Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Return 404 if accessing unpublished dataset aka entity list #974

Merged
merged 1 commit into from
Sep 13, 2023
Merged

Return 404 if accessing unpublished dataset aka entity list #974

merged 1 commit into from
Sep 13, 2023

Conversation

ktuite
Copy link
Member

@ktuite ktuite commented Sep 12, 2023

Backend part of getodk/central#467

What has been done to verify that this works as intended?

Tested it with frontend and added a specific test.

Why is this the best possible solution? Were any other approaches considered?

When getting metadata about a dataset/entity list, it doesn't even seem to include the publishedAt timestamp, so it makes sense to only return published datasets at the /datasets/:name url and return 404 resource not found otherwise.

How does this change affect users? Describe intentional changes to behavior and behavior that could have accidentally been affected by code changes. In other words, what are the regression risks?

Limits access to unpublished datasets but makes some parts of frontend more consistent.

Does this change require updates to the API documentation? If so, please update docs/api.md as part of this PR.

Writing this out in the API would be a good idea. Tagging #949

Before submitting this PR, please make sure you have:

  • run make test-full and confirmed all checks still pass OR confirm CircleCI build passes
  • verified that any code from external sources are properly credited in comments or that everything is internally sourced

@ktuite ktuite mentioned this pull request Sep 12, 2023
Merged
2 tasks
matthew-white
matthew-white approved these changes Sep 12, 2023
View reviewed changes
lib/resources/datasets.js Outdated
@@ -26,6 +27,7 @@ module.exports = (service, endpoint) => {
Datasets.get(params.projectId, params.name)
.then(getOrNotFound)
.then((dataset) => auth.canOrReject('dataset.read', dataset)
.then(rejectIf((() => dataset.publishedAt == null), noargs(Problem.user.notFound)))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than adding a separate check, I think you could use the optional third parameter of Datasets.get(). That's how some other endpoints are returning a 404 (for example, lib/resources/entities.js).

@ktuite ktuite force-pushed the ktuite/no-access-unpublished-entity-list branch from 465c926 to d0e2f8c Compare September 13, 2023 00:31
@ktuite
Copy link
Member Author

ktuite commented Sep 13, 2023

This issue was actually fixed by #934 and now this PR is just a new test :D

@ktuite ktuite merged commit 2cf7c27 into master Sep 13, 2023
4 checks passed
@matthew-white matthew-white deleted the ktuite/no-access-unpublished-entity-list branch September 13, 2023 01:48
@matthew-white matthew-white mentioned this pull request Sep 13, 2023
Closed
@ktuite ktuite mentioned this pull request Sep 19, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthew-white matthew-white matthew-white approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ktuite @matthew-white