WIP - Transfer user controller to json #93
Conversation
|
Also, I'd like to draw attention to the fact that I removed |
| @@ -9,7 +9,6 @@ defmodule Org.Repo.Migrations.CreateUser do | |||
| add :login, :string | |||
| add :company, :string | |||
| add :location, :string | |||
| add :created_at, :string | |||
There was a problem hiding this comment.
Actually, this is here because it keeps a record of when the github user was created. I figured it would be useful in case we ever want to detect if someone just created an account 10 minutes earlier to get access.
There was a problem hiding this comment.
Oh, guess I should've asked first. How about github_created_at for a little more clarity?
It doesn't need a too in-depth review, it's a WIP. Forgot to put that in the PR title.
There was a problem hiding this comment.
I think I named it that way because that's how it's named in the github response, so for ease of use. I don't mind changing it, but we have to consider how it will affect all our existing user data.
There was a problem hiding this comment.
I'll just revert this and add a comment in the model line explaining that it is the github user created_at date 👍
troym9731
changed the title
|
Could you hop on this branch, run |
|
Yeah, I'll take a look tonight |
|
Ok, I just updated the plugs you wrote to simply be an I also commented out all the auto generated tests. Right now, all the tests that I wrote are passing, which means I might set up Travis next. |
|
Also, I'm thinking we should get rid of the admin controllers and just collapse it into the normal ones. Seems odd to have to hit a different endpoint if you are an admin even though admins and members will be basically be using the same app. I have an idea for a simple permission system that should work. |
|
I don't believe the admin controllers constitute a different endpoint, they are just different controllers to handle the routes differently for admins. Check router.ex to see how they're being used. Let me know if I'm misunderstanding something. |
| else | ||
| conn | ||
| |> put_status(403) | ||
| |> render(Org.ErrorView, "403.json", []) |
There was a problem hiding this comment.
We might want to consider making a generic error.json and insert the status code/message?
There was a problem hiding this comment.
This is how Phoenix wants you to structure your views. We're pattern matching on "403.json", and the .json I believe is necessary to know to encode the output as such.
web/views/error_view.ex
Outdated
| @@ -9,6 +9,14 @@ defmodule Org.ErrorView do | |||
| "Internal server error" | |||
| end | |||
|
|
|||
| def render("401.json", _assigns) do | |||
| %{error: "Please sign in"} | |||
There was a problem hiding this comment.
I would rather stick with the generic/spec HTTP status messages, i.e. "Unauthorized" and "Forbidden" (below). As a general rule, I prefer not to be very specific about what is wrong (any more than necessary), for security reasons.
There was a problem hiding this comment.
Also, we should probably work out a standard format for responses.
{
data: ...
status: ...
page?: ... if we want to page results? (probably not a big concern)
}
{
status: 401
message: 'Unauthorized'
}❓
Let's discuss more in Slack when you have time.
There was a problem hiding this comment.
Oh I'm fine with the generic HTTP status messages. I just kept what was there before when trying to access a page without being signed in. Hmmm, I wonder if we need to return the status like that? Or if Phoenix knows to return that already?
But yeah, I'm fine with formatting it with {data: ..., status: ..., message: ...}
There was a problem hiding this comment.
Yeah, I don't know, I haven't looked at what the actual response looks like, so maybe Phoenix adds some stuff automatically?
|
I don't think it's possible to have one route lead to two different actions. Every route can only belong to one action. There might be a way we can hijack that, but I'm not sure we want to. So if there are specific actions that only admins can do e.g., That being said, we can also just attach those plugs to a specific action in the user controller like in |
|
Not sure what you mean, that's literally how it was set up when it was serving views. It's more than one "route", but for a single endpoint (e.g. /users is accessible as a "user", or with extra features as an "admin"). We may be talking about the same thing here, but you seem to think we weren't already doing this? Dunno. Message me on Slack and we can talk in more detail. |
|
Yeah, each action can only exist once per route, but that's what the router.ex does, it tells Phoenix which routes to serve depending on the plugs that resolve. So if the authorized user is an "admin" the router points /user/1/edit to the admin/user_controller.ex controller instead of the normal user_controller for that route, which provides Anyway, let's talk more in Slack, it will be easier to get on the same page. |
|
I recommend rebasing on master, I added the Heroku app.json, which is needed for "review apps". |
troym9731
force-pushed
the
transfer-user-controller-to-json
branch
from
67aed00 to
df19449
Compare
|
Ok, rebased |
Closes #85
Thought I'd throw this up to track some progress.
Also, getting a weird error when I try to run:
Based on the error, I would assume I'm not passing an integer somewhere, but I can't tell where. I can investigate again later, but if you could run it once locally to let me know if you get the same error, that would be helpful.