-
Notifications
You must be signed in to change notification settings - Fork 284
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GET /api/me permissions query parameter #1284
Comments
I don't follow why it can't. This is an optional parameter, so it can be ignored. Is jupyverse forcing a usually-empty field to be non-empty?
The structure of the permissions parameter is the structure of the permissions model in the response, and I think there's value in it matching exactly, which is how it is currently (I have a dict of lists, return me the same dict with items filtered to only those whose permissions I currently hold). JSON seems more sensible than form-encoding for a JSON API, but if it should be form-encoded, it should all be nested under It seems the solution is to fill in the missing documentation for the optional permissions parameter. |
By lack of structure, I mean that Swagger just shows a box where one has to manually enter some free-form text. I was hoping it could be a bit more "user-friendly", for instance by having a line for each resource where one could enter the permissions. |
I agree 100%, it would have been in the body if that were allowed. We could also split checking permissions into its own endpoint so it can be a POST. What do you think about that? POST to I don't think folks should be creating the URLs by hand. I'd try to omit it from openapi UI, if you can. But I know those tools don't usually allow for any kind of nuance. |
Yes I think it would be better, but isn't a POST required only when a state change occurs in the server? |
In a strict, RESTful resource sense, sure. But It's not perfect, and GET with a body would make the most sense, but HTTP is annoying that way. |
Problem
The
IdentityHandler
expectsGET /api/me
to have a "permissions" query parameter whose value is a stringified JSON blob. From a user point of view, this looks like an opaque API, and the structure of thepermissions
parameter is not apparent. For instance in Jupyverse, the Swagger UI cannot show a nice input, it basically lets the user enter a string which is not guaranteed to be a valid JSON.Proposed Solution
I'm not sure how/if the situation can be improved. Basically
permissions
has the following structure:Maybe the standard
application/x-www-form-urlencoded
format should be used? That would look like:The text was updated successfully, but these errors were encountered: