Endpoints for Apis collection #2545
Conversation
Add query parameters as limit, skip, lifecycle, q Update logic for "organization" query parameter Make CRUD methods with authentication
apis/server/api.js
Outdated
|
|
||
| // Collection imports | ||
| import Apis from '/apis/collection'; | ||
| import Organizations from '/organizations/collection'; |
There was a problem hiding this comment.
apis/server/api.js
Outdated
|
|
||
| // Collection imports | ||
| import Apis from '/apis/collection'; | ||
| import Organizations from '/organizations/collection'; |
There was a problem hiding this comment.
Sort the imports. Organizations would go after ApiV1
core/server/api.js
Outdated
| @@ -10,7 +10,7 @@ import { Meteor } from 'meteor/meteor'; | |||
| import { Restivus } from 'meteor/nimble:restivus'; | |||
|
|
|||
| const ApiV1 = new Restivus({ | |||
| apiPath: 'api', | |||
| apiPath: 'apinf-rest', | |||
There was a problem hiding this comment.
I wonder if this path should be a Branding configuration. This way we whitelabel also the rest-api.
@kyyberi will we need to have a configurable API path? GET /apinf-rest/v1/users/:id for APInf installation, and GET /my-org-rest/v1/users/:id for a my-org customer, for instance.
There was a problem hiding this comment.
@marla-singer I talked to @kyyberi and I think it's fine, and this path can be hardcoded... Anyways, we can change later :-)
There was a problem hiding this comment.
Yes, just remove the 'apinf' part of the path.
There was a problem hiding this comment.
I wonder if this path should be a Branding configuration.
Also, as a general guideline less is more. When possible, we should find simple, generic solutions, without adding more options to the user interface. This impacts both maintainability and usability.
Describe tags, parameters, securityDefinition, definitions for Apis collection endpoints swagger Set the related swagger meta-data for paths
marla-singer
force-pushed
the
feature/rest-apis
branch
from
a246214
to
96a928c
Compare
apis/server/api.js
Outdated
| responses: { | ||
| 200: { | ||
| description: 'List of APIs.', | ||
| description: 'Returns list of APIs', |
There was a problem hiding this comment.
Should this say 'Returns list of public APIs'?
apis/server/api.js
Outdated
| tags: [ | ||
| ApiV1.swagger.tags.api, | ||
| ], | ||
| description: 'Returns result is one or zero (no match found) APIs', |
There was a problem hiding this comment.
This description is confusing. The code comment is easier to understand. Could you explain a bit more here?
apis/server/api.js
Outdated
| tags: [ | ||
| ApiV1.swagger.tags.api, | ||
| ], | ||
| description: 'Adds an API to catalog. On success methods return added object with details.', |
There was a problem hiding this comment.
Consider describing as:
Adds an API to catalog. On success, returns newly added API object.
apis/server/api.js
Outdated
| ], | ||
| responses: { | ||
| 200: { | ||
| description: 'API was successful added', |
There was a problem hiding this comment.
Change to:
API successfully added
apis/server/api.js
Outdated
| put: { | ||
| authRequired: true, | ||
| // manager role is required. If a user already has an API then the user has manager role | ||
| roleRequired: ['manager', 'admin'], |
There was a problem hiding this comment.
What is the reason to include 'manager' role here?
There was a problem hiding this comment.
Look comment above
If a user already has an API then the user has manager role
There was a problem hiding this comment.
Right, but what do we achieve from using the manager role here?
apis/server/api.js
Outdated
| parameters: [ | ||
| ApiV1.swagger.params.apiId, | ||
| ], | ||
| responses: { | ||
| 200: { | ||
| description: 'One API.', | ||
| description: 'API was successful removed.', |
core/server/api.js
Outdated
| @@ -10,7 +10,7 @@ import { Meteor } from 'meteor/meteor'; | |||
| import { Restivus } from 'meteor/nimble:restivus'; | |||
|
|
|||
| const ApiV1 = new Restivus({ | |||
| apiPath: 'api', | |||
| apiPath: 'apinf-rest', | |||
There was a problem hiding this comment.
Yes, just remove the 'apinf' part of the path.
core/server/api.js
Outdated
| }, | ||
| params: { | ||
| apiId: { | ||
| name: 'id', | ||
| in: 'path', | ||
| description: 'Api ID', | ||
| description: 'Pass ID of the API', |
There was a problem hiding this comment.
Change to
ID of API
No verb ('pass') is necessary.
core/server/api.js
Outdated
| optionalSearch: { | ||
| name: 'q', | ||
| in: 'query', | ||
| description: 'Pass an optional search string for looking up inventory.', |
There was a problem hiding this comment.
Change to:
optional search string for finding APIs.
core/server/api.js
Outdated
| routeOptions: { | ||
| authRequired: true, | ||
| }, | ||
| endpoints: { | ||
| // GET /apinf-rest/v1/users/:id |
There was a problem hiding this comment.
Remember to update all of these comments if changing base path (removing apinf from base path).
apis/server/api.js
Outdated
| // Make sure API exists | ||
| if (api) { | ||
| // Make sure API exists & user can manage | ||
| if (api && api.managerIds.indexOf(userId) > 0) { |
There was a problem hiding this comment.
Can we use the api.currentUserCanManage() helper here?
There was a problem hiding this comment.
@brylie Not, we can not
Error: Meteor.userId can only be invoked in method calls. Use this.userId in publish functions.
at AccountsServer.userId (packages/accounts-base/accounts_server.js:82:13)
at Object.Meteor.userId (packages/accounts-base/accounts_common.js:252:19)
at Document.Apis.helpers.currentUserCanManage (apis/collection/helpers.js:33:27)
at Object.ApiV1.addCollection.endpoints.put.action (apis/server/api.js:193:24)
at Route.share.Route.Route._callEndpoint (packages/nimble_restivus/lib/route.coffee:149:25)
at packages/nimble_restivus/lib/route.coffee:59:33
at packages/simple_json-routes.js:98:9
apis/server/api.js
Outdated
| ], | ||
| responses: { | ||
| 200: { | ||
| description: 'Returns API entity', |
There was a problem hiding this comment.
Maybe we don't need to say 'entity' here.
| }, | ||
| security: [ | ||
| { | ||
| userSecurityToken: [], |
There was a problem hiding this comment.
Do authorization. Read docs about creation Swagger specification
There was a problem hiding this comment.
Ah, I thought they were related to Restivus. Also, it is helpful to provide links to related documentation.
There was a problem hiding this comment.
| const api = Apis.findOne(apiId); | ||
|
|
||
| // Make sure API exists & user can manage | ||
| if (api && api.managerIds.indexOf(userId) > 0) { |
There was a problem hiding this comment.
Same as above. Lets re-use the api.currentUserCanManage() helper, since it does this same thing in a re-usable and self-describing manner.
Improve comments in Swagger file Add condition for permissions
marla-singer
force-pushed
the
feature/rest-apis
branch
from
5682951
to
3e0cf7c
Compare
|
@brylie Ready |
Closes #2441
Endpoints for Apis collection
Known issues
/loginand/logoutpath