posta/server
0
0
Fork 0
Code Issues 13 Pull requests Projects Releases Packages Wiki Activity

S4: Drop avatar field from PATCH /api/v1/identity #17

New issue
Open
opened 2026-05-12 23:44:42 +02:00 by arne · 1 comment
arne commented 2026-05-12 23:44:42 +02:00
Owner
Copy link

Parent

posta/server#15 — Operator-uploaded avatar served from the identity's URL

What to build

Remove the avatar field from the accepted body shape of
PATCH /api/v1/identity. After this slice the only way to set or clear
an identity's avatar is via the new PUT/DELETE /api/v1/identity/avatar
endpoints (S1, S2) — guaranteeing the identity.avatar column always
points at a real file the daemon hosts under a content-addressed URL.

End-to-end behaviour after this slice:

  • PATCH /api/v1/identity with {"avatar": "..."} is rejected with
    400 unsupported-field (or silently ignores the field — implementation
    choice at build; pick whichever matches existing PATCH behaviour for
    unknown fields).
  • PATCH /api/v1/identity with {"name": "...", "about": "..."}
    continues to work unchanged.
  • The identity row's avatar column is only ever mutated by the new
    upload/delete handlers (or by identity add --name=... at bootstrap,
    if that path touches it — which it doesn't today).

Acceptance criteria

  • internal/api/identity.go (or wherever PATCH lives) no longer
    accepts an avatar field in the request body. Either the field
    is rejected explicitly with 400 and a clear error message, or
    it's silently dropped on parse — match the existing pattern that
    handler uses for other unknown fields.
  • A test covers: PATCH {"name": "Arne", "avatar": "x"} either
    rejects the request or sets only name (no avatar update).
  • Existing PATCH tests for name/about round-trip continue to pass.
  • CLIENT_API.md (or whatever client-facing doc describes PATCH) is
    updated to drop the avatar field from the accepted set, with
    a one-line pointer to PUT /api/v1/identity/avatar (S1).
  • go build ./... and go test ./... pass.

Blocked by

None — independent of the upload-path slices. No client uses
PATCH /api/v1/identity to set the avatar field today (per #15
problem statement), so this can ship in any order relative to S1–S3.

## Parent posta/server#15 — Operator-uploaded avatar served from the identity's URL ## What to build Remove the `avatar` field from the accepted body shape of `PATCH /api/v1/identity`. After this slice the only way to set or clear an identity's avatar is via the new `PUT`/`DELETE /api/v1/identity/avatar` endpoints (S1, S2) — guaranteeing the `identity.avatar` column always points at a real file the daemon hosts under a content-addressed URL. End-to-end behaviour after this slice: - `PATCH /api/v1/identity` with `{"avatar": "..."}` is rejected with `400 unsupported-field` (or silently ignores the field — implementation choice at build; pick whichever matches existing PATCH behaviour for unknown fields). - `PATCH /api/v1/identity` with `{"name": "...", "about": "..."}` continues to work unchanged. - The identity row's `avatar` column is only ever mutated by the new upload/delete handlers (or by `identity add --name=...` at bootstrap, if that path touches it — which it doesn't today). ## Acceptance criteria - [ ] `internal/api/identity.go` (or wherever PATCH lives) no longer accepts an `avatar` field in the request body. Either the field is rejected explicitly with `400` and a clear error message, or it's silently dropped on parse — match the existing pattern that handler uses for other unknown fields. - [ ] A test covers: `PATCH {"name": "Arne", "avatar": "x"}` either rejects the request or sets only `name` (no avatar update). - [ ] Existing PATCH tests for `name`/`about` round-trip continue to pass. - [ ] CLIENT_API.md (or whatever client-facing doc describes PATCH) is updated to drop the `avatar` field from the accepted set, with a one-line pointer to `PUT /api/v1/identity/avatar` (S1). - [ ] `go build ./...` and `go test ./...` pass. ## Blocked by None — independent of the upload-path slices. No client uses `PATCH /api/v1/identity` to set the avatar field today (per #15 problem statement), so this can ship in any order relative to S1–S3.
arne commented 2026-05-13 01:21:16 +02:00
Author
Owner
Copy link

This was generated by AI during triage.

Independent contract-hygiene slice. Drops the avatar field from PATCH /api/v1/identity's accepted body shape so the new upload path (#16) is the only way to mutate the avatar URL. No client uses PATCH for avatars today, so this can ship in any order relative to S1–S3.

Acceptance criteria above already function as an agent brief.

Category: enhancement
State: ready-for-agent

> *This was generated by AI during triage.* Independent contract-hygiene slice. Drops the `avatar` field from `PATCH /api/v1/identity`'s accepted body shape so the new upload path (#16) is the only way to mutate the avatar URL. No client uses PATCH for avatars today, so this can ship in any order relative to S1–S3. Acceptance criteria above already function as an agent brief. **Category:** enhancement **State:** ready-for-agent
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
marcus/allow_embed
bases
No results found.
Labels
Clear labels   
bug
Something is broken

  
enhancement
New feature or improvement

  
needs-info
Waiting on reporter for more information

  
needs-triage
Awaiting triage

  
ready-for-agent
Fully specified, ready for an AFK agent

  
ready-for-human
Needs human implementation

  
wontfix
Will not be actioned

No labels
bug
enhancement
needs-info
needs-triage
ready-for-agent
ready-for-human
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
posta/server#17
No description provided.