PATCH /api/snowball/order silently swallows invalid rows #52
Labels
No Label
architecture
backend
bug
feature
frontend
priority:critical
priority:high
priority:low
priority:medium
priority:nice-to-have
ux
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: null/BillTracker#52
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Severity: MED 🟡
Affected Files
routes/snowball.js— ~line 220Problem
PATCH /api/snowball/orderaccepts an array of{id, snowball_order}pairs and updates each one. Invalid or non-integersnowball_ordervalues are quietly skipped:The client receives a 200 with no indication that some rows failed to reorder. There's no count of skipped rows, no validation error, no partial success indicator.
Impact
Fix
Return a summary in the response:
Or reject the entire request if any items are invalid (preferred — keeps client and server in sync).
Acceptance Criteria
snowball_ordervalues are reported to the clientFixed in
44320a7. Pre-validates all rows before touching the DB, rejects bad entries with a 400, addsdeleted_at IS NULLfilter, returns updated count.