https://github.com/hypothesis/h/pull/9079 added an initial read-only list of members to the "Members" tab in the group form. That iteration only supported listing members of open groups because the call to list members was unauthenticated.
This PR changes the call to work the same way as the (authenticated) API calls the forms use to create and edit groups. This enables the members list to work for private groups as well.
Summary of changes:
Add the api.group_members route to the list of routes that allow API cookie auth
Change the backend to add API configuration for making the call to list group members
Change the frontend to use this API configuration instead of generating the URL itself
Testing:
Select a private group in activity pages and click "Edit group".
Click the "Members" link and you should see the group's members listed.
https://github.com/hypothesis/h/pull/9079 added an initial read-only list of members to the "Members" tab in the group form. That iteration only supported listing members of open groups because the call to list members was unauthenticated.
This PR changes the call to work the same way as the (authenticated) API calls the forms use to create and edit groups. This enables the members list to work for private groups as well.
Summary of changes:
api.group_membersroute to the list of routes that allow API cookie authTesting: