search

objectcomputing / check-ins

Other
7 stars 7 forks source link

Add API for managing certifications and earning them #2484

Closed timyates closed 2 weeks ago

timyates commented 3 weeks ago

What?

Adds backend services API for managing certifications.

Should support https://github.com/objectcomputing/check-ins/pull/2477

I tried to keep as close to the Typescript skeleton as possible.

When running, Certifications swagger API can be seen here and the Earned Certifications swagger API can be seen here

Missing

Questions for future discussion:

Certifications

List

GET /services/certification

Create

POST /services/certification

Body should be: com.objectcomputing.checkins.services.certification.CertificationDTO

{
  "name": "string",
  "badgeUrl": "string",
  "active": "boolean"
}

badgeUrl is optional and active is optional and defaults to true

Update

PUT /services/certification/{id}

Body should be: com.objectcomputing.checkins.services.certification.CertificationDTO (as above)

Merge

POST /services/certification/merge

Body should be com.objectcomputing.checkins.services.certification.CertificationMergeDTO

{
  "sourceId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "targetId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}

Earned Certifications

List

GET /services/earned-certification{?memberId,certificationId,includeInactive}

Query parameters memberId, certificationId and includeInactive are optional for filtering the response to a certification or member or both, or including earned-certifications for deactivated certifications

Create

POST /services/earned-certification

Body should be com.objectcomputing.checkins.services.certification.EarnedCertificationDTO

{
  "memberId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "certificationId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "description": "string",
  "earnedDate": "2024-06-06",
  "expirationDate": "2024-06-06",
  "certificateImageUrl": "string"
}

expirationDate and certificateImageUrl are optional

Update

PUT /services/earned-certification/{id}

Body should be com.objectcomputing.checkins.services.certification.EarnedCertificationDTO as above

Delete

DELETE /services/earned-certification/{id}
timyates commented 3 weeks ago

@mvolkmann who should be able to manage certifications and their earning?

I'm guessing we need a permission for administering certifications,

And then the earned certifications can only be managed by the member themselves (plus people with the certification permission above?)

mkimberlin commented 3 weeks ago

I was just about to leave a comment to that effect on here, @timyates. I think you are spot on, except I would make a CAN_MANAGE_EARNED_CERTIFICATIONS or similar instead of relying on the permission for managing certification types.

timyates commented 2 weeks ago

@mvolkmann @mkimberlin In the latest commit, I added 2 permissions:

CAN_MANAGE_CERTIFICATIONS -- which allows creation and updating of Certifications CAN_MANAGE_EARNED_CERTIFICATIONS -- which allows creation and updating of EnabledCertifications for ANY user

Without the second permission, users can only create, update and delete EarnedCertifications which they are the owner of (via the memberId field)

I hope this makes sense and is the correct direction 🤔

timyates commented 2 weeks ago

Pushed https://github.com/objectcomputing/check-ins/pull/2484/commits/0632931df76af679a1ea7e19bd27a201e62ac40e which allows anyone to create a certification

So in the Certificate controller, update and merge require the CAN_MANAGE_CERTIFICATIONS permission

The permissions for earned certifications are handled in the service itself with

https://github.com/objectcomputing/check-ins/blob/7a767cc65aaf4e136896ff14f16d1d5982cd39d4/server/src/main/java/com/objectcomputing/checkins/services/certification/CertificationServiceImpl.java#L138-L143