Mostly read-only REST API #45
Conversation
|
The failure is only in Python 3.7 nightly builds, and is due to Django, not this pull request: |
api/rest.py
Outdated
|
|
||
| class IsMaintainerOrReadOnly(permissions.BasePermission): | ||
| """ | ||
| Allows access only to admin users. |
There was a problem hiding this comment.
"only to admin users or maintainers"
api/rest.py
Outdated
| return results | ||
| results = SerializerMethodField() | ||
|
|
||
| def __init__(self, *args, **kwargs): |
There was a problem hiding this comment.
Is it easier to read if we move init to the first method in the class?
|
I haven't looked in depth into django-rest-framework and the nested router plugin. But the PR looks great in general. The question I have is testing. Is the plan to swtich patchew-cli or the web interface to be a client? (I think both are good things) And are you going to add cases to tests/? |
Yes and no respectively (I prefer the web interface to do everything server-side, I don't like single-page web apps and they are beyond my limited knowledge of Django!). However, even for patchew-cli, people are using patchew-project/patchew's patchew-cli as a canonical source of "a command line tha works with patchew.org" so that should only be done after the REST API is deployed on patchew.org.
Yes, and I'll do that before pushing this. |
|
Needless to say, adding tests found some bugs. :) To compare between v1 and v2 you can use branches |
tests/test_rest.py
Outdated
| # Copyright 2017 Red Hat, Inc. | ||
| # | ||
| # Authors: | ||
| # Fam Zheng <famz@redhat.com> |
There was a problem hiding this comment.
I don't mind but you can update the year and the name if you want. :)
tests/test_git.py
Outdated
| If you prefer to skip this patch, run "git am --skip" instead. | ||
| To restore the original branch and stop patching, run "git am --abort". | ||
| Failed to apply patch: | ||
| [Qemu-devel] [PATCH] bar patch""") |
There was a problem hiding this comment.
I think the actual error message depends on the git version. I'm getting this on Fedora (git version 2.14.3):
Switched to a new branch '20160628014747.20971-2-famz@redhat.com'
Branch 20160628014747.20971-2-famz@redhat.com set up to track local branch test by rebasing.
Applying: bar patch
error: sha1 information is lacking or useless (foo).
error: could not build fake ancestor
Patch failed at 0001 bar patch
The copy of the patch that failed is found in: .git/rebase-apply/patch
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Failed to apply patch:
[Qemu-devel] [PATCH] bar patch
I.e. there is one extra line in the middle:
Branch 20160628014747.20971-2-famz@redhat.com set up to track local branch test by rebasing.
Maybe simply remove the self.assertEquals(log.content, expected_log) check?
There was a problem hiding this comment.
I'll change it to a status code test (must be 200).
tests/test_git.py
Outdated
| To XXXXXX/repo | ||
| * [new tag] patchew/20160628014747.20971-1-famz@redhat.com -> patchew/20160628014747.20971-1-famz@redhat.com | ||
| """) | ||
| self.assertEquals(log.content, expected_log) |
|
I am done with an incremental review, the code looks good. Thank you for working on this, and adding tests! I think we are almost ready to go! |
Properties are handled differently between ListProjectView and GetProjectPropertiesView. ListProjectView was showing them even to non-authenticated users, while for GetProjectPropertiesView had no allowed_groups so only superuser was allowed. Project properties _can_ contain sensitive data, so they should be hidden from non-maintainers. However, GetProjectPropertiesView's behavior is too restrictive. After this patch, ListProjectView only includes the "properties" key when logged in as a maintainer, and GetProjectPropertiesView returns 403 (via a pre-existing, but pointless until now, maintained_by check) for non-maintainers. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Small English improvement before adding it to the REST API. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This will make it a bit simpler to test the REST API, using the same idioms used by other test modules.
Start with user and project objects, just to test the setup of django-rest-framework. The bulk of the work is in the series and message API endpoints.
The series view is already pretty complicated. First, because the same series can exist in two projects, it has two endpoints: /api/v1/series and /api/v1/projects/NN/series/. List results from the former always point to the latter. This is handled via NestedDefaultRouter in urls.py and ProjectMessagesViewSetMixin in rest.py. Second, it includes the list of patches and the list of "replies" to the cover letter and the thread, but only in the "detailed" view. Therefore, this commit adds a whole hierarchy of serializers for messages.
Search support is trivial to add using a new filter backend. The code is mostly based on DRF's search filter, so that the search is available from the API browser, but of course it uses Patchew's existing code to convert from search terms to querysets.
The message endpoint only exists under /projects, since it is not listable--message URIs can be discovered via the series REST API, or via the /api/v1/projects/NN/messages/ID/replies route. Compared to the information under /series, it lets you retrieve the full mbox contents (and, when plugins support will be added, the tags that are parsed from replies). The mbox can also be retrieved as a simple text/plain response.
Plugins expose a JSON schema that is unrelated to project and message properties. They can add arbitrary fields to the serializers, or add to a "results" dictionary that could in the future become a first-class entity in the database.
We already do that for senders, do that for recipients and add a migration to fix the database.
|
Done! As before, for an incremental review you can use branch As discussed on IRC, I've added a migration to fix UTF-8 recipients and a test case for that too. You still cannot search for UTF-8 recipients because of how they are encoded in JSON works, but that's a separate bug in |
|
Looks good. Except this error when migrating the live patchew.org database (let me know if you want access the server): |
|
I'll drop the last patch then. I think the culprit is this patch. |
|
Oh, it's actually a wrong record in the database: Thunderbird "correctly" shows it as Daniel D�az. |
This pull request implements the beginning of #25 ("Add REST API").
The API is minimal on the write side (no login, no posting of messages), but it already includes: