New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jkmarx/remove unused igv stuff #2844
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #2844 +/- ##
===========================================
- Coverage 58.77% 57.99% -0.78%
===========================================
Files 431 431
Lines 27054 26643 -411
Branches 1261 1261
===========================================
- Hits 15901 15452 -449
- Misses 11153 11191 +38
Continue to review full report at Codecov.
|
refinery/core/views.py
Outdated
|
||
try: | ||
FileStoreItem.objects\ | ||
.get(uuid=old_file_uuid).delete_datafile() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we would want to delete the datafile on every patch, correct? I would think that would only be necessary if the old file_uuid differed from the new one
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, correct. I'll fix that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI, this api is only supporting what we need which right now is removing file_uuid. It does not support adding or changing.
@@ -693,13 +696,79 @@ def graph(self, request, *args, **kwargs): | |||
) | |||
|
|||
|
|||
class NodeViewSet(viewsets.ModelViewSet): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What was the need for the ModelViewSet
to APIView
change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was more so curious about the underlying need to switch from one to the other
refinery/core/serializers.py
Outdated
fields = ['uuid', 'file_uuid'] | ||
|
||
def validate_file_uuid(self, file_uuid): | ||
if file_uuid != 'None': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are we setting Node.file_uuid
to the string 'None'
by default? That seems off to me.
Maybe you're looking for: if file_uuid is not None:
?
* Add service for removing file. * Add method to view. * Seperate the add and remove features. * Add file name. * Add remove for owners only. * Fix download for nonowners.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It'd be great to add unit tests to this PR before it is merged to make sure Node API access controls are working correctly.
'ready_for_igv_detail_view', | ||
'file_uuid' | ||
] | ||
fields = ['uuid', 'file_uuid'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
('uuid, 'file_uuid')
required: false | ||
... | ||
""" | ||
http_method_names = ['get', 'patch'] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The recommended approach to restrict API methods is to inherit from GenericViewSet
and add appropriate mixins.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a viewset.
http_method_names = ['get', 'patch'] | ||
|
||
def update_file_store(self, old_uuid, new_uuid): | ||
if new_uuid is None: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This check should not be needed since validate_file_uuid()
in serializer already handles validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Even though the api is only supporting file_uuid deletion, this is needed to avoid future issues when the file_uuid is not changed and other fields are.
""" | ||
http_method_names = ['get', 'patch'] | ||
|
||
def update_file_store(self, old_uuid, new_uuid): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This method contains very simple logic and is used only once, so does not need to be factored out.
def update_file_store(self, old_uuid, new_uuid): | ||
if new_uuid is None: | ||
try: | ||
FileStoreItem.objects.get(uuid=old_uuid).delete_datafile() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Try block should be as simple as possible, so delete_datafile()
should be moved out.
public_group = ExtendedGroup.objects.public_group() | ||
|
||
if request.user.has_perm('core.read_dataset', data_set) or \ | ||
'read_dataset' in get_perms(public_group, data_set): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DRF docs recommend using a custom permission class
serializer = NodeSerializer(node) | ||
return Response(serializer.data) | ||
|
||
return Response(node, status=status.HTTP_401_UNAUTHORIZED) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Returning a Node instance contradicts HTTP 401 status code.
if data_set_owner == request.user: | ||
serializer = NodeSerializer(node, data=request.data, partial=True) | ||
if serializer.is_valid(): | ||
serializer.save() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should probably be the last action contingent on success of data file deletion and Solr index updates.
lookup_field = 'uuid' | ||
http_method_names = ['get'] | ||
# permission_classes = (IsAuthenticated,) | ||
class NodeViewSet(APIView): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing authentication_classes
and permission_classes
attributes.
old_file_uuid = node.file_uuid | ||
data_set_owner = node.study.get_dataset().get_owner() | ||
|
||
if data_set_owner == request.user: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DRF docs recommend using a custom permission class
Feel free to test using swagger.
@hackdna Unsure the status of the remove link, but this api should be able to support it.
@scottx611x Unit test will come in the next pull request, if this works for Ilya. If it doesn't, then we'll just remove the Node V2 API.