fix: pedigree edits are not saved (#2112)

[stolpeo]

Summary by CodeRabbit

• New Features

  • The presetset field is now writable, allowing for more flexible data input.
  • The pedigree field is no longer read-only, enabling updates.

• Bug Fixes

  • Improved validation for the presetset field to handle empty and non-existent values more effectively.

• Documentation

  • Added detailed descriptions to the OpenAPI schema for various endpoints, enhancing clarity.
  • Updated API documentation to reflect changes in the pedigree property structure and requirements.

[coderabbitai]

Walkthrough

The pull request modifies the CaseSerializerNg class in backend/cases/serializers.py. It updates the to_internal_value method to make the presetset field writable, introducing logic to handle its presence and validity. The read_only_fields attribute is adjusted to remove the pedigree field, allowing it to be writable, while keeping pedigree_obj as read-only. Additionally, a docstring is added to the get_caseqc method for clarity on its functionality related to CaseQc records. The OpenAPI schema for the VarFish API is also updated to reflect these changes.

Changes

File	Change Summary
backend/cases/serializers.py	Updated to_internal_value method in CaseSerializerNg to handle writable presetset field. Removed pedigree from read_only_fields. Added docstring to get_caseqc method.
backend/varfish/tests/drf_openapi_schema/varfish_api_schema.yaml	Updated CaseSerializerNg, CaseSerializerNgRequest, and PatchedCaseSerializerNgRequest schemas to include pedigree property and its requirements.

Possibly related PRs

• fix: annotated sv not listed in case annotations (#2015) #2030: The changes in the CaseSerializerNg class regarding the presetset field and the pedigree property are related to the modifications in the OpenAPI schema for CaseSerializerNg, which now includes the pedigree property as an object instead of being read-only.

Poem

In the land of code where rabbits play,
A presetset field found its way,
No longer just a read-only sight,
Now writable, it hops with delight!
With pedigree freed, it’s a joyful cheer,
As CaseQc shines, the path is clear! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

deps-report 🔍

Commit scanned: aa3933f
ℹ️ Python version 3.10 is used by your project but the latest version is 3.13.

Vulnerable dependencies

4 dependencies have vulnerabilities 😱

Dependency	Advisory	Versions impacted
djangorestframework (transitive)	Affected versions of the package djangorestframework are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with tags.	<3.15.2
jinja2 (transitive)	In Jinja2, the from_string function is prone to Server Side Template Injection (SSTI) where it takes the source parameter as a template object, renders it, and then returns it. The attacker can exploit it with INJECTION COMMANDS in a URI. NOTE: The maintainer and multiple third parties believe that this vulnerability isn't valid because users shouldn't use untrusted templates without sandboxing.	>=0
setuptools (transitive)	Affected versions of Setuptools allow for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.	<70.0.0
sqlalchemy	Sqlalchemy 2.0.0b1 avoids leaking cleartext passwords to the open for careless uses of str(engine.URL()) in logs and prints. sqlalchemy/sqlalchemy#8563	<2.0.0b1

Outdated dependencies

57 outdated dependencies found (including 22 outdated major versions)😢

Dependency	Installed version	Latest version
alabaster (transitive)	0.7.16	1.0.0
aldjemy	2.6	3.0
argon2-cffi (transitive)	21.3.0	23.1.0
async-timeout (transitive)	4.0.3	5.0.1
billiard (transitive)	3.6.4.0	4.2.1
crispy-bootstrap4 (transitive)	2022.1	2024.10
django	3.2.25	5.1.3
django-model-utils (transitive)	4.3.1	5.0.0
django-rest-knox (transitive)	4.2.0	5.0.2
django-sodar-core	0.13.4	1.0.2
et-xmlfile (dev,transitive)	1.1.0	2.0.0
markupsafe (transitive)	2.1.5	3.0.2
mistune (transitive)	2.0.5	3.0.2
packaging (transitive)	23.2	24.2
pillow (transitive)	10.4.0	11.0.0
protobuf	3.20.3	5.28.3
setuptools (transitive)	67.6.1	75.3.0
sphinx (transitive)	6.2.1	8.1.3
sphinx-rtd-theme (transitive)	1.2.2	3.0.1
sqlalchemy	1.4.54	2.0.36
unidecode (transitive)	0.4.21	1.3.8
xmlschema (transitive)	2.5.1	3.4.3

Dependency	Installed version	Latest version
botocore (transitive)	1.35.36	1.35.57
celery (transitive)	5.2.7	5.4.0
charset-normalizer (transitive)	3.3.2	3.4.0
coverage (dev,transitive)	7.6.1	7.6.4
cryptography (transitive)	43.0.1	43.0.3
django-autocomplete-light (transitive)	3.9.4	3.11.0
django-crispy-forms (transitive)	2.0	2.3
django-db-file-storage (transitive)	0.5.5	0.5.6.1
django-debug-toolbar	4.3.0	4.4.6
django-environ (transitive)	0.10.0	0.11.2
django-iconify (transitive)	0.1.1	0.4
django-plugins-bihealth	0.4.0	0.5.2
django-postgres-copy	2.3.7	2.7.6
djangorestframework (transitive)	3.14.0	3.15.2
docutils (transitive)	0.18.1	0.21.2
drf-keyed-list-bihealth	0.1.1	0.2.1
drf-spectacular-sidecar (transitive)	2024.7.1	2024.11.1
elementpath (transitive)	4.5.0	4.6.0
frozenlist (transitive)	1.4.1	1.5.0
ipython (dev,transitive)	8.28.0	8.29.0
markdown (transitive)	3.4.1	3.7
mypy-protobuf (dev)	3.3.0	3.6.0
psycopg2 (transitive)	2.9.9	2.9.10
psycopg2-binary (transitive)	2.9.9	2.9.10
pydantic-core (transitive)	2.23.4	2.26.0
regex (transitive)	2024.9.11	2024.11.6
requests-http-signature	0.2.0	0.7.1
rpds-py (transitive)	0.20.0	0.21.0
rules (transitive)	3.3	3.5
sentry-sdk	2.17.0	2.18.0
typer (transitive)	0.12.5	0.13.0
types-psycopg2 (dev,transitive)	2.9.21.20240819	2.9.21.20241019
versioneer (transitive)	0.28	0.29
wheel (transitive)	0.40.0	0.45.0
yarl (transitive)	1.15.5	1.17.1

_Logs

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Reviewing files that changed from the base of the PR and between 5b2c670 and aa3933f.

📒 Files selected for processing (2)

• backend/cases/serializers.py (0 hunks)
• backend/varfish/tests/drf_openapi_schema/varfish_api_schema.yaml (4 hunks)

💤 Files with no reviewable changes (1)

• backend/cases/serializers.py

[coderabbitai]

⚠️ Potential issue

Add schema validation and documentation for pedigree field.

The pedigree field is currently defined as an empty object without any schema validation or documentation. This could lead to data integrity issues and make the API harder to use correctly.

Consider:

1. Adding a proper schema definition for the pedigree object structure
2. Documenting the expected format and required fields
3. Adding validation rules to ensure data consistency

Example schema structure:

pedigree:
  type: object
  description: Pedigree information defining family relationships and affected status
  required:
    - members
  properties:
    members:
      type: array
      items:
        type: object
        required:
          - id
          - father
          - mother
          - sex
          - affected
        properties:
          id: 
            type: string
          father:
            type: string
          mother:
            type: string
          sex:
            type: string
            enum: ['1', '2']
          affected:
            type: string
            enum: ['1', '2']

Also applies to: 6155-6175

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91%. Comparing base (2b720bf) to head (aa3933f).
Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main   #2113   +/-   ##
=====================================
  Coverage     91%     91%           
=====================================
  Files        678     678           
  Lines      38537   38537           
=====================================
  Hits       35140   35140           
  Misses      3397    3397           

Files with missing lines	Coverage Δ
backend/cases/serializers.py	98% <ø> (ø)