[Patchew-devel] [PATCH v2] rest: add api/v1/messages endpoint (POST support)
Paolo Bonzini
pbonzini at redhat.com
Tue May 15 14:41:31 UTC 2018
On 15/05/2018 15:27, Shubham Jain wrote:
>
>
> On Tue, May 15, 2018 at 6:25 PM Paolo Bonzini <pbonzini at redhat.com
> <mailto:pbonzini at redhat.com>> wrote:
>
> On 15/05/2018 14:40, Shubham Jain wrote:
> > This can be just "projects = (p for p in projects if
> > p.maintained_by(self.request_user))". I'll make the change and
> > commit it.
> >
> > What's next?
>
> Write more tests. :)
>
> Alright. Could you please elaborate "Add more testcases around
> authorization: check for 403 on unauthenticated post, check what the
> "importer" group is allowed to do, etc."?
- check that POST fails if you haven't logged in
- check that the rules for importing messages work (import by
maintainer, import by non-maintainer, import by someone in the
"importer" group)
>
>
> Then I'm thinking of jumping directly to OAuth... Either that, or the
> update-project-head old-style request, which would be an easy POST
> request like /projects/{pk}/update-head.
>
> Cool, I'll start going through the documentation of OAuth side by side.
> Which third party OAuth are we going to use?
I think Patchew should be an OAuth provider so that it can restrict API
access to registered clients. There are tutorials
https://django-oauth-toolkit.readthedocs.io/en/latest/
Paolo
More information about the Patchew-devel
mailing list