feat(api-v2): Remove ForbiddenResource #1615
Conversation
# Conflicts: # webapi/src/main/scala/org/knora/webapi/util/StringFormatter.scala
|
This pull request has been mentioned on Discuss DaSCH. There might be relevant details there: https://discuss.dasch.swiss/t/how-to-deal-with-forbidden-resources-and-values-consistently/153/1 |
benjamingeer
changed the title
benjamingeer
changed the title
|
This pull request has been mentioned on Discuss DaSCH. There might be relevant details there: https://discuss.dasch.swiss/t/how-to-deal-with-forbidden-resources-and-values-consistently/153/7 |
- Simplify Gravsearch paging. - Add design docs.
|
This pull request has been mentioned on Discuss DaSCH. There might be relevant details there: https://discuss.dasch.swiss/t/knora-api-js-lib-pr-changing-public-api/158/2 |
|
This pull request has been mentioned on Discuss DaSCH. There might be relevant details there: https://discuss.dasch.swiss/t/knora-api-js-lib-pr-changing-public-api/158/5 |
# Conflicts: # docs/src/paradox/05-internals/design/api-v2/gravsearch.md # webapi/src/main/scala/org/knora/webapi/responders/v2/SearchResponderV2.scala
|
This pull request has been mentioned on Discuss DaSCH. There might be relevant details there: https://discuss.dasch.swiss/t/knora-api-js-lib-pr-changing-public-api/158/9 |
There was a problem hiding this comment.
Please resolve the failing test related to JS-Lib. As you have mentioned in the "Proposal: Analysis of Dependencies ..." document,
No subsystem should have to delay merging a PR until some other system can support that PR.
I suggest that, in another branch/PR, you either remove these tests or replace them with tests to check the compatibility of releases, not the compatibility of commits, as you suggested yourself. After that PR is merged to the develop branch, with a control merge, the problem of failing tests of this PR must be solved.
.../main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala
Show resolved
Hide resolved
.../main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala
Show resolved
Hide resolved
.../main/scala/org/knora/webapi/messages/v2/responder/resourcemessages/ResourceMessagesV2.scala
Show resolved
Hide resolved
|
|
||
| val transformedValuePropertyAssertions: RdfPropertyValues = resource.valuePropertyAssertions.map { | ||
| case (propIri, values) => | ||
| val transformedValues = values.map { | ||
| value => | ||
| val transformedValues: Seq[ValueRdfData] = values.foldLeft(Vector.empty[ValueRdfData]) { |
There was a problem hiding this comment.
Please extract this foldleft operation into a function to increase readability. It is 26 lines with 3 levels of indentation (nested conditions)
There was a problem hiding this comment.
The whole splitMainResourcesAndValueRdfData method has always been a headache for me to read: too long and too much nesting. Each time I have to work on it, I try to make it a bit clearer, but it really needs to be split up into much smaller pieces. I was going to ask you to refactor it with Tobias, since he's the author. :) For now, I've just moved the nestResources method out to the top level, and I've moved the foldLeft operation into another function, transformValuesByNestingResources (in 6e96460). But even after doing that, splitMainResourcesAndValueRdfData is still 273 lines long. :(
There was a problem hiding this comment.
For now, I've just moved the
nestResourcesmethod out to the top level, and I've moved thefoldLeftoperation into another function,transformValuesByNestingResources(in 6e96460). But even after doing that,splitMainResourcesAndValueRdfDatais still 273 lines long. :(
It took me really long time to understand what the splitMainResourcesAndValueRdfData does, but at least now with transformValuesByNestingResources it is a tiny bit easier to read.
| nestedResource = Some(dependentResource) | ||
| ) | ||
| } else if (dependentResourceIrisNotVisible.contains(dependentResourceIri)) { |
There was a problem hiding this comment.
then this means that previously there was no difference between the deleted dependant resource and forbidden one, in both cases link value was returned, but now if the dependant resource is forbidden (i.e. user does not have permission to see), then it is skipped. If the dependant resource is deleted, the link value is however returned. Have I understood it right?
If so, when a user requests a resource, the link value property itself will not be visible to the user either if the user does not have permission to see the dependent resource, right?
There was a problem hiding this comment.
now if the dependant resource is forbidden (i.e. user does not have permission to see), then it is skipped. If the dependant resource is deleted, the link value is however returned. Have I understood it right?
Yes. Do you think this makes sense? Or should we do the same thing in both cases?
If so, when a user requests a resource, the link value property itself will not be visible to the user either if the user does not have permission to see the dependent resource, right?
Right, it should not be visible. I will check and see if that's what really happens.
There was a problem hiding this comment.
It turns out that the link value property was not filtered out if we filtered out all its values. I've fixed this and added a test in 35fafe4. Good catch, thanks!
There was a problem hiding this comment.
We have to return a LinkValue that points to a deleted resource, so the user can change the link to point to a different resource. In the case of a LinkValue that points to a resource that the user doesn't have permission to see, I filtered it out because @loicjaouen said he preferred it that way. I think it makes sense because there isn't anything that the user could do with that link.
There was a problem hiding this comment.
Yes. Do you think this makes sense? Or should we do the same thing in both cases?
yes, I believe it makes sense as it is now. In this way, the difference between a deleted dependant resource and a forbidden one is clear and the user will not be confused by seeing a link value but not its dependant resource.
There was a problem hiding this comment.
OK great. In b990663 I've added a test that gets a link to a deleted resource, to check that the link value is returned correctly.
webapi/src/main/scala/org/knora/webapi/util/ConstructResponseUtilV2.scala
Outdated
Show resolved
Hide resolved
webapi/src/main/scala/org/knora/webapi/util/ConstructResponseUtilV2.scala
Show resolved
Hide resolved
webapi/src/main/scala/org/knora/webapi/util/StringFormatter.scala
Outdated
Show resolved
Hide resolved
I actually have no idea what these tests do, how they work, or even where the code is that runs them. @tobiasschweizer and @subotic set this up and I don't know if it's documented anywhere. I could probably figure out how to turn them off, but maybe @tobiasschweizer and @subotic would be better able to deal with this properly.
Does this mean I can't merge this PR until someone writes a whole new testing framework for compatibility between Knora and |
I think we should have a look at this today. We could decide on a good time at the end of the Scrum meeting. |
No, what I mean is that: Since the problems with tests should be resolved anyway before the merge, I suggest you solve the problem in another branch that can be reviewed fast, (even if solving the test problems means removing the tests) then merge it to develop first, then merge the develop branch into this branch. |
OK will do. |
OK great, thanks. |
|
@tobiasschweizer You asked for a copy-and-paste of the failing JS lib tests in this PR: |
Ok, this is because knora-api returns less results now. I can easily fix this in a separate knora-api-js-lib PR, so then the tests pass again in both repos. In the meantime please go ahead as agreed. edit: I think I don't have to check for a certain number of results at all, just have to check that there is a number returned. |
|
@SepidehAlassi Is this PR OK to merge now? If so, please don't forget to click the "approve" button. |
yes, I believe it is. :-) |
|
@SepidehAlassi Many thanks for the review! |
User story: https://dasch.myjetbrains.com/youtrack/issue/DSP-36
Discussion:
https://discuss.dasch.swiss/t/how-to-deal-with-forbidden-resources-and-values-consistently/153
https://discuss.dasch.swiss/t/knora-api-js-lib-pr-changing-public-api/158/5
This PR removes
ForbiddenResourceto make Gravsearch more consistent with the rest of API v2.Instead of using
ForbiddenResource, Gravsearch now returns"knora-api:mayHaveMoreResults": trueif the number of main resources returned, plus the number of main resources hidden because of permissions, equals the page size.This has a couple of other advantages:
The rest of API v2 now also distinguishes between a resource not being found (
NotFoundException, HTTP 404) and the user not having permission to see it (ForbiddenException, HTTP 403).This PR also unifies the processing of search responses and other resource responses in
ConstructResponseUtilV2.Tasks:
knora-base.ttlandsystem-data.ttl.ConstructResponseUtilV2and its dependencies.knora-api:mayHaveMoreResults.knora-baseversion number.Resolves #1543.