chore: imageblockupdate modern

[mikeallisonJS]

Summary by CodeRabbit

• New Features

  • Added a new mutation to update image blocks with configurable properties.

• Tests

  • Added comprehensive test coverage for the image block update mutation, including authorization and validation scenarios.

[coderabbitai]

Walkthrough

This PR adds a new imageBlockUpdate GraphQL mutation to the api-journeys-modern service and updates the API gateway schema federation to route the mutation through the modern service with a deprecation override for the legacy api-journeys service.

Changes

Cohort / File(s)	Summary
GraphQL Schema Federation apis/api-gateway/schema.graphql	Updated the Mutation.imageBlockUpdate directive to target API_JOURNEYS_MODERN instead of API_JOURNEYS, establishing federation routing with an override to the legacy service.
API Journeys Modern Schema apis/api-journeys-modern/schema.graphql	Added new imageBlockUpdate mutation field accepting id, input, and optional journeyId parameters, returning ImageBlock with @override directive indicating it replaces the legacy api-journeys field.
Image Block Update Mutation Implementation apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.ts	Implemented the mutation resolver with authentication requirement, block authorization check, input transformation, and Prisma transactional updates to both block and journey records.
Image Block Update Tests apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts	Added comprehensive Jest test suite covering authorization scenarios (authorized/unauthorized), full and partial input updates, Prisma call verification, and GraphQL response validation.
Module Integration apis/api-journeys-modern/src/schema/block/image/index.ts	Imported the new imageBlockUpdate.mutation module as a side effect to register the mutation in the schema.

Sequence Diagram(s)

sequenceDiagram
    actor Client
    participant GraphQL as GraphQL Resolver
    participant Auth as Authorization
    participant Transform as Input Transform
    participant DB as Prisma (Database)
    participant Response

    Client->>GraphQL: imageBlockUpdate(id, input, journeyId)
    GraphQL->>Auth: authorizeBlockUpdate(id, user)
    alt Authorized
        Auth-->>GraphQL: ✓ Permission granted
        GraphQL->>Transform: transformInput(input)
        Transform-->>GraphQL: transformed input
        GraphQL->>DB: block.update(where: {id}, data: {...})
        GraphQL->>DB: journey.update(where: {id}, data: {...})
        DB-->>GraphQL: updated ImageBlock
        GraphQL-->>Response: ImageBlock data
        Response-->>Client: mutation success
    else Unauthorized
        Auth-->>GraphQL: ✗ Permission denied
        GraphQL-->>Response: error: "User not allowed"
        Response-->>Client: error response
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: imageblockcreate modern #8980: Added imageBlockCreate mutation to the same service with overlapping patterns for input transformation, authorization checks, and schema federation setup via @override directive.

Suggested reviewers

• csiyang

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: migrating the imageBlockUpdate mutation to the modern API.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 26-00-MA-chore-imageblockupdate-modern

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

🤖 Nx Cloud AI Fix Eligible

An automatically generated fix could have helped fix failing tasks for this run, but Self-healing CI is disabled for this workspace. Visit workspace settings to enable it and get automatic fixes in future runs.

_{To disable these notifications, a workspace admin can disable them in workspace settings.}

---

View your CI Pipeline Execution ↗ for commit 85d5e93

Command	Status	Duration	Result
nx run journeys-e2e:e2e	❌ Failed	4m 9s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-04-09 21:25:38 UTC

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
player	✅ Ready	player preview	Thu Apr 9 14:23:37 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
journeys	✅ Ready	journeys preview	Thu Apr 9 14:23:46 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
short-links	✅ Ready	short-links preview	Thu Apr 9 14:23:49 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
videos-admin	✅ Ready	videos-admin preview	Thu Apr 9 14:24:01 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
resources	✅ Ready	resources preview	Thu Apr 9 14:24:06 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
journeys-admin	✅ Ready	journeys-admin preview	Thu Apr 9 14:24:15 NZST 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
watch	✅ Ready	watch preview	Thu Apr 9 14:24:01 NZST 2026

[blacksmith-sh]

Found 1 test failure on Blacksmith runners:

Failure

Test	View Logs
src/e2e/journeys.spec.ts/journeys	View Logs

[stage-branch-merger]

I see you added the "on stage" label, I'll get this merged to the stage branch!

[stage-branch-merger]

Merge conflict attempting to merge this into stage. Please fix manually.

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts (1)

89-89: Replace cb: any with a concrete callback type.

A concrete type is available here (typeof tx), so any should be avoided in these transaction mock callbacks.

Suggested patch

-    prismaMock.$transaction.mockImplementation(async (cb: any) => await cb(tx))
+    prismaMock.$transaction.mockImplementation(
+      async (cb: (txArg: typeof tx) => Promise<unknown>) => await cb(tx)
+    )
@@
-    prismaMock.$transaction.mockImplementation(async (cb: any) => await cb(tx))
+    prismaMock.$transaction.mockImplementation(
+      async (cb: (txArg: typeof tx) => Promise<unknown>) => await cb(tx)
+    )
@@
-    prismaMock.$transaction.mockImplementation(async (cb: any) => await cb(tx))
+    prismaMock.$transaction.mockImplementation(
+      async (cb: (txArg: typeof tx) => Promise<unknown>) => await cb(tx)
+    )

As per coding guidelines, **/*.{ts,tsx}: “Define a type if possible.”

Also applies to: 198-198, 275-275

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts`
at line 89, The jest mock for prismaMock.$transaction currently types the
callback parameter as any; change the parameter type for the mockImplementation
arrow function so the callback is typed using typeof tx (e.g. cb: (client:
typeof tx) => Promise<unknown>) instead of any. Update the mock at
prismaMock.$transaction.mockImplementation(async (cb: any) => await cb(tx)) to
use the concrete callback type referencing tx so TypeScript can validate the
callback signature; apply the same replacement for the other occurrences noted
(lines around the other prismaMock.$transaction mocks).

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In
`@apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts`:
- Around line 55-57: Replace the loose callback typing "cb: any" in the
$transaction mock implementations with the proper Prisma transaction callback
type, e.g. use the signature (cb: (prisma: Prisma.TransactionClient) =>
Promise<any>) or a generic version like <T>(cb: (prisma:
Prisma.TransactionClient) => Promise<T>) to type the parameter; import
Prisma.TransactionClient from `@prisma/client` and update the three $transaction
mockImplementation occurrences (the mocks that accept "cb") in
imageBlockUpdate.mutation.spec.ts so the cb parameter is explicitly typed
accordingly.

In
`@apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.ts`:
- Line 2: The image block update mutation (imageBlockUpdate.mutation) currently
calls authorizeBlockUpdate and update but never validates the supplied
parentBlockId; insert a call to validateParentBlock(parentBlockId, ctx) (or the
same validateParentBlock signature used elsewhere) immediately after
authorizeBlockUpdate(...) and before calling update(...) so the parentBlockId is
checked for cross-journey/invalid linkage; apply the same change pattern used in
other block create/update mutations (e.g., lines 22-26 equivalents) to ensure
consistent parent validation.
- Around line 25-26: The issue: calling transformInput unconditionally on
args.input can overwrite existing image metadata (width/height/blurhash) when
src is omitted. Fix by fetching the existing record (using id) and only apply
transformInput when args.input.src is present, otherwise merge args.input into
the existing values so width/height/blurhash are preserved; update should be
called with a merged object (e.g., existing + args.input) or with transformed
values only when transformInput runs. Modify the logic around transformInput,
id, args.input and the call to update to ensure partial updates don't zero out
image metadata.

---

Nitpick comments:
In
`@apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts`:
- Line 89: The jest mock for prismaMock.$transaction currently types the
callback parameter as any; change the parameter type for the mockImplementation
arrow function so the callback is typed using typeof tx (e.g. cb: (client:
typeof tx) => Promise<unknown>) instead of any. Update the mock at
prismaMock.$transaction.mockImplementation(async (cb: any) => await cb(tx)) to
use the concrete callback type referencing tx so TypeScript can validate the
callback signature; apply the same replacement for the other occurrences noted
(lines around the other prismaMock.$transaction mocks).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 77e35cbe-53ec-487f-924d-4c20e66e62f2

📥 Commits

Reviewing files that changed from the base of the PR and between 1653c0c and 85d5e93.

📒 Files selected for processing (5)

• apis/api-gateway/schema.graphql
• apis/api-journeys-modern/schema.graphql
• apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.spec.ts
• apis/api-journeys-modern/src/schema/block/image/imageBlockUpdate.mutation.ts
• apis/api-journeys-modern/src/schema/block/image/index.ts