Open cristina-stonepedraza opened 1 week ago
eecavanna
commented
1 week ago Hi @cristina-stonepedraza, here's an example of an automated test that targets an endpoint like this one:
There are actually two tests there because the endpoint in question is only accessible to admins. One of the tests focuses on that aspect (i.e. security).
By the way, I do wonder whether we will restrict access to this reporting endpoint also. You/we can discuss that with @mslarae13.
mslarae13
commented
1 week ago By the way, I do wonder whether we will restrict access to this reporting endpoint also. You/we can discuss that with @mslarae13.
@eecavanna I assume the submission status end point that I use for quarterly metrics is limited, yes? I think this should be the same.
eecavanna
commented
1 week ago That's correct, @mslarae13; the endpoint I implemented, which you use to get a submission report (TSV file) for our quarterly reports, is accessible only to users that are admins.
eecavanna
commented
1 week ago Great commit messages, by the way, @cristina-stonepedraza!
Next week, I can walk you through the process of logging into the Data Portal such that you can access protected endpoints via the Swagger UI page; and how you can "promote" yourself into an admin locally.
eecavanna
commented
5 days ago Just passing through as I've been seeing the notifications from GitHub. The code is looking excellent (in my opinion)! đź‘Ź
cristina-stonepedraza
commented
5 days ago @eecavanna I've got this to a place where all the tests pass, I think it's ready for another look when you have a chance!
eecavanna
commented
4 days ago If you add this parameter to the endpoint request handler function, the endpoint will become accessible to logged-in users only (but does not ensure they are admins—that will come next):
If you then add this snippet to the beginning of the function's body, the endpoint will become accessible to logged-in users who are admins only:
In terms of testing, you can add a test like this to demonstrate that a logged-in user that is not an admin is unable to access the endpoint:
Finally, in the existing test you've already written, you can replace the existing logged-in user with a logged-in admin user by following the example in this snippet. Here, we make the test require a logged-in admin user, then we use a variable called logged_in_user to refer to that logged-in admin user so that the code below it can remain the same (since it already uses the latter variable name).
eecavanna
commented
2 days ago I'm also going to tag @naglepuff and @pkalita-lbl here as they, too, maintain the Data Portal API and I want them to be aware that this branch may be merged into the main branch soon.
FYI, @naglepuff and @pkalita-lbl: I've reviewed this branch and approve of it being merged into main once @mslarae13 has approved of its user-facing behavior.
Add a script to api.py and a query to crud.py to pull information from the submission portal database, and then generate a report of NMDC submissions that have been submitted as a TSV.
This PR references issue 2047 in nmdc-schema: https://github.com/microbiomedata/nmdc-schema/issues/2047