Skip to content

[API] Make the GET /resources endpoint public #128

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lpatmo opened this issue Apr 6, 2020 · 6 comments
Closed

[API] Make the GET /resources endpoint public #128

lpatmo opened this issue Apr 6, 2020 · 6 comments
Assignees
@lpatmo
Labels
good first issue Good for newcomers

Comments

@lpatmo
Copy link
Member

lpatmo commented Apr 6, 2020
edited
Loading

Context

Right now, on the front-end, we need to pass in a token (i.e. the user needs to be logged in) before they can see a list of resource.

 axios
      .get('/api/v1/resources', {
        headers: {
          Authorization: `Bearer ${authContext.authTokens.token}`,
        },
      })

This should be true for when users are creating a resource, but the list of resources on https://cb-react-concept.netlify.com/resources should be available to the public.

Acceptance Criteria

[ ] Make GET /resources not protected by authorization
[ ] Change setup for tests to make sure we're not authed for the GET requests, but are authed for POST, PATCH, and search.
[ ] Add test to make sure GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search work without a token
[ ] Add/alter tests for GET GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search to ensure that they also work with a token
[ ] Add tests to make sure PATCH and POST fail without a token
[ ] Add test to make sure DEL fails without a token
@lpatmo lpatmo mentioned this issue Apr 6, 2020
Merged
4 tasks
@chris48s
Copy link
Contributor

chris48s commented Apr 6, 2020

If you wanted to use this as an issue to walk someone through their first contribution, this should be close to a one-line change to the API code:

https://www.django-rest-framework.org/api-guide/permissions/#isauthenticatedorreadonly

from rest_framework import permissions

class ResourceView():
    permission_classes = [permissions.IsAuthenticatedOrReadOnly]
    #...
  • Set up a dev environment
  • Make that change
  • Write a test
  • Submit a PR

probably fits nicely into a 1 hour hangout.

@lpatmo
Copy link
Member Author

lpatmo commented Apr 7, 2020

probably fits nicely into a 1 hour hangout.

That's a GREAT idea!! I will raise it up in #codebuddies-meta.

I could actually use some guidance on how to write a test for this, heh. We're primarily testing that the GET /resources endpoint works without passing in an auth token, right?

@lpatmo lpatmo added the good first issue Good for newcomers label Apr 7, 2020
lpatmo pushed a commit to codebuddies/frontend that referenced this issue Apr 7, 2020
Remove tokens from GET request -- will be unnecessary when codebuddie…
118174c 
…s/backend#128 is implemented and merged
@lpatmo
Copy link
Member Author

lpatmo commented Apr 7, 2020
edited by BethanyG
Loading

Confirmed that IsAuthenticatedOrReadOnly works! 🎆Yay.

Updated the acceptance criteria with some ideas for tests (h/t @BethanyG for suggesting in #codebuddies-meta):

[ ] Change setup for tests to make sure we're not authed for the GET or search requests, but are authed for POST and PATCH
[ ] Add test to make sure GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search work without a token
[ ] Add/alter tests for GET GET /api/v1/resources/{{guid}}/ and GET /api/v1/resources/ requests and search to ensure that they also work with a token
[ ] Add tests to make sure PATCH and POST fail without a token
[ ] Add test to make sure DEL fails without a token

@chris48s
Copy link
Contributor

chris48s commented Apr 7, 2020

I could actually use some guidance on how to write a test for this

Reading your next post plus slack, it looks like you've already figured it out tbh :)

@lpatmo
Copy link
Member Author

lpatmo commented Apr 7, 2020

🤞🤞:)

@lpatmo lpatmo self-assigned this Apr 9, 2020
@lpatmo
Copy link
Member Author

lpatmo commented Apr 21, 2020

PR: #134

@lpatmo lpatmo closed this as completed Apr 21, 2020
lpatmo pushed a commit to codebuddies/frontend that referenced this issue Apr 26, 2020
Remove tokens from GET request -- will be unnecessary when codebuddie…
595f3fd 
…s/backend#128 is implemented and merged
angelocordon pushed a commit to codebuddies/frontend that referenced this issue Apr 26, 2020
@angelocordon
Remove tokens from GET request -- will be unnecessary when codebuddie…
671074b 
…s/backend#128 is implemented and merged
angelocordon pushed a commit to codebuddies/frontend that referenced this issue Apr 26, 2020
@angelocordon
Remove tokens from GET request -- will be unnecessary when codebuddie…
43a6a14 
…s/backend#128 is implemented and merged
CodeconValley added a commit to CodeconValley/frontend_codebuddie that referenced this issue Jul 3, 2023
@CodeconValley
Remove tokens from GET request -- will be unnecessary when codebuddie…
8ea22b2 
…s/backend#128 is implemented and merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lpatmo lpatmo

Labels
good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lpatmo @chris48s