feat(submissions): Composer Slice C — building blocks library (m/paliad#141)
Per the design at docs/design-submission-generator-v2-2026-05-26.md §8
and the Q2 / Q9 ratifications:
- Q2 (m, 2026-05-26): building blocks are plain text paste sources.
No building_block_id reference is stored on submission_sections.
- Q9 (m, 2026-05-26): four visibility tiers — private / team / firm
/ global.
Schema (mig 149):
- paliad.submission_building_blocks — library catalog. Columns: slug,
firm (NULL = cross-firm), section_key (binds to one section kind),
proceeding_family (NULL = any), title_de/_en + description_de/_en
+ content_md_de/_en, author_id, visibility (CHECK in 4-tier set),
is_published, created_at, updated_at, deleted_at (soft delete).
RLS: coarse-grained SELECT — every authenticated user sees
non-deleted non-private rows + own private rows. Tier-specific
predicate (private/team/firm/global) applied in Go-layer service so
semantics evolve without RLS migrations. Mutations admin-only (no
RLS write paths).
- paliad.submission_building_block_admin_versions — append-only
history per block, retention=20. Admin-side only; NOT referenced
from submission_sections (per Q2's plain-text-paste model). Exists
so accidental delete / overwrite are recoverable.
Backend:
- internal/services/submission_building_block_service.go (~510 LoC):
BuildingBlockService. ListVisible applies tier predicate at query
time (private = author_id match; firm = firm column NULL OR matches
branding.Name; team = author shares a project_team with caller via
paliad.project_teams self-join; global = open). ListAllForAdmin
drops the predicate. Create + Update + SoftDelete + RestoreVersion
all transactional; appendVersionTx writes one audit row +
GC-deletes anything past the retention=20 horizon in the same tx.
InsertIntoSection (the paste mechanic) clones content_md_<lang>
into the section row with a "\n\n" separator if section already has
content. NO building_block_id stamped per Q2.
- internal/handlers/submission_building_blocks.go (~480 LoC): nine
handlers split between the lawyer-facing picker (list, insert) and
the admin editor (list, get, create, update, delete, list-versions,
restore-version, page). buildingBlockUpdateInput uses presence-
tracking UnmarshalJSON for the four nullable fields (firm,
proceeding_family, description_de/_en) so PATCH can distinguish
"no change" from "set to null".
- Routes registered: lawyer-facing under /api/submission-building-blocks,
admin-gated under /api/admin/submission-building-blocks/* and
/admin/submission-building-blocks (page).
- Wiring: handlers.Services + dbServices + cmd/server/main.go all
gain SubmissionBuildingBlock. NewBuildingBlockService takes the
branding.Name firm hint for the visibility predicate.
Frontend:
- frontend/src/admin-submission-building-blocks.tsx (~85 LoC):
three-pane admin shell (list / editor / version log) registered
in build.ts.
- frontend/src/client/admin-submission-building-blocks.ts (~370
LoC): admin client — list paint, edit form (slug + firm +
section_key + proceeding_family + title/desc/content per lang +
visibility radio + is_published toggle), per-block version log
with restore button. Bilingual labels.
- frontend/src/client/submission-draft.ts: per-section "+ Baustein"
button on the Composer editor toolbar (Slice B substrate gets one
more affordance). openBlockPicker opens a modal filtered to the
section's section_key, 200ms-debounced search by free text against
title/description/content. Click a hit → POST insert-into-section
→ section row's content_md_<lang> gains the block's content
appended at the end (Q2's plain-text paste semantic, no lineage).
- ~240 LoC of CSS: modal overlay + picker rows with tier-colored
visibility chips + admin editor 3-pane grid + form rows + version
list.
- 12 new i18n keys × 2 langs (admin.building_blocks.*).
Tests:
- TestValidVisibility (8 cases including case-sensitivity + empty).
- TestAppendBlockContent (8 cases covering empty-existing / empty-
addition / whitespace-only / trailing newline collapse).
- TestBuildingBlockVisibilityConstants pins the 4 string literals
against drift (RLS predicate + DB CHECK depend on them).
Build hygiene: go build/vet/test -short clean; bun run build clean
(2906 i18n keys, data-i18n scan clean).
Hard rules per ratifications honoured:
- Q2: no building_block_id lineage on sections (paste is plain text).
- Q9: 4 visibility tiers (private/team/firm/global).
- NO behavior change for pre-Composer drafts (the picker just doesn't
show — section list is hidden for base_id NULL drafts).
- {{rule.X}} aliases preserved (block content goes through the same
v1 placeholder pass on export as section prose).
NOT in scope per Slice C brief:
- User-authored private blocks (Slice C ships admin curation only;
any-user create is a follow-up).
- Tier promotion review workflow (admin sets tier directly today).
- Per-section "where is this block used" reverse lookup (no lineage
to query).
- Slice D's rich-prose features (headings, lists, blockquote) still
Slice D's job; this Slice doesn't extend the MD walker.
t-paliad-315 Slice C
This commit is contained in:
@@ -0,0 +1,4 @@
|
||||
-- t-paliad-315: revert building blocks library.
|
||||
|
||||
DROP TABLE IF EXISTS paliad.submission_building_block_admin_versions;
|
||||
DROP TABLE IF EXISTS paliad.submission_building_blocks;
|
||||
118
internal/db/migrations/149_submission_building_blocks.up.sql
Normal file
118
internal/db/migrations/149_submission_building_blocks.up.sql
Normal file
@@ -0,0 +1,118 @@
|
||||
-- t-paliad-315 (m/paliad#141): Composer Slice C — building blocks library.
|
||||
--
|
||||
-- Per the design at docs/design-submission-generator-v2-2026-05-26.md §4.4
|
||||
-- and the Q2 / Q9 ratifications:
|
||||
--
|
||||
-- Q2 (m, 2026-05-26): building blocks are plain text paste sources.
|
||||
-- No building_block_id reference is stored on submission_sections —
|
||||
-- insertion is a one-way copy of content_md_<lang> into the section.
|
||||
-- This table records the library; submission_sections doesn't know
|
||||
-- where its content came from.
|
||||
--
|
||||
-- Q9 (m, 2026-05-26): four visibility tiers — private / team / firm
|
||||
-- / global. Picker filtering and RLS SELECT predicate both honour
|
||||
-- the tier. Tier upgrades (private → team/firm/global) go through
|
||||
-- admin moderation in later slices; Slice C starts with admin-only
|
||||
-- mutations (no user-initiated rows yet).
|
||||
--
|
||||
-- The _admin_versions companion table mirrors the email-templates
|
||||
-- retention=20 audit history. It is INTERNAL to the admin editor —
|
||||
-- not referenced from submission_sections, not exposed to the lawyer.
|
||||
-- It exists so accidental delete + accidental overwrite are
|
||||
-- recoverable.
|
||||
|
||||
CREATE TABLE IF NOT EXISTS paliad.submission_building_blocks (
|
||||
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
slug text NOT NULL,
|
||||
firm text, -- e.g. 'HLC', NULL = cross-firm
|
||||
section_key text NOT NULL, -- which section kind this block fits
|
||||
proceeding_family text, -- 'de.inf.lg', NULL = any family
|
||||
title_de text NOT NULL,
|
||||
title_en text NOT NULL,
|
||||
description_de text,
|
||||
description_en text,
|
||||
content_md_de text NOT NULL DEFAULT '',
|
||||
content_md_en text NOT NULL DEFAULT '',
|
||||
author_id uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
|
||||
visibility text NOT NULL, -- 'private' | 'team' | 'firm' | 'global'
|
||||
is_published bool NOT NULL DEFAULT false,
|
||||
created_at timestamptz NOT NULL DEFAULT now(),
|
||||
updated_at timestamptz NOT NULL DEFAULT now(),
|
||||
deleted_at timestamptz,
|
||||
|
||||
CONSTRAINT submission_building_blocks_visibility_check
|
||||
CHECK (visibility IN ('private', 'team', 'firm', 'global')),
|
||||
CONSTRAINT submission_building_blocks_unique_slug_per_firm
|
||||
UNIQUE (slug, firm)
|
||||
);
|
||||
|
||||
CREATE INDEX IF NOT EXISTS submission_building_blocks_section_visibility_idx
|
||||
ON paliad.submission_building_blocks (section_key, visibility, firm, proceeding_family)
|
||||
WHERE deleted_at IS NULL AND is_published;
|
||||
|
||||
CREATE INDEX IF NOT EXISTS submission_building_blocks_author_idx
|
||||
ON paliad.submission_building_blocks (author_id)
|
||||
WHERE deleted_at IS NULL;
|
||||
|
||||
ALTER TABLE paliad.submission_building_blocks ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- SELECT policy: coarse-grained RLS that admits every non-deleted
|
||||
-- block to any authenticated user. The Go-side BuildingBlockService
|
||||
-- applies the fine-grained tier predicate (private / team / firm /
|
||||
-- global) using branding.Name + team-membership joins. This split
|
||||
-- keeps the SQL simple and lets the tier semantics evolve in code
|
||||
-- without RLS migrations.
|
||||
--
|
||||
-- The exception below is 'private': only the author sees their own
|
||||
-- private rows. That's the hard line where a tier upgrade is
|
||||
-- substantive enough to warrant DB-level enforcement.
|
||||
DROP POLICY IF EXISTS submission_building_blocks_select ON paliad.submission_building_blocks;
|
||||
CREATE POLICY submission_building_blocks_select
|
||||
ON paliad.submission_building_blocks FOR SELECT TO authenticated
|
||||
USING (
|
||||
deleted_at IS NULL
|
||||
AND (
|
||||
visibility <> 'private'
|
||||
OR author_id = auth.uid()
|
||||
)
|
||||
);
|
||||
|
||||
-- INSERT / UPDATE / DELETE intentionally absent — admin mutations
|
||||
-- happen at the Go handler layer with explicit adminGate. RLS without
|
||||
-- mutation policies denies them by default.
|
||||
|
||||
DROP TRIGGER IF EXISTS submission_building_blocks_set_updated_at ON paliad.submission_building_blocks;
|
||||
CREATE TRIGGER submission_building_blocks_set_updated_at
|
||||
BEFORE UPDATE ON paliad.submission_building_blocks
|
||||
FOR EACH ROW EXECUTE FUNCTION paliad.tg_set_updated_at();
|
||||
|
||||
COMMENT ON TABLE paliad.submission_building_blocks IS
|
||||
't-paliad-315: Composer building-block library. Plain text paste sources for section content (no lineage tracked on sections per Q2 ratification). 4-tier visibility per Q9.';
|
||||
|
||||
|
||||
-- _admin_versions: append-only history per block. Admin-side only;
|
||||
-- not referenced from submission_sections. Retention 20 per block,
|
||||
-- GCed in the same transaction as the Save (mirrors email-templates).
|
||||
CREATE TABLE IF NOT EXISTS paliad.submission_building_block_admin_versions (
|
||||
id uuid PRIMARY KEY DEFAULT gen_random_uuid(),
|
||||
building_block_id uuid NOT NULL REFERENCES paliad.submission_building_blocks(id) ON DELETE CASCADE,
|
||||
content_md_de text NOT NULL,
|
||||
content_md_en text NOT NULL,
|
||||
title_de text NOT NULL,
|
||||
title_en text NOT NULL,
|
||||
edited_by uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
|
||||
note text,
|
||||
created_at timestamptz NOT NULL DEFAULT now()
|
||||
);
|
||||
|
||||
CREATE INDEX IF NOT EXISTS submission_building_block_admin_versions_block_idx
|
||||
ON paliad.submission_building_block_admin_versions (building_block_id, created_at DESC);
|
||||
|
||||
ALTER TABLE paliad.submission_building_block_admin_versions ENABLE ROW LEVEL SECURITY;
|
||||
|
||||
-- Admin-only audit; the handler layer gates this via adminGate and
|
||||
-- writes via SECURITY DEFINER paths or admin-role SQL. No RLS SELECT
|
||||
-- policy exists, so non-admin users get an empty result set.
|
||||
|
||||
COMMENT ON TABLE paliad.submission_building_block_admin_versions IS
|
||||
't-paliad-315: append-only history per building block. Admin-side only; retention 20 rows per block, GCed at Save time.';
|
||||
Reference in New Issue
Block a user