Adding support for /api/requests creation and edits #11892
Conversation
abellotti
commented
Oct 12, 2016
abellotti
commented
- Support for creates via POST /api/requests
- Support for edits via POST /api/requests/:id - action "edit"
|
Marked as WIP TODO's
|
|
Basic usage: |
| def create_resource(type, _id, data) | ||
| assert_id_not_specified(data, type) | ||
|
|
||
| request_type = data.delete("request_type") |
There was a problem hiding this comment.
:request_type is an attribute on MiqRequest, so it's probably not safe to use that.
| include Subcollections::RequestTasks | ||
| include Subcollections::Tasks | ||
|
|
||
| def create_resource(type, _id, data) |
There was a problem hiding this comment.
Do you need _id since it isn't used?
There was a problem hiding this comment.
API signature for _resource.
|
|
||
| requester = Hash(data.delete("requester")) | ||
| user = fetch_requester_user(requester) | ||
| auto_approve = fetch_auto_approve(requester) |
There was a problem hiding this comment.
The auto_approve flag lives under the requester?
There was a problem hiding this comment.
you're right, was using an example from MiqProvisionVirtWorkflow. Moved that puppy out so it is its own parameter now.
| request_type.constantize.create_request(data.symbolize_keys, user, auto_approve) | ||
| end | ||
|
|
||
| def edit_resource(type, id = nil, data = {}) |
There was a problem hiding this comment.
What is type? I'm assuming STI type, but not sure why we would need that if we have an ID.
There was a problem hiding this comment.
collection type, API signature as above.
| raise BadRequestError, "Must specify a id for editing a #{type} resource" unless id | ||
| request_klass = collection_class(:requests) | ||
| request = resource_search(id, type, request_klass) | ||
| user = fetch_requester_user(Hash(data.delete("requester"))) |
There was a problem hiding this comment.
The user updating the request may not be the requester.
| :collection_actions: | ||
| :get: | ||
| - :name: read | ||
| :identifier: miq_request_show_list | ||
| :post: | ||
| - :name: query | ||
| :identifier: miq_request_show_list | ||
| - :name: create | ||
| :identifier: vm_miq_request_new |
There was a problem hiding this comment.
MiqRequests are not tied to only VMs
There was a problem hiding this comment.
yes, this needs to change. Couldn't fine a generic miq_request_new role identifier. Part of the TODO is to support different identifier based on request_type. One option is to open the door here (no role check), but enforce it in the create method based on the type.
There was a problem hiding this comment.
done, role identifier per request type now provided by model and used for authorization.
abellotti
force-pushed
the
api_create_requests
branch
4 times, most recently
from
112d7ca
to
5a30357
Compare
- Support for creates via POST /api/requests - Support for edits via POST /api/requests/:id - action "edit"
- Added mapping of request_type to role identifier in model - Updated default role for creation based on read - Added user authorization based on request_type
abellotti
force-pushed
the
api_create_requests
branch
from
5a30357
to
a6d6e3e
Compare
|
Checked commits abellotti/manageiq@a4a8c11~...a6d6e3e with ruby 2.2.5, rubocop 0.37.2, and haml-lint 0.16.1 |
|
Tested this out with the API client gem and it looks good. I think we can un-wip and merge. |
|
Tires have been kicked and everything looks good |
bdunne
changed the title
Adding support for /api/requests creation and edits (cherry picked from commit aacbf4f)
|
Euwe Backport details: $ git log -1
commit 72c9b0a4051baf1b169409f5485bd20b240cdd6d
Author: Brandon Dunne <brandondunne@hotmail.com>
Date: Fri Oct 21 14:18:01 2016 -0400
Merge pull request #11892 from abellotti/api_create_requests
Adding support for /api/requests creation and edits
(cherry picked from commit aacbf4f6fb2dc5edbc5ff52f9c8a40b68b415306) |
