WIP
Review Request #7675 — Created Oct. 2, 2015 and discarded
--WIP--
The webapi allows for arbitrary data to be set in extra_data for certain API resources. Currently, all of that information is accessible through the API which is not always desirable.
The change in progress will allow users to specify private extra data which will be abstracted from the publicly api available information.Change strips any private data (denoted by leading double underscore
__
) in any resource that contains extra_data before returning it to an API call.Associated RB change: https://reviews.reviewboard.org/r/7674/
- Description:
-
~ WIP
~ --WIP--
+ + The webapi allows for arbitrary data to be set in extra_data for certain API resources. Currently, all of that information is accessible through the API which is not always desirable.
+ The change in progress will allow users to specify private extra data which will be abstracted from the publicly api available information. + + Change strips any private data (denoted by leading double underscore
__
) in any resource that contains extra_data before returning it to an API call.+ + Associated RB change: https://reviews.reviewboard.org/r/7674/
- Groups:
-
I'm not sure if this change is better suited for RB or Djblets? May want to ask Christian if this should override ReviewBoard's
WebAPIResource
methods or Djblet's. -
I think this would be better suited in a
serialize_extra_data
method. That way, it will be very contained and automatically called whenextra_data
exists.You're also going to want to be ensuring to step through the entire object too, because extra data can be:
"extra_data": { "public_key": { "another_public_key": True, "__private_key": "a secret!" } }
We won't want to return
__private_key
in this case, even though its nested in a public key.