New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Star button for plugin list and detail page #95
Conversation
Hey @jramcast This is great!
I've updated the above methods' documentation: https://fnndsc.github.io/fnndsc/chrisstoredoc/class/src/client.js~Client.html#instance-method-getPluginStar I've pushed the latest version of the ChRIS Store JS client "2.0.2" to npm. Could you please update the code in your PR to use the new version with the fixed bugs? Please let me know any issues. @mindreeper2420 Could you please help out with the CSS here? Thank you! |
Looks good to me |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Reviewed.
@jbernal0019 after updating the backend and the client version to 2.0.2, everything looks good :). The PR is now open for review. Please feel free to do it. |
Fixes #73.
@jbernal0019 This is almost ready. Star icons are now clickable in the plugins list and in the plugin detail page. The calls to the backend are also implemented. I need some help with some issues I found, mainly related to backend calls and authentication:
client.createPluginStar({plugin_name:<name>})
to fav an item creates and association between the starred item and the user. However, when later using theclient.getPluginStars()
function to retrieve the stars, I get the stars from all users, which looks like a security issue to me (did we forget to filter by user in the backend?). My understanding is that we should only be receiving the authenticated user's stars here. I am authenticating the calls with a token and as far as I know, that should be enough to identify the user in the backend?PluginStar.getPluginStar(starId).then(star => star.delete)
always results in the backend responding with a 403 Forbidden error (You do not have permission to perform this action
).getPluginStars
andcreatePluginStar
are problematic if filtering by plugin_name. It would make more sense to create/get a plugin stars using the plugin id.