New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jkmarx/add group member api #3309
Conversation
* Refactor other view sets to use helper. * Fix typo. * Jkmarx/update client edit perms (#3287) * Update client to use new group api. * Update unit tests. * Remove unused service. * Add other unit tests. * Remove dataSetResource (#3288) * Remove dataSetResource * Remove unused shareable api resource and unused helpers. (#3289) * Remove unused shareable api resource and unused helpers. * Remove helper tests.
…ry-platform into jkmarx/extend-group-api-to-add
…ry-platform into jkmarx/extend-group-api-return-all-user-groups
Codecov Report
@@ Coverage Diff @@
## develop #3309 +/- ##
===========================================
- Coverage 67.33% 66.86% -0.47%
===========================================
Files 375 375
Lines 25420 24659 -761
Branches 939 939
===========================================
- Hits 17116 16488 -628
+ Misses 8304 8171 -133
Continue to review full report at Codecov.
|
@@ -1863,6 +1863,12 @@ def get_managed_group(self): | |||
except: | |||
return None | |||
|
|||
def is_user_a_group_manager(self, user): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds like it should be a method on the User model.
@@ -128,6 +129,11 @@ class ExtendedGroupSerializer(serializers.ModelSerializer): | |||
validators=[UniqueValidator(queryset=ExtendedGroup.objects.all())] | |||
) | |||
|
|||
def get_manager_group_uuid(self, group): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems redundant. Doesn't appear to be used anywhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's a field the client expects.
refinery/core/views.py
Outdated
return Response(uuid) | ||
return HttpResponseBadRequest(content="No users left in group.") | ||
|
||
def is_user_authorized_to_edit(self, group, request_user, edit_user): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sounds like it should be a method either on the Group or the User model. This would help with reuse and simplify the function signature.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's only used for this delete request which is dependent on both the member and request user. I don't imagine it being used anywhere else, so it's fine here.
logger.error(e) | ||
raise APIException("Multiple groups returned for this request.") | ||
|
||
def get_user(self, id): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why use Django internal ID instead of UUID like everywhere else?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Legacy of previous api. url /group/:uuid/member/:id
I can update it to both use uuid after merging the other two branches into here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it would be great to fix this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hackdna Users don't have UUID. User profiles have UUIDs. Simplicity wise, it would make sense to use IDs verses having to grab users through their profiles.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see. It would be great to switch to a custom User model as Two Scoops and Django docs suggest but it's out of the scope of this PR.
group = self.get_object(uuid) | ||
edit_user = self.get_user(id) | ||
if self.is_user_authorized_to_edit(group, request.user, edit_user): | ||
return Response(uuid, status=status.HTTP_403_FORBIDDEN) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If user is authorized to edit then return HTTP 403?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Forgot the un, will update the method name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd rather keep the name and simplify the logic.
* Update client to group memebers api v2. * Rename for clarity. * Remove unused group api v1 resource. (#3311)
Ref #2618