callers cloned the same template.

Compatible fix: keep the legacy un-namespaced slug WHEN the existing
register is owned by the caller (idempotent re-clones, single-tenant
installs). When a different user owns the legacy slug, fall back to
\`openbuilt-{ownerUid}-{slug}\` so the cross-user case provisions a
fresh register instead of joining the other user's.

Adds \`findOrCreateRegister\` + \`extractRegisterOwner\` helpers (tolerant
of either an \`owner\` getter on the entity or an \`@self.owner\` block in
the JSON shape).

## Playwright session reuse + path fix

Two unrelated test-infrastructure issues that were blocking the whole
e2e suite:

1. \`global-setup.ts\` logs in once at startup and writes the browser
   storage state to \`tests/e2e/.auth/admin.json\`. Every spec then
   reuses the session — no more per-spec \`loginAsAdmin\` helper
   wrestling with NC's brute-force throttle when workers ran in
   parallel.
2. \`fullyParallel: false\` + \`workers: 1\` — serial spec execution
   keeps the brute-force counter quiet.
3. applicationCard.spec.ts + iconUpload.spec.ts: \`page.goto('/apps/openbuilt')\`
   landed on the Dashboard widget page (route \`/\`), not the Virtual
   apps index (route \`/applications\`). Updated to
   \`/apps/openbuilt/applications\` so \`.ob-app-card\` actually renders.

\`.auth/\` is gitignored.

PHPUnit 204/204 still green.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant