chore: migrate buttonblockupdate

[mikeallisonJS]

Summary by CodeRabbit

• New Features
  • Enhanced button update: richer validation, settings merge behavior and optional journeyId support.
• Chores
  • Button creation and update routed to the Modern API variant; legacy create path removed.
• Tests
  • Added comprehensive tests covering authorized/forbidden flows, validation errors, and settings merging.

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 17e926b

Command	Status	Duration	Result
nx run journeys-admin-e2e:e2e	✅ Succeeded	29s	View ↗
nx run resources-e2e:e2e	✅ Succeeded	14s	View ↗
nx run journeys-e2e:e2e	✅ Succeeded	27s	View ↗
nx run short-links-e2e:e2e	✅ Succeeded	3s	View ↗
nx run watch-e2e:e2e	✅ Succeeded	21s	View ↗
nx run videos-admin-e2e:e2e	✅ Succeeded	4s	View ↗
nx run player-e2e:e2e	✅ Succeeded	3s	View ↗
nx run-many --target=vercel-alias --projects=jo...	✅ Succeeded	2s	View ↗
Additional runs (20)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-13 01:08:26 UTC

[coderabbitai]

Warning

Rate limit exceeded

@mikeallisonJS has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 2 minutes and 52 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 9e55dbb7-1d4b-4d8e-b97a-b73ba0c5cd08

📥 Commits

Reviewing files that changed from the base of the PR and between 17e648a and 17e926b.

📒 Files selected for processing (2)

• apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts

Walkthrough

ButtonBlock creation was moved from the legacy api-journeys to the api-journeys-modern graph; the API gateway now routes buttonBlockCreate to the MODERN graph. The MODERN variant gained a new buttonBlockUpdate mutation and resolver + tests; legacy create mutation, input type, and resolver/tests were removed.

Changes

Cohort / File(s)	Summary
API Gateway apis/api-gateway/schema.graphql	Routed buttonBlockCreate to API_JOURNEYS_MODERN via @join__field(..., override: "api-journeys"); moved ButtonBlockCreateInput to MODERN-only declaration.
MODERN schema & implementation apis/api-journeys-modern/schema.graphql, apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts, apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts	Added buttonBlockUpdate mutation (optional journeyId) with @override; implemented resolver with auth/authorization (authorizeBlockUpdate), parent/icon validations, settings merge logic; added comprehensive tests for auth, validation, and settings merge.
MODERN exports apis/api-journeys-modern/src/schema/block/button/index.ts	Imported/registered new mutation modules (create + update).
Legacy schema removals apis/api-journeys/schema.graphql, apis/api-journeys/src/app/modules/block/button/button.graphql	Removed buttonBlockCreate mutation and ButtonBlockCreateInput from legacy api-journeys schema.
Legacy resolver & tests cleanup apis/api-journeys/src/app/modules/block/button/button.resolver.ts, apis/api-journeys/src/app/modules/block/button/button.resolver.spec.ts	Removed buttonBlockCreate resolver implementation and its test suite.
MODERN service helper apis/api-journeys-modern/src/schema/block/service.ts	Added authorizeBlockUpdate helper that fetches block with journey ACL and enforces Update permission.

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client
participant APIGateway
participant MODERN_API as api-journeys-modern
participant AuthSvc as authorizeBlockUpdate
participant DB
Client->>APIGateway: GraphQL mutation (buttonBlockUpdate/create routed)
APIGateway->>MODERN_API: Resolve mutation
MODERN_API->>AuthSvc: fetchBlockWithJourneyAcl + permission check
AuthSvc->>DB: query block & journey ACL
DB-->>AuthSvc: block with journey ACL
AuthSvc-->>MODERN_API: authorized block (or throw FORBIDDEN)
alt validating icons/parent
MODERN_API->>DB: validate parent/startIcon/endIcon
DB-->>MODERN_API: validation results
end
MODERN_API->>DB: update block (merged settings)
DB-->>MODERN_API: updated block
MODERN_API-->>APIGateway: mutation response
APIGateway-->>Client: return updated block

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'chore: migrate buttonblockupdate' is vague and uses non-descriptive terminology. It doesn't clearly convey what the migration entails or the primary changes to the codebase.	Revise the title to be more specific about the change, such as 'chore: migrate buttonBlockUpdate to API_JOURNEYS_MODERN graph' or similar, to better communicate the scope and nature of the migration.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 00-00-MA-chore-migrate-buttonblockupdate

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
short-links	✅ Ready	short-links preview	Fri Mar 13 14:03:50 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
journeys	✅ Ready	journeys preview	Fri Mar 13 14:04:01 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
resources	✅ Ready	resources preview	Fri Mar 13 14:04:20 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
videos-admin	✅ Ready	videos-admin preview	Fri Mar 13 14:03:54 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
journeys-admin	✅ Ready	journeys-admin preview	Fri Mar 13 14:04:25 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
watch	✅ Ready	watch preview	Fri Mar 13 14:04:10 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
player	✅ Ready	player preview	Fri Mar 13 14:03:51 NZDT 2026

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts (1)

23-33: Add one compatibility case that still sends journeyId.

The schema keeps journeyId during the override window, but this suite never exercises that call shape, so an accidental removal would slip through without a failing test.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts`
around lines 23 - 33, Add a compatibility test that calls the existing
BUTTON_BLOCK_UPDATE GraphQL mutation with the legacy variable shape including
journeyId to ensure the schema still accepts it; update the test suite in
buttonBlockUpdate.mutation.spec.ts to include a new it(...) case that sends
variables containing journeyId alongside id and input (use the same
BUTTON_BLOCK_UPDATE constant), assert the response matches expected fields and
that no errors occur, and clean up any mock/setup to accommodate this extra call
shape.

apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.spec.ts (2)

107-116: Consider asserting parentOrder in the response.

The GraphQL query requests parentOrder (line 29), and the mock returns parentOrder: 0 (line 69), but the response assertion doesn't verify this field. Adding this assertion would ensure the field is properly returned.

♻️ Suggested addition

     expect(result).toEqual({
       data: {
         buttonBlockCreate: expect.objectContaining({
           id: 'blockId',
           journeyId: 'journeyId',
           parentBlockId: 'parentId',
-          label: 'Button Label'
+          label: 'Button Label',
+          parentOrder: 0
         })
       }
     })

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.spec.ts`
around lines 107 - 116, The test for buttonBlockCreate is missing an assertion
for the parentOrder field returned by the mutation; update the expectation on
result to include parentOrder: 0 alongside id/journeyId/parentBlockId/label so
the test verifies the field requested in the GraphQL query (refer to the result
object and buttonBlockCreate in buttonBlockCreate.mutation.spec.ts and the mock
that returns parentOrder: 0).

---

35-38: Consider using jest.mocked() helper for better type safety.

Using jest.mocked() instead of require + type casting provides better TypeScript support and is the recommended approach in modern Jest.

♻️ Suggested refactor

-  const {
-    fetchJourneyWithAclIncludes
-  } = require('../../../lib/auth/fetchJourneyWithAclIncludes')
-  const mockAbility = ability as jest.MockedFunction<typeof ability>
+  const mockFetchJourneyWithAclIncludes = jest.mocked(
+    (await import('../../../lib/auth/fetchJourneyWithAclIncludes')).fetchJourneyWithAclIncludes
+  )
+  const mockAbility = jest.mocked(ability)

Alternatively, if the import approach doesn't work with your setup, jest.mocked() can still be used for the ability cast:

-  const mockAbility = ability as jest.MockedFunction<typeof ability>
+  const mockAbility = jest.mocked(ability)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.spec.ts`
around lines 35 - 38, Replace the manual require and cast pattern with Jest's
typed helper: import or require the module exporting fetchJourneyWithAclIncludes
and use jest.mocked(fetchJourneyWithAclIncludes) (or jest.mocked(ability) for
the ability helper) to create typed mocks; update references to mockAbility to
use the value returned by jest.mocked(ability) and remove the explicit "as
jest.MockedFunction" cast so the mock has proper TypeScript types and
IntelliSense.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.ts`:
- Around line 45-60: Before creating the ButtonBlock, verify that when
input.parentBlockId is provided the referenced parent block belongs to the same
journey (input.journeyId): inside the prisma.$transaction (use tx), query the
parent block (e.g., tx.block.findUnique/findFirst) filtering by id and journeyId
and if not found throw/return a validation error; only proceed to
tx.block.create and connect parentBlock by id after this check so
getSiblingsInternal and parentOrder remain consistent; reference
getSiblingsInternal, tx.block.create, input.parentBlockId, and input.journeyId
when adding this guard.

In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts`:
- Around line 48-76: Reorder the checks so legacy icon-validation runs before
loading the target block and ACL: move the validateBlock checks for
input.startIconId and input.endIconId to occur before the call to
fetchBlockWithJourneyAcl(id). Keep the same error types and messages (throw
GraphQLError with extensions { code: 'BAD_USER_INPUT' } when validateBlock
fails) and leave the subsequent ability(...) / fetchBlockWithJourneyAcl(id)
logic (including Action.Update and abilitySubject('Journey', block.journey))
unchanged to preserve wire-compatible behavior.

---

Nitpick comments:
In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.spec.ts`:
- Around line 107-116: The test for buttonBlockCreate is missing an assertion
for the parentOrder field returned by the mutation; update the expectation on
result to include parentOrder: 0 alongside id/journeyId/parentBlockId/label so
the test verifies the field requested in the GraphQL query (refer to the result
object and buttonBlockCreate in buttonBlockCreate.mutation.spec.ts and the mock
that returns parentOrder: 0).
- Around line 35-38: Replace the manual require and cast pattern with Jest's
typed helper: import or require the module exporting fetchJourneyWithAclIncludes
and use jest.mocked(fetchJourneyWithAclIncludes) (or jest.mocked(ability) for
the ability helper) to create typed mocks; update references to mockAbility to
use the value returned by jest.mocked(ability) and remove the explicit "as
jest.MockedFunction" cast so the mock has proper TypeScript types and
IntelliSense.

In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts`:
- Around line 23-33: Add a compatibility test that calls the existing
BUTTON_BLOCK_UPDATE GraphQL mutation with the legacy variable shape including
journeyId to ensure the schema still accepts it; update the test suite in
buttonBlockUpdate.mutation.spec.ts to include a new it(...) case that sends
variables containing journeyId alongside id and input (use the same
BUTTON_BLOCK_UPDATE constant), assert the response matches expected fields and
that no errors occur, and clean up any mock/setup to accommodate this extra call
shape.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 1c0aeb61-55ad-43f0-8bf5-dbccd5bdcfb8

📥 Commits

Reviewing files that changed from the base of the PR and between 5d9df9a and 6f92823.

📒 Files selected for processing (7)

• apis/api-gateway/schema.graphql
• apis/api-journeys-modern/schema.graphql
• apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/block/button/buttonBlockCreate.mutation.ts
• apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts
• apis/api-journeys-modern/src/schema/block/button/index.ts

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts`:
- Around line 11-20: The query in validateBlock uses prisma.block.findUnique
with a non-unique field (deletedAt); replace the findUnique call in
validateBlock with prisma.block.findFirst and include the compound condition in
the where clause (e.g., where: { id, parentBlockId, deletedAt: null }) so you
can simply return whether a matching block exists; update the call site in the
validateBlock function accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 429d3b3a-842a-45fb-82f1-361061bc7959

📥 Commits

Reviewing files that changed from the base of the PR and between ddc75d0 and 17e648a.

📒 Files selected for processing (3)

• apis/api-journeys-modern/src/schema/block/button/buttonBlockUpdate.mutation.ts
• apis/api-journeys-modern/src/schema/block/service.ts
• apis/api-journeys/src/app/modules/block/button/button.resolver.spec.ts

💤 Files with no reviewable changes (1)

• apis/api-journeys/src/app/modules/block/button/button.resolver.spec.ts