Skip to content

fix(ui): make mirrored-artefact edit form read-only except local access#6

Merged
albanm merged 2 commits into
mainfrom
fix/mirrored-artefact-edit-form
Jun 1, 2026
Merged

fix(ui): make mirrored-artefact edit form read-only except local access#6
albanm merged 2 commits into
mainfrom
fix/mirrored-artefact-edit-form

Conversation

@albanm

@albanm albanm commented Jun 1, 2026

Copy link
Copy Markdown
Member

On a mirrored artefact (origin set) the remote registry owns the metadata; only local access (public/privateAccess) may be patched. The edit form previously sent every field on save and the API answered 403.

What changed:

  • Mirror-owned metadata (title, description, group, documentation, deprecated) now renders in a separate read-only VJSF block; the editable form is restricted to public/privateAccess via new VJSF context flags (mirrored/accessOnly).
  • The PATCH body is built from a normalized payload that excludes remote-owned fields on a mirror, so no forbidden key reaches the API.
  • Refactored the form's dirty-tracking onto computedDeepDiff + fast-deep-equal and added an unsaved-changes leave guard (useLeaveGuard).

Why: mirrored artefacts could not have their local access toggled — saving hit a 403 because the form posted remote-owned fields.

Regression risks:

  • Non-mirror PATCH payload is now assembled by buildPayload instead of spreading editData; field set is equivalent but worth confirming the normal metadata-edit path still round-trips.
  • Dirty/"unsaved" state now compares against the live artefact prop rather than a snapshot taken at load — verify Save and the leave guard reset correctly after a successful save.

albanm and others added 2 commits June 1, 2026 17:12
Editing a mirrored artefact (one with `origin`) could not save a
privateAccess/public change: the form always PATCHed the full body, and
the API rejects any non-access field on a mirror with 403. The metadata
form was also fully editable even though the remote registry owns it.

- artefact schema: add mirror-aware VJSF `layout.if` expressions keyed on
  context.mirrored / context.accessOnly so remote-owned fields show
  read-only and hide from the access-only form (and vice-versa);
  regenerate the vjsf-patch-req components.
- artefact-admin.vue: render remote-owned metadata read-only for mirrors
  with an explanatory notice; restrict the editable form + PATCH body to
  public/privateAccess on a mirror.
- adopt @data-fair/lib-vue helpers (edit-fetch pattern): unify the diff
  and PATCH body through a normalized buildPayload, compute hasDiff with
  fast-deep-equal, keep the payload reference stable via computedDeepDiff,
  and add useLeaveGuard for an unsaved-changes warning.
- tests: e2e coverage for the mirror read-only/save behaviour and the
  leave guard.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@albanm albanm merged commit 75dd06e into main Jun 1, 2026
@albanm albanm deleted the fix/mirrored-artefact-edit-form branch June 1, 2026 15:17
@github-actions github-actions Bot added the fix label Jun 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant