From ad8adc9dd94fa797e978131ccf0e840eda7e77df Mon Sep 17 00:00:00 2001 From: Robert Adams Date: Mon, 21 Dec 2020 07:01:38 -0800 Subject: [PATCH] Update documentation Clarify that fetching of accounts can be done either by accountId or username. Add comments to AccountScopeFilter to describe its use. --- docs/API-Accounts.md | 15 +++++++++++++++ src/Entities/EntityFilters/AccountScopeFilter.ts | 3 +++ 2 files changed, 18 insertions(+) diff --git a/docs/API-Accounts.md b/docs/API-Accounts.md index c527fcde..796f508f 100755 --- a/docs/API-Accounts.md +++ b/docs/API-Accounts.md @@ -59,6 +59,9 @@ are returned (limited by pagination). Get the information for one account. The requestor must either be the account owner or an admin account. +The passed "accountId" can be either the accountId (exact string as returned by +`/api/v1/accounts` or other requests) or the account's username (URI encoded string). + The information returned is the same as in the "/api/v1/accounts" but just for one account so the information is for "account" and is not enclosed in an array. @@ -81,6 +84,9 @@ Update account information. The requestor must be either the account being modified or an administrator account. +The passed "accountId" can be either the accountId (exact string as returned by +`/api/v1/accounts` or other requests) or the account's username (URI encoded string). + The POST body has the same format as the GET request. If a field is present, then that value is modified. Most of the fields cannot be modified, though, and these are ignored. @@ -105,6 +111,9 @@ The fields that can be changed are: Get the value of an account field. The result returned is just the value of that field. +The passed "accountId" can be either the accountId (exact string as returned by +`/api/v1/accounts` or other requests) or the account's username (URI encoded string). + This request is the opposite of the POST request that sets the values. There are per-field permissions and value verification. @@ -170,6 +179,9 @@ This request sets the value of an account field. See the table under GET for the possible fields and the permissions required to change account values. +The passed "accountId" can be either the accountId (exact string as returned by +`/api/v1/accounts` or other requests) or the account's username (URI encoded string). + The request to set a value POST's a JSON structure that gives the value to set. So, @@ -241,6 +253,9 @@ Get the tokens held by the account. The requesting account must be logged in and be either the account identified in "{accountId}" or be an administrative account. +The passed "accountId" can be either the accountId (exact string as returned by +`/api/v1/accounts` or other requests) or the account's username (URI encoded string). + ``` { "status": "success", diff --git a/src/Entities/EntityFilters/AccountScopeFilter.ts b/src/Entities/EntityFilters/AccountScopeFilter.ts index 432e1ef8..2f37b57c 100755 --- a/src/Entities/EntityFilters/AccountScopeFilter.ts +++ b/src/Entities/EntityFilters/AccountScopeFilter.ts @@ -20,6 +20,9 @@ import { AccountEntity } from '@Entities/AccountEntity'; import { Logger } from '@Tools/Logging'; import { ParseQueryString } from '@Tools/Misc'; +// AccountScopeFilter filters a query stream to the accounts the requestor +// can look at. That is, a person can normally see only the domains +// that they sponsor. export class AccountScopeFilter extends CriteriaFilter { private _asAdmin = false; private _accessingAcct: AccountEntity;