Group and eperson management

[benbosman]

Related ticket: https://jira.lyrasis.org/browse/DS-4026

• Created a Rest Contract for EPerson Groups (some of the API behavior already exists in the API)
• Updated the Rest Contract for EPersons (some of the API behavior already exists in the API)
• Created a Rest Contract for adding child Groups to parent groups (and deleting, querying)
• Created a Rest Contract for adding EPersons to parent groups (and deleting, querying)

[abollini]

Thanks to provide the contract also for existing implementation this will help to reduce our documentation gap. Please review the contract for the mapping according to the practice of Spring Data Rest using the text-uri/list format and the association links (some need to be introduced as stated in the comment)

[tdonohue]

@benbosman : I gave this a review today. Sorry for the questions, but there are a few things I don't understand. If you and @abollini have previously discussed any of these points & come to a different decision, feel free to let me know. I'm not trying to slow down this PR, but I did come away from the code review with many questions.

[cwilper]

Note that metadata-as-map has since been merged, so examples given in this PR should be updated to use that new structure, e.g. what I did here: #53

[tdonohue]

@benbosman : Overall this looks good to me. I noted below that I think some of the subresources here could use better names... I'm not sure about "parentgroup" (but if others prefer this name, I can live with it).

Previously (a long time ago) I had also asked a question about whether all these endpoints should be under /api/core/epersons and /api/core/groups (as /api/eperson/epersons is a bit odd looking for an endpoint). As EPersons and Groups are related more to Authorization, we could also consider putting these at /api/authz/epersons and /api/authz/groups alongside the current /api/authz/resourcepolicies endpoint. All that said, I'm OK with leaving this as-is if others feel EPersons and Groups are better grouped under /api/eperson/epersons and /api/eperson/groups.

[tdonohue]

As noted above, I wonder if calling this endpoint memberships would simplify the description here? This is a list of the other Groups that this Group is a direct member of.

[abollini]

As noted above, I suggest to remove this association endpoint and add a search method

/api/eperson/groups/search/hasMember?:uuid

that will retrun the list of groups that contains the specified group by uuid

[abollini]

See inline comments. The ones that are imho blocking are the ones related to parent groups and children groups in the Groups endpoint.

[abollini]

As noted above, I suggest to remove this association endpoint and add a search method

/api/eperson/groups/search/hasMember?:uuid

that will retrun the list of groups that contains the specified group by uuid

[benbosman]

I've updated this PR to prepare it for the beta 2 sprint implementation.
There are quite a few small fixes to the contract, and I've removed the parentgroups endpoint completely since it's not even implemented in the service, so most likely not relevant

[tdonohue]

@benbosman : Thanks for the updates here! Honestly, I think the overall contract looks good to me. I do have a number of (very minor) comments below...these are all more like tiny cleanup / renaming rather than any significant changes. Overall though, I think this contract is close to being done.

[tdonohue]

Minor thing, I don't think a POST can fail if permanent is set to true. A POST is creating a new Group, and a new Group cannot be a "permanent" one. So we can likely just remove the last statement on this line.

[benbosman]

@tdonohue how I see this is:
permanent is a property on the group which is part of the JSON response. It's possible this is set to true during the POST (Angular should not be implemented to set it to true, but it can still be sent as such to REST from other applications). Since we should not allow creating permanent groups via REST, it should fail

[tdonohue]

@benbosman : Oh, I understand what you mean now. You are correct, but I previously misunderstood the statement without the additional context you just added. I'd suggest we simply reword this slightly and say:

422 Unprocessable Entity - if the name was omitted or already exists, *or* if permanent was set to true (permanent groups can only be created by the system).

[tdonohue]

This PUT section seems like it should be moved up alongside the POST that is similar. It's a bit oddly placed under a header called "Remove a Group from a parent group".

[benbosman]

I've moved this to make it more clear which methods are supported and which not for changing the subgroups

[tdonohue]

Again, I think this PUT should be in the section above next to the POST

[benbosman]

I've moved this to make it more clear which methods are supported and which not for changing the epeople

[tdonohue]

We can probably remove this entire GET section as it's unsupported. I don't think it's necessary here.

[benbosman]

I've removed this GET section

[tdonohue]

👍 @benbosman Thanks for the quick updates to this contract. Also your explanations to a few previous request make sense & I've resolved those conversations leaving the contract as-is. One final minor request is to enhance the wording of this 422 error description: https://github.com/DSpace/Rest7Contract/pull/41/files#r375304904

Beyond that, this looks good to me. I'm already casting my +1 vote as the final change I've requested is really minor in nature.

[abollini]

thanks @benbosman It looks good to me, I have made just few inline note about minor typos that I expect to be fixed quick

[abollini]

if this is the already implemented behavior I'm fine to keep it, otherwise I would suggest to exclude UUID from the search as it is "by Metadata"

[benbosman]

I did indeed base this on the current implementation to avoid having to create a different service implementation

[tdonohue]

Merging, as this is at +2