New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MBS-12162: Do not require auth for non-private tag WS queries #2387
Conversation
We were requiring auth for anything related to the tag resource, but as per WS::2::Tag only tag_lookup and tag_submit should require auth (since they actually interact with the user's own tags). Tag search, which just searches for tag names matching a string, should not require any sort of authentication, since it's equivalent to other public searches.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTMBDNT but we are missing tests for this validate
method. @reosarevok: Not sure how to add it to the MBS Test Review doc (since it does list existing tests, not missing tests)?
I'll try and add a test for this - but feel free to add a new section at the end maybe for stuff we know is missing tests? |
I started #2411 for adding |
* master: Update POT files using the production database Update translations from Transifex Add cleanup tests for Lantis URLs after 6aac5a2 Add lantis.jp sidebar Add lantis.jp external link favicon MBS-12022: Update URL cleanup of Lantis.jp MBS-12162: Do not require auth for non-private tag WS queries (#2387) MBS-12191: Allow admins to see spammer profiles (#2408) MBS-12189: Support "names" prefix for DAHR artists (#2406) Add back JSON-LD test for empty artist Document Artist::Works test Document Artist::Tags test Document Artist::Split test Document Artist::Show test Document Artist::Releases test Document Artist::Relationships test Document Artist::Recordings test Document Artist::Ratings test Document Artist::Merge test Merge mostly useless Artist::Edits test and Artist::OpenEdits Ensure the right error message is shown Move URL-related test to EditExternalLinks Document Artist::EditRelationships test Document Artist::EditExternalLinks test Document Artist::EditAlias test Document Artist::Edit test Check more details data in Artist::Details test Document Artist::Details test Also check edit note is required on Artist::DeleteAlias Document Artist::DeleteAlias test Document Artist::Create test Document Artist::AnnotationRevision test Remove useless use PartialDate calls from tests Document Artist::Aliases test and remove cruft Document Artist::AddAnnotation test Document Artist::AddAlias test Also test for contained areas in Area::Users test Document Area::Users test Document Area::Tags test Document Area::Show test Document Area::Edit test Document Area::Create test Document Area::Aliases test Document Admin::DeleteEditor test Document Admin::WikiDoc::Edit test Document Admin::WikiDoc::Delete test Test non-privileged users can't access restricted WikiDoc pages Document Admin::WikiDoc::Create test Readd scope before testing token expiration Document Authentication::WS test Document RemoveEmptyURLs test Separate DataStore::Redis test all into named tests Actually check the deleted key in DataStore::Redis Add t/author tests to circleci Document t/author tests Change tabs to spaces Escape dots in eol.t and notabs.t regex MBS-12188: Allow SNAC links for places (#2404) MBS-12187: Load ReleaseEvents with manifest in release merges (#2407) Update HACKING.md with recent changes (#2389) MBS-12160: Use 'canonical' to display sorted edit data JSON (#2386) MBS-12147: State that an email search had no results (#2381) MBS-2313: Avoid pointless empty annotation edits (#2397) MBS-12168: Avoid breaking list formatting on user bios and collections (#2388) Merge Node and browser JS tests (#2403) MBS-11532: Don't pass undef ISO variable to localizeAreaName (#2401) MBS-12092: Serialize edit_action form after errors are added Remove duplicate form serializing
* beta: Update POT files using the production database Update translations from Transifex Update POT files using the production database Update translations from Transifex Add cleanup tests for Lantis URLs after 6aac5a2 Add lantis.jp sidebar Add lantis.jp external link favicon MBS-12022: Update URL cleanup of Lantis.jp MBS-12162: Do not require auth for non-private tag WS queries (#2387) MBS-12191: Allow admins to see spammer profiles (#2408) MBS-12189: Support "names" prefix for DAHR artists (#2406) Add back JSON-LD test for empty artist Document Artist::Works test Document Artist::Tags test Document Artist::Split test Document Artist::Show test Document Artist::Releases test Document Artist::Relationships test Document Artist::Recordings test Document Artist::Ratings test Document Artist::Merge test Merge mostly useless Artist::Edits test and Artist::OpenEdits Ensure the right error message is shown Move URL-related test to EditExternalLinks Document Artist::EditRelationships test Document Artist::EditExternalLinks test Document Artist::EditAlias test Document Artist::Edit test Check more details data in Artist::Details test Document Artist::Details test Also check edit note is required on Artist::DeleteAlias Document Artist::DeleteAlias test Document Artist::Create test Document Artist::AnnotationRevision test Remove useless use PartialDate calls from tests Document Artist::Aliases test and remove cruft Document Artist::AddAnnotation test Document Artist::AddAlias test Also test for contained areas in Area::Users test Document Area::Users test Document Area::Tags test Document Area::Show test Document Area::Edit test Document Area::Create test Document Area::Aliases test Document Admin::DeleteEditor test Document Admin::WikiDoc::Edit test Document Admin::WikiDoc::Delete test Test non-privileged users can't access restricted WikiDoc pages Document Admin::WikiDoc::Create test Readd scope before testing token expiration Document Authentication::WS test Document RemoveEmptyURLs test Separate DataStore::Redis test all into named tests Actually check the deleted key in DataStore::Redis Add t/author tests to circleci Document t/author tests Change tabs to spaces Escape dots in eol.t and notabs.t regex MBS-12188: Allow SNAC links for places (#2404) MBS-12187: Load ReleaseEvents with manifest in release merges (#2407) Update HACKING.md with recent changes (#2389) MBS-12160: Use 'canonical' to display sorted edit data JSON (#2386) MBS-12147: State that an email search had no results (#2381) MBS-2313: Avoid pointless empty annotation edits (#2397) MBS-12168: Avoid breaking list formatting on user bios and collections (#2388) Merge Node and browser JS tests (#2403) MBS-11532: Don't pass undef ISO variable to localizeAreaName (#2401) MBS-12092: Serialize edit_action form after errors are added Remove duplicate form serializing
We were requiring auth for anything related to the tag resource, but as per WS::2::Tag only tag_lookup and tag_submit should require auth (since they actually interact with the user's own tags). Tag search, which just searches for tag names matching a string, should not require any sort of authentication, since it's equivalent to other public searches.
Fix MBS-12162
We were requiring auth for anything related to the tag resource, but as per
WS::2::Tag
onlytag_lookup
andtag_submit
should require auth (since they actually interact with the user's own tags). Tag search, which just searches for tag names matching a string, should not require any sort of authentication, since it's equivalent to other public searches.
Tested by actually going to both
/ws/2/tag/?query=shoegaze
and/ws/2/tag?id=ed35bc92-2b5a-4ddf-96d2-51af9ab239e7&entity=artist
and making sure the first no longer requires logging in, while the second still does.