PATCH /doc/{docId} return 200 even when inconsistent values are sent

[hexaltation]

Describe the current behavior

Patching a document to change its type within API console we realized that values are not checked.
Supported DocTypes are "", "tutorial", "template" according to the code.

(

grist-core/app/common/UserAPI.ts

Line 131 in fb85f92

export type DocumentType = 'tutorial'|'template';

)
(

grist-core/app/common/UserAPI.ts

Line 154 in fb85f92

type: DocumentType|null;

)

However patching with type "nonsense" returns a 200 with a null response body.

curl -X 'PATCH' \
  'http://localhost:8484/api/docs/rmj1XMJ1CdPf84vdgWsMBu' \
  -H 'accept: */*' \
  -H 'Authorization: Bearer XXXXXXXXXXX' \
  -H 'Content-Type: application/json' \
  -d '{
  "type": "nonsense"
}'

Steps to reproduce

1. open console API
2. select PATCH docs/{docId} route
3. try to patch with

{
  "type": "someExoticType"
}

4. have a 200 as response and type set to "SomeExoticType" when using GET docs/{docId}

Describe the expected behavior

The API must return a 400 Bad request or a 422 Unprocessable Entity when trying to patch with invalid data.

May be we can validate data against a schema for keys expecting well defined values.

Where have you encountered this bug?

• On docs.getgrist.com
• On a self-hosted instance

Instance information (when self-hosting only)

No response