-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RESTful API endpoints for Groups customizations #570
Conversation
ab8390d
to
4f5452c
Compare
4f5452c
to
46990fd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tsibley this is still in early stages, just focused on GET /groups/:groupName/overview
. I have some https://github.com/nextstrain/nextstrain.org/labels/request%20for%20comments to make sure I'm doing this right!
46990fd
to
4f5452c
Compare
4f5452c
to
d817a3b
Compare
d817a3b
to
5dbab20
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tsibley progress here is just GET/PUT overview. Would you be able to review before I extend this approach to more endpoints?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I think this is the right direction!
Left lots of minor notes and comments for your discretion, plus a few actual requested changes.
BTW, in your testing notes above, the PUT of the overview markdown uses Accept instead of Content-Type. |
Good catch, but also this means it worked without the |
Ah, good point. Looking closer, that's because the PUT endpoints are using |
8aa733c
to
25bccef
Compare
This is in line with the existing doc on groups access [[1]]. However, a better alternative would be to use a new authz tag for Group as proposed in [[2]]. [1]: https://github.com/nextstrain/docs.nextstrain.org/blob/5b5f71fcfa65463c3920cfbdd340814d2be9e5d9/src/learn/groups/index.rst?plain=1#L122-L128 [2]: #570 (comment)
6f3867d
to
2adabdb
Compare
1542f8f
to
d70cd69
Compare
e3736a2
to
0d8c4a6
Compare
@victorlin Sorry this fell off my radar for a bit. I submitted some comments above (some of which were sitting pending for a week without me realizing they hadn't been submitted :-/). I want to get this across the line soon—it's been dragging out thru no fault of your own—so I'll prioritize more conversation around it. I also need to swap context back in for how it interacts with #581 and your comments there. |
…ception classes Otherwise we have to do string comparison on the exception names instead of cleaner instanceof checks. I was confused for a bit because the documentation says you can import these classes but that wasn't working in practice when I first tried it. Turns out we require 3.52.0 and the classes weren't exported until 3.53.0, just one release later!
Force-pushing rebase onto latest changes from #583.
EDIT: see #570 (comment) for a better version of this. |
0d8c4a6
to
25235ff
Compare
Jest version 26 does not play well with ESM circular dependencies (to be added in future commits) that work fine in production. Errors look like: RangeError: Maximum call stack size exceeded Exception in PromiseRejectCallback: internal/vm/module.js:321 const module = await linker(identifier, this); These errors go away with the next major version (27).
For actions on the group itself (e.g. membership management) rather than the group's Source of datasets and narratives.
The Group management API (members, roles, overview, logo, etc) will live under here. Using a single namespace (…/settings/…) means we only add a single new forbidden prefix for user-chosen dataset names in the group (i.e. in addition to the existing …/narratives/… namespace). Routes under this namespace are only visible to users with Read access to the Group itself (not the GroupSource), i.e. access is limited to group members even for public groups.
7d3d254
to
cf28b8c
Compare
@tsibley see 9a1902b...833ea30 which is the new version of e98a3ea...39d4db2 (commits that were shared between this PR + #581). You may want to rebase your PR onto 833ea30 and drop the old commits. Notably, 6ef1ec2 has been added so that tests will pass with the circular dependency used in bf7eecf. Context: #570 (comment) |
Previously, only GroupSource.group was available. Having the inverse, Group.source, allows for more direct access. However, maintaining both of these properties in the object constructors results in a bad cyclic dependency. Since GroupSource.group is already set in its constructor, adding Group.source as a computed property. Update existing code to use this new property as a shortcut to create new GroupSource instance.
a18ffa3
to
8546855
Compare
Does 7184cd7 still apply? |
This allows for reuse later with other endpoints. DELETE: Extract the logic of creating multiple DELETE requests in deleteResource to its own function. GET: Extract the call to proxyResponseBodyFromUpstream in sendSubresource to its own function. PUT: Extract the logic of creating a PUT request in receiveSubresource to its own function. This requires a new type, upstreamUrlExtractor, to be used since the URL for these requests are dependent on the method and headers, which are defined in the new function.
Read-write access for group owners, read-only access for all other members of a group, and no access for non-members.
8546855
to
6b48bc9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! ✨ Sorry for the several dead ends and fits and starts review that turned this into a bit of a slog. 🙏
@tsibley no worries! Thanks for your helpful comments here, learned a lot during the process! |
Description of proposed changes
Adds RESTful API endpoints for downloading/uploading/removing group overviews and logos.
Related issue(s)
Save for later
Testing
Automated:
Added test forremoved, see Add RESTful API endpoints for Groups customizations #570 (comment)GET /groups/test/overview
Manual:
Local testing from a member of
test-private/owners
. Maybe automate?Token setup
GET private overview works
DELETE private overview works
PUT private overview works
GET private logo works
DELETE private logo works
PUT private logo works
Test these since the underlying code was refactored
GET private narrative still works
DELETE private narrative still works
PUT private narrative still works
GET private dataset still works
DELETE private dataset still works
PUT private dataset still works