Display only visible repositories via API and Website, even when logged in as administrator.

Review Request #3279 — Created Aug. 15, 2012 and submitted

Information

Review Board
master

Reviewers

Display only visible repositories via API and Website, even when logged in as administrator.
Display all repositories only in admin section.

I propose this change because the Repository List API documentation says "This will only list visible repositories. Any repository that the administrator has hidden will be excluded from the list.". Currently, when accessing this API whilst logged in as administrator this rule isn't met.
Tested manually on sample installation. Also tested with the unit tests.
Description From Last Updated

No need to compare to True.

chipx86chipx86

Should just be: qs = self.filter(visible=True).distinct()

chipx86chipx86
chipx86
  1. I think this change needs some discussion before we commit anything.
    
    First off, the count. I don't think it's wrong to show invisible repositories in the count, just like we don't show inactive users or invisible groups. They're still in the database, and likely are still referenced by older review requests. They're just not publicly shown, I think that's okay.
    
    As far as the API goes, I can see arguments for doing this and for not doing this. On the one hand, an administrator is a special class of user that can access just about anything, and so maybe we do want to show these. I would say that consumers should be checking whether the repository is listed as visible or not in each result anyway, except we don't provide that field. We should definitely do that at a minimum. We also may potentially break consumers of the API by making this change.
    
    On the other hand, it's not consistent in terms of results between users, and that's weird. However, I still want the ability to show invisible repositories (there may be a native app or tool that shows all repositories and allows you to toggle visibility state).
    
    So here's what I think we should do.
    
    1) Don't change the count. I think it's fine as it is.
    
    2) Add a 'visible' field to RepositoryResource.
    
    3) Add a show-visible= query argument for the list of repositories, and key off by that. Set it to False by default. Document that it will only be used for administrators.
    
    4) We also need unit tests for each combination of this in the API.
  2. reviewboard/scmtools/managers.py (Diff revision 1)
     
     
    Show all issues
    No need to compare to True.
  3. reviewboard/scmtools/managers.py (Diff revision 1)
     
     
     
    Show all issues
    Should just be:
    
    qs = self.filter(visible=True).distinct()
  4. 
      
DE
DE
Review request changed
Status:
Completed
Change Summary:
Pushed to master (a776408). Thanks!
david
  1. Ship It!
  2.