flake8
passed.
JSHint
passed.
Add top-level reviews API endpoint
Review Request #12297 — Created May 23, 2022 and submitted
Review resources are currently child resources of review requests. This limits
the type of queries we can do for reviews, for example we can't query for all
reviews created by a given user.This change adds a top-level API endpoint for reviews. We register a root list
resource for reviews and support GET requests with the following query
parameters:
-user=<username>
-repository=<repoName>
-last-updated-fromandlast-updated-to
-review-group=<groupName>Based on work by Taylor Christie at /r/12028.
- Created unit tests for the root review resource and ran successfully
| Summary | ID | Author |
|---|---|---|
| 8f401d529c308b4b4bb1fef11ec67df5b78e37ba | Michelle | |
| 12ddd87cbd945920d04200e17ce508fadb085adc | Michelle |
| Description | From | Last Updated |
|---|---|---|
|
I haven't dug into the unit testing on this much yet, but making sure we have this on the checklist … |
 chipx86
|
|
|
The review_request api endpoint filters by the ID of the repository instead of the name. Should we filter by ID … |
 maubin
|
|
|
It might be worthwhile to add fields for "time-added-to" and "time-added-from" just so that there's more options for date filtering. … |
maubin
|
|
|
this doesn't actually add the user to the local site, is there another way that i should be adding the … |
maubin
|
|
|
W292 no newline at end of file |
 reviewbot
|
|
|
W292 no newline at end of file |
reviewbot
|
|
|
Can you order these alphabetically? |
chipx86
|
|
|
Small nit, but for consistency, this is usually placed after the main resource definitions (so after added_in in this case). |
chipx86
|
|
|
Can you order these alphabetically? |
chipx86
|
|
|
We should probably stick with public instead of drafts for this, and take it as a boolean. |
chipx86
|
|
|
We can use &= for these. |
chipx86
|
|
|
We use a chaining format to keep these readable, like: users = ( Group.objects .filter(name=...) .values_list('users') ) |
chipx86
|
|
|
Can you update this to do one argument per line? That'll help keep this readable/maintainable going forward. |
chipx86
|
|
|
This should document *args and **kwargs. |
chipx86
|
|
|
Can you order these keys alphabetically? |
chipx86
|
|
|
Since we use a ' in the docstring, and don't use " anywhere, we can use " for the string … |
chipx86
|
|
|
This should document the arguments and AssertionError. |
chipx86
|
|
|
For each of these tests, we'll want to asser that we get exactly the reviews we expect, in the order … |
chipx86
|
|
|
Can you update these to use user instead of u? Same elsewhere in tests. This helps keep things consistent and … |
chipx86
|
|
|
Similar, review_request instead of rr. |
chipx86
|
|
|
get_tz_aware_utcnow() is a bit legacy. We should be able to use Django's timezone.now() instead. |
chipx86
|
|
|
We're going to want to avoid using _. I have some details on this in the other API change. |
chipx86
|
|
|
Similarly, we should use review. |
chipx86
|
|
|
line too long (82 > 79 characters) Column: 80 Error code: E501 |
reviewbot
|
|
|
line too long (83 > 79 characters) Column: 80 Error code: E501 |
reviewbot
|
|
|
Add a blank line between these two. |
 david
|
|
|
Let's fix this to just say "Unit tests for RootReviewResource" |
david
|
|
|
An optimization I'll be working toward is to avoid these JOINs where possible, and since this code is new, we … |
chipx86
|
|
|
This will need to be wrapped in list(...) in order to get the values directly. Otherwise this ends up being … |
chipx86
|
|
|
The *args is off. Missing Args:. |
chipx86
|
|
|
This test should have some public and non-public reviews that aren't accessible by the user, and ensure they don't show … |
chipx86
|
|
|
This test should add a mixture of accessible/inaccessible review requests and accessible/inaccessible reviews, and non-public reviews on accessible review requests, … |
chipx86
|
|
|
This test should add a mixture of accessible/inaccessible review requests and accessible/inaccessible reviews, and public reviews on accessible review requests, … |
chipx86
|
|
|
This should have some inaccessible repositories and make sure reviews on them don't show up in the results. Same for … |
chipx86
|
|
|
Same comments as above but for review groups. |
chipx86
|
-
-
I haven't dug into the unit testing on this much yet, but making sure we have this on the checklist for this feature...
One thing to make sure of is that we have very extensive test coverage of access controls, making sure that it won't return reviews if:
- It's unpublished and you are not the owner
- It's on a private repository you don't have access to
- It's on an invite-only review group you don't have access to
- It's on a Local Site you don't have access to
- Commits:
-
Summary ID Author f51a3f8266cdc437adad47b077640c67303d48a6 Michelle f51a3f8266cdc437adad47b077640c67303d48a6 Michelle 2a13f607d8c71ce674dfd8e76ce5e9eaedde280c Michelle - Diff:
-
Revision 2 (+1172 -38)
- Commits:
-
Summary ID Author f51a3f8266cdc437adad47b077640c67303d48a6 Michelle 2a13f607d8c71ce674dfd8e76ce5e9eaedde280c Michelle f51a3f8266cdc437adad47b077640c67303d48a6 Michelle 21cd27249c868378fa540a824b70165b54ccfdec Michelle - Depends On:
-
- Diff:
Revision 3 (+1179 -39)
- Change Summary:
-
Ready for review
- Commits:
-
Summary ID Author f51a3f8266cdc437adad47b077640c67303d48a6 Michelle 21cd27249c868378fa540a824b70165b54ccfdec Michelle 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle 1829f2c534ef8a2d39b9a7a78fae782be905e98a Michelle - Diff:
-
Revision 4 (+1183 -39)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Commits:
-
Summary ID Author 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle 1829f2c534ef8a2d39b9a7a78fae782be905e98a Michelle 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle 4645249372da164a65fb970dff37e46727f9dc3d Michelle - Diff:
-
Revision 5 (+1171 -39)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
small styling changes
- Commits:
-
Summary ID Author 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle 4645249372da164a65fb970dff37e46727f9dc3d Michelle 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle f5485492d261cb96a1394e40e17ab97ac5bc1171 Michelle - Diff:
-
Revision 6 (+1175 -41)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
-
Many of my comments are similar to the comments API change. There's more context in there for some of the issues opened here.
-
-
Small nit, but for consistency, this is usually placed after the main resource definitions (so after
added_inin this case). -
-
-
-
We use a chaining format to keep these readable, like:
users = ( Group.objects .filter(name=...) .values_list('users') ) -
Can you update this to do one argument per line? That'll help keep this readable/maintainable going forward.
-
-
-
Since we use a
'in the docstring, and don't use"anywhere, we can use"for the string itself and avoid escaping the'. -
-
For each of these tests, we'll want to asser that we get exactly the reviews we expect, in the order in which we expect them. You can use
compare_itemto help with this.This applies to all tests.
-
Can you update these to use
userinstead ofu? Same elsewhere in tests. This helps keep things consistent and greppable. -
-
-
-
- Change Summary:
-
- Changed the
draftsrequest field topublic. Also changed the logic behind this field, previously the endpoint would return only public reviews by default. Now the default is to return both public and draft reviews. - Changed
time-added-fromandtime-added-torequest fields back tolast-updated-fromandlast-updated-tosincereview.timestampcan be updated, its not necessarily the time it was added - Switched
q = q &toq &= - Stopped using
_for unused variables - Uses
timezone.now()instead ofget_tz_aware_utcnow() - Uses
compare_itemin mostly all tests - Uses consistent variable names in tests
- Changed the
- Commits:
-
Summary ID Author 76f92ec1c9e7f2db453f99e15bea82b09cd21c78 Michelle f5485492d261cb96a1394e40e17ab97ac5bc1171 Michelle b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle 52feb4f50bf103427913dc764ecac19639483011 Michelle - Diff:
-
Revision 7 (+1342 -130)
- Change Summary:
-
fix line too long issues
- Commits:
-
Summary ID Author b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle 52feb4f50bf103427913dc764ecac19639483011 Michelle b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle 59db00932fcf0ac56a6851e41c015048b915736c Michelle - Diff:
-
Revision 8 (+1346 -130)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Commits:
-
Summary ID Author b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle 59db00932fcf0ac56a6851e41c015048b915736c Michelle b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle df90bd8e7b9fcd0cb31f1e772ec785e565c89f20 Michelle - Diff:
-
Revision 9 (+1349 -131)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
-
Most of my comments are about the test coverage. They're examples, but not the only cases, where we should probably expand our test data. We want to ensure that we never get any results we don't expect, so we should ensure there's enough test data in each test to ensure that we never unintentionally leak wrong information in the API calls.
-
An optimization I'll be working toward is to avoid these JOINs where possible, and since this code is new, we might as well do this now.
We can fetch the
UserandRepositoryup-front (returningself.model.objects.none()if we fail to look those up, since we know we won't get results). Just the ID (usingvalues_list('pk', flat=True)).We can then pass that ID in as
Q(user=<id>)andQ(review_request__repository=<id>).This will optimistically save two JOINs, improving performance of this API.
-
This will need to be wrapped in
list(...)in order to get the values directly. Otherwise this ends up being a subquery, if we just pass it in. -
-
This test should have some public and non-public reviews that aren't accessible by the user, and ensure they don't show up in results.
-
This test should add a mixture of accessible/inaccessible review requests and accessible/inaccessible reviews, and non-public reviews on accessible review requests, and ensure nothing inaccessible/non-public shows up in results.
-
This test should add a mixture of accessible/inaccessible review requests and accessible/inaccessible reviews, and public reviews on accessible review requests, and ensure nothing inaccessible/public shows up in results.
-
This should have some inaccessible repositories and make sure reviews on them don't show up in the results.
Same for all other repository-related tests.
We're also going to need tests that show results only if:
- On the repository's user list, or
- In a group on the repository's review group list
-
- Change Summary:
-
- Added more coverage when testing for access control
- Commits:
-
Summary ID Author b6c09163cab5c656015ee6192b1f5ac419ca4547 Michelle df90bd8e7b9fcd0cb31f1e772ec785e565c89f20 Michelle e126b6602631eae52175d0b235854054c07745f5 Michelle 6e87e387df920d483986d8bb5e7813e3642633d6 Michelle - Diff:
-
Revision 10 (+1620 -152)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
Got rid of a hardcoded key name and use
self.resource.list_result_keyinstead - Commits:
-
Summary ID Author e126b6602631eae52175d0b235854054c07745f5 Michelle 6e87e387df920d483986d8bb5e7813e3642633d6 Michelle fa53c2a57c1c41540a57f1fa4e83d19ba34bcb2e Michelle b254f0e06cac695969b81c13b4824698a7082078 Michelle - Diff:
-
Revision 11 (+1653 -153)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.
- Change Summary:
-
- Added a blank line between class-level docstrings and members
- Changed
frmandtovariable names in timestamp tests to more descriptive ones
- Commits:
-
Summary ID Author fa53c2a57c1c41540a57f1fa4e83d19ba34bcb2e Michelle b254f0e06cac695969b81c13b4824698a7082078 Michelle 8f401d529c308b4b4bb1fef11ec67df5b78e37ba Michelle 12ddd87cbd945920d04200e17ce508fadb085adc Michelle - Diff:
-
Revision 12 (+1662 -156)
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.