WIP: Teams

[Gankro]

This is completely untested

I just got it to compile, and wanted to get this up for the bikesheddy part of review while I start setting up testing and stuff.

Some of the JSON schemas still probably need to be updated to yield duplicate fields for bridging legacy and clarity. I don't think Cargo needs to be modified at all (teams are Just Another Name as far as it should be concerned), but I might be forgetting something.

[Gankro]

Oh, closes #137

[Gankro]

r? @alexcrichton

[Gankro]

All old tests pass locally now. Moving on to making new tests.

[Gankro]

Note: I added the created_by field here while debugging a test failure cause by something else. Not sure why it wasn't being set and whether it should be set.

[Gankro]

Note: this is the one place that I'm not sure how to handle API-wise -- this is something that cargo sends us. I suppose we could have two duplicate fields, both of which are Options? Try to decode both, pick whichever has stuff first?

[alexcrichton]

Yeah for now let's have two duplicate fields, both options. We can slowly phase out the older field later on down the road (could add a comment explaining what's up)

[Gankro]

Status Update: I have tested this out locally by hand and everything seems to be working!!!

I just need to write some unit tests. (oh nooo mocking)

[alexcrichton]

Could you refactor this literal 0 into something like OwnerKind::User as i32?

[alexcrichton]

Could this be indicated through an enum instead?

[alexcrichton]

You can probably delete this comment now

[alexcrichton]

trailing comma

[alexcrichton]

Currently the model-like structs all have public fields, and the crates.io ID is just called id

[alexcrichton]

This'll need to be Option<String> to work with older Cargos

[Gankro]

I think this is only ever encoded today. Cargo only ever sends us a list of names.

[alexcrichton]

It is? It looks like cargo currently requires a login field

[Gankro]

Yes, cargo will decode this -- but we won't. So we say we have to provide the login, and downstream Cargo can say it's optional if it wants. But we have to for old Cargos.

[Gankro]

Wait I'm confused, are we talking about login or kind?

[alexcrichton]

Oh sorry I meant the kind field. Cargo doesn't currently give us a kind field, right? That means this'll have to be an Option if we want to continue to receive responses from Cargo?

[Gankro]

Yeah so due to the github: prefix owners are uniquely identified by their string name -- which is the only way Cargo talks to us about them. They just send a list of names (which isn't parsed with this struct at all).

[alexcrichton]

Can you make sure there's an index on this field? You're doing a query on it sometimes so it'll need to be indexed, although I forget if the UNIQUE constraint adds an index or not...

[Gankro]

Per http://dba.stackexchange.com/questions/144/when-should-i-use-a-unique-constraint-instead-of-a-unique-index it appears that a unique constraint implies the creation of an index. The top answer argues you should favour an index if you actually intend to index off that value as a matter of clarity (the index won't go away if the uniqueness constraint goes away), but that doesn't seem like a concern here.

[alexcrichton]

Ok, seems fine to me!

[alexcrichton]

Odd comment? (no unwraps here)

[Gankro]

This is actually going to revert back -- the try! on org is otherwise dead code.

[alexcrichton]

Could this reuse Crate::valid_name?

[Gankro]

That doesn't seem very semantically clear. We're trying to filter out to only the valid set of GH team slugs. (actually I think A...Z could be omitted)

[alexcrichton]

Could we just leave this up to github?

[Gankro]

Definitely want to sanitize to avoid /'s and what not -- easiest way I could think of was to just whitelist the stuff that's in slugs.

[alexcrichton]

Hm ok, I'll probably do one final auditing pass but this is fine for now

[alexcrichton]

Could you refactor this between src/user/mod.rs to avoid duplication?

[alexcrichton]

Unfortunately this may also not be quite right as it looks like the teams listing for an organization has pagination, so we may have to make multiple requests to look up the teams in an organization.

[Gankro]

What's the duplication?

[alexcrichton]

Setting up the http::handle, and various other headers are duplicated, and it'd be useful to just do something like passing in the URL and then getting the response.

[Gankro]

So one thing is that Teams and Users auth in different ways. Users are using the oauth2 lib to inject the header, but Teams can't do that (as far as I can tell) because there isn't a way to create an oauth2 object from the string key we store. As such teams just write the appropriate header manually (which is trivial and will never change).

[alexcrichton]

If you search for "RETURNING" you can see a method of inserting while also returning the row that was just inserted

[Gankro]

👍

[alexcrichton]

It'd be good to refactor this 403-checking logic with the above block to reduce duplication

[Gankro]

They have different messages, fwiw.

[alexcrichton]

True, but it's probably not that important in this case

[Gankro]

I think it's kinda important from a UX perspective -- people are going to try this feature and get walled on out-of-date authentication. There's two places where this can happen, and they're sufficiently different that they warrant different messages IMO.

[alexcrichton]

Hm ok, can there perhaps be a switch of some form? It'd just be nice to consolidate all this HTTP logic as much as possible.

[alexcrichton]

Instead of making a dummy team could this just be a static method which takes only a github id?

[alexcrichton]

This is only called in one location, so perhaps the logic for checking whether the user is a member of a team can be inlined at that location? Either that or otherwise add a method to Owner querying whether a user is a member of that owner.

[Gankro]

What's the purpose of the ownership query? (Old drafts had such a method, but it ended up being useless).

[alexcrichton]

Just in the sense that the caller of this method would do something like:

let owner = try!(Owner::find_by_name(name));
if !owner.contains(&user) {
    return Err(...)
}

[Gankro]

Is this not the moral equivalent of User::find_or_insert (but generalized)?

[alexcrichton]

s/owner/team/ ?

[alexcrichton]

Some(name) ?

[Gankro]

ok I have this back in cache now. name is the pretty-printed-name. e.g. "Alexis Beingessner". So it doesn't super make sense to produce that here? (it will make cargo produce a silly output when you list owners).

We do want a duplicate of login, it's unfortunate that name is taken!

[alexcrichton]

Ah ok, this is fine in that case.

[alexcrichton]

s/println/info/

[alexcrichton]

Could you add a comment here indicating that this is intended to pass to the function above? (e.g. the scopes/token_type are blank)

[alexcrichton]

You shouldn't need the owner_kind field here, owner_id should be unique and should directly imply what owner_kind should be

[Gankro]

(discussed on irc -- this is false)

[alexcrichton]

this 0 should be replaced with a symbolic constant

[alexcrichton]

(same below)

[alexcrichton]

Same comment about style here as above

[alexcrichton]

Can you be sure this wraps to 80 chars?

[alexcrichton]

These look duplicated with krate.rs, could they be consolidated?

[alexcrichton]

Can you also add tests for:

• Owners can remove a team from a crate
• Team members cannot remove a team from a crate

[alexcrichton]

This means that team members can't yank? I'd be fine allowing this

[Gankro]

Team members have Rights::Publish, so they should pass this check.

[alexcrichton]

Can you make sure the frontend handles this nicely? I'm curious what the page looks like when it lists owners and one of the owners is a team.

[Gankro]

You get an output that looks like:

steveklabnik (Steve Klabnik <steve@steveklabnik.com>)
github:rust-lang:owners

[Gankro]

Ohhh you mean the actual crates.io website

[Gankro]

The frontend really drops the ball on this, I'm not gonna lie. Broken image and a link to github.com/github:rust-lang:owners

[alexcrichton]

This function might be a lot nicer to call if it was something along the lines of:

pub fn github<T: Decodable>(app: &App, url: &str, auth: &Token)
        -> Result<T, curl::ErrCode> { 
    // ...
}

Basically something that does the decoding for you automatically and fills in an error for bad JSON and bad utf-8-ness

[Gankro]

The response-code handling isn't uniform, though. In particular when querying team membership, 404 is how Github reports "false". Do you want this to take a closure for (maybe) processing the error code?

[Gankro]

I made two fns, one for querying, one for parsing, so that you can intermediate evaluation of the request as desired.

[alexcrichton]

OK, I just hooked up coveralls to this repo so in theory when you rebase you'll start seeing coverage information published, and it's a good check to see if at least most of the branches and such were taken during the tests perhaps?

[Gankro]

I didn't mean to revert the per_page thing -- you may want to fix this

[alexcrichton]

Awesome, thanks so much @Gankro! I've added some extra things here and there and pushed to master.