Update documentation

Clarify that fetching of accounts can be done either by accountId or username. Add comments to AccountScopeFilter to describe its use.
vircadia · Dec 21, 2020 · ad8adc9 · ad8adc9
1 parent c2350d6
commit ad8adc9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/docs/API-Accounts.md b/docs/API-Accounts.md
@@ -59,6 +59,9 @@ are returned (limited by pagination).
 Get the information for one account. The requestor must either be the
 account owner or an admin account.
 
+The passed "accountId" can be either the accountId (exact string as returned by
+`/api/v1/accounts` or other requests) or the account's username (URI encoded string).
+
 The information returned is the same as in the "/api/v1/accounts" but just
 for one account so the information is for "account" and is not enclosed
 in an array.
@@ -81,6 +84,9 @@ Update account information.
 
 The requestor must be either the account being modified or an administrator account.
 
+The passed "accountId" can be either the accountId (exact string as returned by
+`/api/v1/accounts` or other requests) or the account's username (URI encoded string).
+
 The POST body has the same format as the GET request. If a field is present, then that
 value is modified. Most of the fields cannot be modified, though, and these are ignored.
 
@@ -105,6 +111,9 @@ The fields that can be changed are:
 Get the value of an account field. The result returned is just the value of
 that field.
 
+The passed "accountId" can be either the accountId (exact string as returned by
+`/api/v1/accounts` or other requests) or the account's username (URI encoded string).
+
 This request is the opposite of the POST request that sets the values.
 
 There are per-field permissions and value verification.
@@ -170,6 +179,9 @@ This request sets the value of an account field.
 See the table under GET for the possible fields and the permissions
 required to change account values.
 
+The passed "accountId" can be either the accountId (exact string as returned by
+`/api/v1/accounts` or other requests) or the account's username (URI encoded string).
+
 The request to set a value POST's a JSON structure that gives
 the value to set. So,
 
@@ -241,6 +253,9 @@ Get the tokens held by the account. The requesting account must be
 logged in and be either the account identified in "{accountId}" or
 be an administrative account.
 
+The passed "accountId" can be either the accountId (exact string as returned by
+`/api/v1/accounts` or other requests) or the account's username (URI encoded string).
+
 ```
     {
         "status": "success",

diff --git a/src/Entities/EntityFilters/AccountScopeFilter.ts b/src/Entities/EntityFilters/AccountScopeFilter.ts
@@ -20,6 +20,9 @@ import { AccountEntity } from '@Entities/AccountEntity';
 import { Logger } from '@Tools/Logging';
 import { ParseQueryString } from '@Tools/Misc';
 
+// AccountScopeFilter filters a query stream to the accounts the requestor
+//    can look at. That is, a person can normally see only the domains
+//    that they sponsor.
 export class AccountScopeFilter extends CriteriaFilter {
   private _asAdmin = false;
   private _accessingAcct: AccountEntity;