Jkmarx/add group member api #3309
Conversation
* Refactor other view sets to use helper. * Fix typo. * Jkmarx/update client edit perms (#3287) * Update client to use new group api. * Update unit tests. * Remove unused service. * Add other unit tests. * Remove dataSetResource (#3288) * Remove dataSetResource * Remove unused shareable api resource and unused helpers. (#3289) * Remove unused shareable api resource and unused helpers. * Remove helper tests.
…ry-platform into jkmarx/extend-group-api-to-add
…ry-platform into jkmarx/extend-group-api-return-all-user-groups
Codecov Report
@@ Coverage Diff @@
## develop #3309 +/- ##
===========================================
- Coverage 67.33% 66.86% -0.47%
===========================================
Files 375 375
Lines 25420 24659 -761
Branches 939 939
===========================================
- Hits 17116 16488 -628
+ Misses 8304 8171 -133
Continue to review full report at Codecov.
|
| @@ -1863,6 +1863,12 @@ def get_managed_group(self): | |||
| except: | |||
| return None | |||
|
|
|||
| def is_user_a_group_manager(self, user): | |||
There was a problem hiding this comment.
Sounds like it should be a method on the User model.
| @@ -128,6 +129,11 @@ class ExtendedGroupSerializer(serializers.ModelSerializer): | |||
| validators=[UniqueValidator(queryset=ExtendedGroup.objects.all())] | |||
| ) | |||
|
|
|||
| def get_manager_group_uuid(self, group): | |||
There was a problem hiding this comment.
Seems redundant. Doesn't appear to be used anywhere.
There was a problem hiding this comment.
It's a field the client expects.
refinery/core/views.py
Outdated
| return Response(uuid) | ||
| return HttpResponseBadRequest(content="No users left in group.") | ||
|
|
||
| def is_user_authorized_to_edit(self, group, request_user, edit_user): |
There was a problem hiding this comment.
Sounds like it should be a method either on the Group or the User model. This would help with reuse and simplify the function signature.
There was a problem hiding this comment.
It's only used for this delete request which is dependent on both the member and request user. I don't imagine it being used anywhere else, so it's fine here.
| logger.error(e) | ||
| raise APIException("Multiple groups returned for this request.") | ||
|
|
||
| def get_user(self, id): |
There was a problem hiding this comment.
Why use Django internal ID instead of UUID like everywhere else?
There was a problem hiding this comment.
Legacy of previous api. url /group/:uuid/member/:id
I can update it to both use uuid after merging the other two branches into here.
There was a problem hiding this comment.
Yes, it would be great to fix this.
There was a problem hiding this comment.
@hackdna Users don't have UUID. User profiles have UUIDs. Simplicity wise, it would make sense to use IDs verses having to grab users through their profiles.
There was a problem hiding this comment.
I see. It would be great to switch to a custom User model as Two Scoops and Django docs suggest but it's out of the scope of this PR.
| group = self.get_object(uuid) | ||
| edit_user = self.get_user(id) | ||
| if self.is_user_authorized_to_edit(group, request.user, edit_user): | ||
| return Response(uuid, status=status.HTTP_403_FORBIDDEN) |
There was a problem hiding this comment.
If user is authorized to edit then return HTTP 403?
There was a problem hiding this comment.
Forgot the un, will update the method name.
There was a problem hiding this comment.
I'd rather keep the name and simplify the logic.
* Update client to group memebers api v2. * Rename for clarity. * Remove unused group api v1 resource. (#3311)
Ref #2618