Refactor taxa list endpoints to follow the project-user membership API

[mihow]

Summary

Refactors taxa list endpoints to use a through model (TaxaListTaxon) instead of custom POST actions, following the same pattern as the project membership API for consistency and better RESTful design.

Changes

Backend

• Created TaxaListTaxon through model (ami/main/models.py:3606)

  • ForeignKeys to TaxaList and Taxon
  • Unique constraint on (taxa_list, taxon)
  • Permission checks for authenticated users

• Database migration (ami/main/migrations/0081_add_taxalist_taxon_through_model.py)

  • Creates through model table
  • Migrates existing M2M data (16,838 memberships preserved)
  • Updated TaxaList.taxa to use through parameter

• Created serializers (ami/main/api/serializers.py:672)

  • TaxaListTaxonSerializer - Create/update with validation
  • TaxaListTaxonListSerializer - Simplified for list views
  • Validates taxon existence and uniqueness
  • Returns proper error messages for duplicates

• Created TaxaListTaxonViewSet (ami/main/api/views.py:1633)

  • Nested routing under taxa lists
  • Standard CRUD operations
  • Custom delete_by_taxon action for convenience

• Updated router (config/api_router.py:40)

  • Added nested router configuration
  • Routes: /taxa/lists/{taxalist_id}/taxa/

• Removed deprecated actions

  • add_taxon() action from TaxaListViewSet
  • remove_taxon() action from TaxaListViewSet

Frontend

• Updated useAddTaxaListTaxon hook

  • Changed from POST /taxa/lists/{id}/add_taxon/ to POST /taxa/lists/{id}/taxa/

• Updated useRemoveTaxaListTaxon hook

  • Changed from POST /taxa/lists/{id}/remove_taxon/ to DELETE /taxa/lists/{id}/taxa/by-taxon/{taxon_id}/

Tests

• Comprehensive test suite (ami/main/tests/test_taxa_list_taxa_api.py)
  • 16 test cases covering all CRUD operations
  • Permission checks
  • Error cases (duplicates, non-existent taxa)
  • Data migration verification
  • All tests passing ✅

API Changes

New Endpoints

• GET /taxa/lists/{id}/taxa/ - List taxa in a taxa list
• POST /taxa/lists/{id}/taxa/ - Add taxon (201 Created, 400 if duplicate)
• GET /taxa/lists/{id}/taxa/{membership_id}/ - Retrieve membership details
• DELETE /taxa/lists/{id}/taxa/{membership_id}/ - Remove by membership ID (204 No Content)
• DELETE /taxa/lists/{id}/taxa/by-taxon/{taxon_id}/ - Remove by taxon ID (204 No Content, 404 if not found)

Removed Endpoints

• POST /taxa/lists/{id}/add_taxon/ (deprecated)
• POST /taxa/lists/{id}/remove_taxon/ (deprecated)

Benefits

1. Proper HTTP semantics: POST creates (201), DELETE destroys (204), duplicates return 400
2. RESTful design: Nested resources follow standard conventions
3. Better error handling: Clear error messages for invalid operations
4. Consistency: Matches the project membership API pattern
5. Backward compatibility: M2M relationship still works through the through model
6. Data integrity: Migration preserved all existing relationships
7. Test coverage: Comprehensive test suite for all operations

Testing

# Run all tests
docker compose run --rm django python manage.py test ami.main.tests.test_taxa_list_taxa_api

# Verify data migration
docker compose exec django python manage.py shell -c "
from ami.main.models import TaxaList, TaxaListTaxon
for taxa_list in TaxaList.objects.all():
    assert taxa_list.taxa.count() == TaxaListTaxon.objects.filter(taxa_list=taxa_list).count()
print('✓ All data preserved')
"

Checklist

• Backend implementation complete
• Frontend hooks updated
• Migration preserves existing data
• Tests added and passing
• API documentation updated in PR description
• Follows project membership API pattern

🤖 Generated with Claude Code

[netlify]

✅ Deploy Preview for antenna-preview ready!

Name	Link
🔨 Latest commit	4892c11
🔍 Latest deploy log	https://app.netlify.com/projects/antenna-preview/deploys/6982abe0eeccac0008a31cf6
😎 Deploy Preview	https://deploy-preview-1104--antenna-preview.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 62 (🔴 down 4 from production) Accessibility: 80 (no change from production) Best Practices: 100 (no change from production) SEO: 92 (no change from production) PWA: 80 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

• 🔍 Trigger a full review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/taxa-lists-through-model

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[annavik]

Is by-taxon in URL intentional or Claude being a bit creative? I think we can skip!

[mihow]

Haha yeah good catch! Maybe its clarifying that you are passing the taxon ID and not the ID of the lookup table entry (the "membership ID" for project-users). But I agree to remove it!

[annavik]

Thanks Michael, I tested it out, works well and the new structure seems more aligned! Error handling works better now as well, for example I get an error when trying to remove a taxon that is not part of the list.

Some remaining things (perhaps separate from this PR):

• Getting error 500 when creating new taxa list
• It would be helpful if we had a way to only return direct taxa (see screenshot)

For example here, only genus "Vanessa" is a member, which makes it a bit confusing to see the species. When trying to remove them, I can see they are not part of the list.

[mihow]

Thanks for testing @annavik! I will look into those issues

[mihow]

Added new include_descendants query param to the taxa list API! I set it to true by default since that is the current behavior. But I am fine to flip that.

New taxa management view only shows direct members

Existing taxa view still shows children/descendants

[mihow]

• I fixed the creation of taxa lists. This was interesting. We need to set the project that the taxa list belongs to. There could be a "security" issue here where you a user could add a list to a project they don't belong to. This is a wider issue though. You can't retrieve data from projects you don't belong to, but setting many-to-many relationships on other projects may need additional checks. I made a note of it and setup the structure so that should be easy to enforce when we do.

• I also removed the "by-taxon" url prefix