Files

Phil Skentelbery f10d0679da feat(tags): Add database schema and tags module (v1.3.0 Phase 1)

Implements tag/category system backend following microformats2 p-category specification.

Database changes:
- Migration 008: Add tags and note_tags tables
- Normalized tag storage (case-insensitive lookup, display name preserved)
- Indexes for performance

New module:
- starpunk/tags.py: Tag management functions
  - normalize_tag: Normalize tag strings
  - get_or_create_tag: Get or create tag records
  - add_tags_to_note: Associate tags with notes (replaces existing)
  - get_note_tags: Retrieve note tags (alphabetically ordered)
  - get_tag_by_name: Lookup tag by normalized name
  - get_notes_by_tag: Get all notes with specific tag
  - parse_tag_input: Parse comma-separated tag input

Model updates:
- Note.tags property (lazy-loaded, prefer pre-loading in routes)
- Note.to_dict() add include_tags parameter

CRUD updates:
- create_note() accepts tags parameter
- update_note() accepts tags parameter (None = no change, [] = remove all)

Micropub integration:
- Pass tags to create_note() (tags already extracted by extract_tags())
- Return tags in q=source response

Per design doc: docs/design/v1.3.0/microformats-tags-design.md

Generated with Claude Code

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-10 11:24:23 -07:00

9.1 KiB

Raw Blame History

Delete Route 404 Fix - Implementation Report

Date: 2025-11-18 Developer: StarPunk Developer Subagent Component: Admin Routes - Delete Note Test Status: 405/406 passing (99.75%)

Summary

Fixed the delete route to return HTTP 404 when attempting to delete nonexistent notes, achieving full ADR-012 compliance and pattern consistency with the edit route.

Problem

The delete route (POST /admin/delete/<id>) was not checking if a note existed before attempting deletion. Because the underlying delete_note() function is idempotent (returns successfully even for nonexistent notes), the route always showed "Note deleted successfully" regardless of whether the note existed.

This violated ADR-012 (HTTP Error Handling Policy), which requires routes to return 404 with an error message when operating on nonexistent resources.

Implementation

Code Changes

File: /home/phil/Projects/starpunk/starpunk/routes/admin.py Function: delete_note_submit() (lines 173-206)

Added existence check after docstring, before confirmation check:

# Check if note exists first (per ADR-012)
existing_note = get_note(id=note_id, load_content=False)
if not existing_note:
    flash("Note not found", "error")
    return redirect(url_for("admin.dashboard")), 404

This follows the exact same pattern as the update route (lines 148-152), ensuring consistency across all admin routes.

Test Fix

File: /home/phil/Projects/starpunk/tests/test_routes_admin.py Test: test_delete_nonexistent_note_shows_error (line 443)

The test was incorrectly using follow_redirects=True and expecting status 200. When Flask returns redirect(), 404, the test client does NOT follow the redirect because of the 404 status code.

Before:

def test_delete_nonexistent_note_shows_error(self, authenticated_client):
    """Test deleting nonexistent note shows error"""
    response = authenticated_client.post(
        "/admin/delete/99999", data={"confirm": "yes"}, follow_redirects=True
    )

    assert response.status_code == 200
    assert (
        b"error" in response.data.lower() or b"not found" in response.data.lower()
    )

After:

def test_delete_nonexistent_note_shows_error(self, authenticated_client):
    """Test deleting nonexistent note returns 404"""
    response = authenticated_client.post(
        "/admin/delete/99999", data={"confirm": "yes"}
    )
    assert response.status_code == 404

This now matches the pattern used by test_update_nonexistent_note_404 (line 381-386).

Architectural Compliance

ADR-012 Compliance

Requirement	Status
Return 404 for nonexistent resource	✅ Yes (`return ..., 404`)
Check existence before operation	✅ Yes (`get_note()` before `delete_note()`)
Include user-friendly flash message	✅ Yes (`flash("Note not found", "error")`)
Redirect to safe location	✅ Yes (`redirect(url_for("admin.dashboard"))`)

Pattern Consistency

All admin routes now follow the same pattern for handling nonexistent resources:

Route	Method	404 on Missing	Flash Message	Implementation
`/admin/edit/<id>`	GET	✅ Yes	"Note not found"	Lines 118-122
`/admin/edit/<id>`	POST	✅ Yes	"Note not found"	Lines 148-152
`/admin/delete/<id>`	POST	✅ Yes	"Note not found"	Lines 193-197

Implementation Details

Existence Check

Function: get_note(id=note_id, load_content=False)
Purpose: Check if note exists without loading file content
Performance: ~0.1ms (single SELECT query, no file I/O)
Returns: Note object if found, None if not found or soft-deleted

Flash Message

Message: "Note not found"
Category: "error" (displays as red alert in UI)
Rationale: Consistent with edit route, clear and simple

Return Statement

Pattern: return redirect(url_for("admin.dashboard")), 404
Result: HTTP 404 status with redirect to dashboard
UX: User sees dashboard with error message, not blank 404 page

Separation of Concerns

Data Layer (delete_note() function):

Remains idempotent by design
Returns successfully for nonexistent notes
Supports retry scenarios and REST semantics

Route Layer (delete_note_submit() function):

Now checks existence explicitly
Returns proper HTTP status codes
Handles user-facing error messages

Testing Results

Specific Test

uv run pytest tests/test_routes_admin.py::TestDeleteNote::test_delete_nonexistent_note_shows_error -v

Result: ✅ PASSED

All Delete Tests

uv run pytest tests/test_routes_admin.py::TestDeleteNote -v

Result: ✅ 4/4 tests passed

All Admin Route Tests

uv run pytest tests/test_routes_admin.py -v

Result: ✅ 32/32 tests passed

Full Test Suite

uv run pytest

Result: ✅ 405/406 tests passing (99.75%)

Remaining Failure: test_dev_mode_requires_dev_admin_me (unrelated to this fix)

Edge Cases Handled

Case 1: Note Exists

Existence check passes
Confirmation check proceeds
Deletion succeeds
Flash: "Note deleted successfully"
Return: 302 redirect

Case 2: Note Doesn't Exist

Existence check fails
Flash: "Note not found"
Return: 404 with redirect
Deletion NOT attempted

Case 3: Note Soft-Deleted

get_note() excludes soft-deleted notes
Treated as nonexistent from user perspective
Flash: "Note not found"
Return: 404 with redirect

Case 4: Deletion Not Confirmed

Existence check passes
Confirmation check fails
Flash: "Deletion cancelled"
Return: 302 redirect (no 404)

Performance Impact

Before

DELETE query (inside delete_note())

After

SELECT query (get_note() - existence check)
DELETE query (inside delete_note())

Overhead: ~0.1ms per deletion request

Why This is Acceptable

Single-user system (not high traffic)
Deletions are rare operations
Correctness > performance for edge cases
Consistent with edit route (already accepts this overhead)
load_content=False avoids file I/O

Files Changed

starpunk/routes/admin.py: Added 5 lines (existence check)
tests/test_routes_admin.py: Simplified test to match ADR-012
CHANGELOG.md: Documented fix in v0.5.2

Version Update

Per docs/standards/versioning-strategy.md:

Previous: v0.5.1
New: v0.5.2
Type: PATCH (bug fix, no breaking changes)

Code Snippet

Complete delete route function after fix:

@bp.route("/delete/<int:note_id>", methods=["POST"])
@require_auth
def delete_note_submit(note_id: int):
    """
    Handle note deletion

    Deletes a note after confirmation.
    Requires authentication.

    Args:
        note_id: Database ID of note to delete

    Form data:
        confirm: Must be 'yes' to proceed with deletion

    Returns:
        Redirect to dashboard with success/error message

    Decorator: @require_auth
    """
    # Check if note exists first (per ADR-012)
    existing_note = get_note(id=note_id, load_content=False)
    if not existing_note:
        flash("Note not found", "error")
        return redirect(url_for("admin.dashboard")), 404

    # Check for confirmation
    if request.form.get("confirm") != "yes":
        flash("Deletion cancelled", "info")
        return redirect(url_for("admin.dashboard"))

    try:
        delete_note(id=note_id, soft=False)
        flash("Note deleted successfully", "success")
    except ValueError as e:
        flash(f"Error deleting note: {e}", "error")
    except Exception as e:
        flash(f"Unexpected error deleting note: {e}", "error")

    return redirect(url_for("admin.dashboard"))

Verification

Code Review Checklist

✅ Existence check is first operation (after docstring)
✅ Uses get_note(id=note_id, load_content=False) exactly
✅ Flash message is "Note not found" with category "error"
✅ Return statement is return redirect(url_for("admin.dashboard")), 404
✅ No changes to confirmation logic
✅ No changes to deletion logic
✅ No changes to exception handling
✅ No changes to imports (get_note already imported)
✅ Code matches update route pattern exactly

Documentation Checklist

✅ Implementation report created
✅ Changelog updated
✅ Version incremented
✅ ADR-012 compliance verified

Next Steps

This fix brings the test suite to 405/406 passing (99.75%). The remaining failing test (test_dev_mode_requires_dev_admin_me) is unrelated to this fix and will be addressed separately.

All admin routes now follow ADR-012 HTTP Error Handling Policy with 100% consistency.

References

ADR-012: HTTP Error Handling Policy
Architect Specs:
- docs/reports/delete-route-implementation-spec.md
- docs/reports/delete-nonexistent-note-error-analysis.md
- docs/reports/ARCHITECT-FINAL-ANALYSIS.md
Implementation Files:
- starpunk/routes/admin.py (lines 173-206)
- tests/test_routes_admin.py (lines 443-448)

Implementation Complete: ✅ Tests Passing: 405/406 (99.75%) ADR-012 Compliant: ✅ Pattern Consistent: ✅

9.1 KiB Raw Blame History