search

archivematica / Issues

Issues repository for the Archivematica project
GNU Affero General Public License v3.0
16 stars 1 forks source link

Problem: It is possible to create a location without a purpose using the storage service API #909

Open ross-spencer opened 5 years ago

ross-spencer commented 5 years ago

Expected behaviour

Some basic validation of an API call is performed so that the result is unambiguous, and can immediately be used by the caller.

Current behaviour

Replace the UUIDs below with those that match an existing pipeline and storage space, and users can create a location in a space that has no defined purpose. 

curl -s -d '{
    "pipeline": ["/api/v2/pipeline/f00402be-8628-42c7-880f-d95886c0c25b/"],  
    "relative_path": "/home/path/to/my/location",
    "description": "location-description",
    "space": "/api/v2/space/fa14cdc5-6a50-436b-aa0a-38793c4c2860/"
}' \
    -X POST \
    -H "Authorization: ApiKey test:test" \
    -H "Content-Type: application/json" \
        "http://127.0.0.1:62081/api/v2/location/"

Purpose is a required field when making the identical change in the UI. Without the purpose field, the new location cannot be used.

The response from the call will look as follows:

{
    "description": "location-description",
    "enabled": true,
    "path": "/home/path/to/my/location",
    "pipeline": [
        "/api/v2/pipeline/b7cd1ec1-3295-4d94-9d7f-983c73feb4e3/"
    ],
    "purpose": "",
    "quota": null,
    "relative_path": "/home/path/to/my/location",
    "resource_uri": "/api/v2/location/99b0179f-1032-47e7-8609-a8bfe288c9f0/",
    "space": "/api/v2/space/290d2dc1-6aa9-4faf-93a7-2f1685980dcc/",
    "used": "0",
    "uuid": "99b0179f-1032-47e7-8609-a8bfe288c9f0"
}

image

Steps to reproduce

As above.

Your environment (version of Archivematica, OS version, etc)

Archivematica 1.10.

Additional context

I haven't tried other combination of API call here, there may be other aspects of validation of this call we will want to correct, e.g. fields, or prevention of creating duplicate locations (identical space, purpose, path). As well as the docs to say that isn't and isn't a required field. The docs might also elaborate on the response, for example, should it be possible to set quota shown above as null?

I believe the response this might warrant from the server is a 400 with some explanation of the error encountered.

For Artefactual use: Please make sure these steps are taken before moving this issue from Review to Done:

ross-spencer commented 5 years ago

NB. It is also possible to inject a completely different value into this field which we might also want to avoid by asking the API to push-back on receiving a non-valid location purpose.