ApiSecret model for Developer API #1369
Conversation
|
Looks great so far |
|
@benhalpern I pushed a quick prototype (i.e. incomplete, untested code 😅) with a lot of assumptions from my side - let me know what kind of changes you'd like to make! |
timorthi
changed the title
|
So far so good from what I see. |
timorthi
changed the title
|
Wow @timorthi this looks great! Just a question, why limit the description to 30 chars? |
|
@rhymes Thanks! I don't have a good reason for that, actually 😅 I'll remove it in a bit! |
|
I agree with @Zhao-Andy's proposal and this should be mergeable at that point. |
|
This is great work @timorthi ! A slight UI Nit: When I was playing around with it, I didn't notice that the successful flash message included the API secret because I was looking for the secret somewhere in the middle of the screen and not as part of the top bar alert. We don't have to worry about that just yet though. This first iteration is a job well done! |
pr-triage
bot
added
PR: reviewed-approved
| <% if @user.api_secrets.empty? %> | ||
| <p>None yet!</p> | ||
| <% end %> | ||
| <% @user.api_secrets.order(created_at: :desc).each do |api_secret| %> |
There was a problem hiding this comment.
Nit. What do you think of moving this query to the controller?
This way, the view doesn't have to know anything about the ordering logic.
| t.timestamps | ||
| end | ||
| add_index :api_secrets, :secret, unique: true | ||
| add_index :api_secrets, :user_id |
There was a problem hiding this comment.
How about adding a foreign key to the user_id column?
| end | ||
|
|
||
| def destroy? | ||
| user_is_owner? |
There was a problem hiding this comment.
Nit. What do you think of renaming this method to is_owner? or even owner??
pr-triage
bot
added
PR: merged
What type of PR is this? (check all applicable)
Description
This PR lays down the foundation for a developer API feature. The expected outcome of this PR is to:
ApiSecretmodel that contains metadata about a secret (i.e. the secret itself, rate limit, etc.)Usersto have manyApiSecrets, andOrganizationsto have manyApiSecretsthroughUsersRelated Tickets & Documents
#911
Mobile & Desktop Screenshots/Recordings (if there are UI changes)
View when user has no access tokens:
After creating a token, the user will be flashed a message containing the secret. After that, secret is no longer shown anywhere:
The user can destroy/revoke the token and will be flashed a message after successful deletion:
Model validation errors on create:
Added to documentation?