improve postman workflow tests

[dario-daza]

Proposed Changes

• change 1
• change 2

Checklist

• Tests
• Translations
• Security Implications Contemplated (add notes if applicable)

Additional Info

** any additional useful context or info **

Screenshots

Original	Updated
** original screenshot **	** updated screenshot **

This PR fixes: #35471

[claude]

Claude finished @dario-daza's task in 3m 37s —— View job

---

Review

• Read PR diff against origin/main
• Examine the modified Postman collection
• Verify JSON validity & uniqueness of test names
• Check for risky changes (auth, secrets, hard-coded IDs)
• Post review findings

The collection is valid JSON and the migration to bearer-JWT auth + {{serverURL}} is a clear win. But there are several real problems below — most importantly the PR doesn't actually exercise the endpoint named in #35471, and roughly half the tests still reference hardcoded IDs that don't exist on a fresh dotCMS.

---

Significant issues

1. The endpoint referenced by #35471 isn't tested.
Issue #35471 is "endpoint to return workflow schemes for a list of content types." The only related test, findAllSchemesAndSchemesByContentType, still GETs …/schemes/schemescontenttypes/{{contentTypeId}} — a single content-type ID. No request exercises the multi-ID path that the issue exists to add. If the API change is supposed to land alongside this, please add a request that submits more than one ID. If it's a separate PR, the PR title shouldn't link to #35471 via the "fixes" footer.

2. ~15 tests still contain hardcoded UUIDs that won't exist in any clean dotCMS instance.
These will return 404/400 against the assertion pm.response.to.have.status(200), so the test will fail unless someone has a database that matches the dev machine that originally exported the collection:

• Step IDs: 6cb7e3bd-1710-4eed-…, ee24a4cb-…, dc3c9cd0-…, f7dc56cd-…, 0c5018fc-…, 94178d17-…
• Action IDs: 4958588d-…-4ded (truncated), 777f1c6b-…, 658278d3-…, c8a03c24-…, 7075981c-…, 936f14eef2 (truncated)
• Scheme IDs: 766d9cef-…, d61a59e1a4 (truncated), 211040db-…, 85c1515c-…, bf886961-…
• Inode 678d00bf-…, role 654b0931-…

These need to be either (a) replaced with collection variables populated from prior Setup requests (findStepsByScheme returns step IDs, findActionsByScheme returns action IDs, etc.), or (b) the test should create the entity it later references, or (c) the request should be removed if it's purely "documentation". The current state means most assertions are silently broken even after this PR.

3. No teardown — test data accumulates.
Setup creates Styles_Test_ContentType_{{$timestamp}} and a contentlet on every run. There's no matching DELETE in a Cleanup folder. Over many CI runs this clutters the DB and risks hitting limits/perf issues. Add a final folder that deletes the created content type (and any extra schemes/steps created by saveScheme, addStep, etc.).

4. systemWorkflowId is set inside Create Test Content Type's pre-request.
File: Workflow Resource.json:81. If a user re-runs a single later test in Postman, that pre-request doesn't fire and {{systemWorkflowId}} is empty — every dependent request breaks. Either set it as a default value on the collection variable (alongside localServer, hostname, etc.) or move it to the collection-level pre-request.

5. Setup folder indentation is broken.
Create Test Contentlet 1 (lines 125–181) uses 2-space indentation while the rest of the file uses tabs. JSON parses fine, but git diff / re-exports will produce noisy diffs forever. Run the file through jq . --tab or re-export from Postman.

---

Smaller things

• Stray empty line in findAvailableActions.event[0].script.exec (line 322) — "…" blank entry at the end.
• Misleading test name "Test Rich Text created successfully" on line 132 — the contentlet is ImmutableSimpleContentType, not rich text.
• Contentlet_1 variable is set (line 135) but never used — remove it, or use it.
• Redundant per-request auth on Create Test Content Type (lines 84–93) — collection-level bearer is already applied, so the inner block is dead config.
• localServer variable still defined with http://localhost:8080 (line ~1432) but no test references it anymore. Remove.
• Test-event with empty exec: [""] in the collection-level test event (line ~2069 in the diff). Drop the event.
• Weak assertions: most tests assert only HTTP 200. For findAllSchemesAndSchemesByContentType you assert body contains "schemes" and "contentTypeSchemes" — apply that pattern elsewhere (especially for the new list endpoint, once added).
• PR description is template placeholder ("change 1", "change 2", "** original screenshot **"). Please fill in what was changed and why; reviewers and the future archeologist will thank you.

---

What's good

• Migrating from hardcoded basic auth to collection-level JWT bearer is the right move and removes plaintext admin/admin from the repo. The pre-request that mints a token from {{user}} / {{password}} env vars is well-structured.
• Switching from http://localhost:8080 to {{serverURL}} makes the collection portable.
• Threading contentTypeId / contentletInode_1 / actionId through collection variables is the right pattern — please extend it to the remaining hardcoded IDs.
• indexPolicy=WAIT_FOR on the contentlet create is the correct knob for deterministic downstream lookups.
  • Branch: 35471-task-content-drive-endpoint-to-return-workflow-schemes-for-a-list-of-content-types