Open adamamyl opened 10 years ago
This would involve splitting the existing form for name, into two blocks; firstname and lastname. See the 'weep' note in #53.
Ok, what I suggest for this is that we integrate it into the user profile editing page in CKAN. I think it's already the case in CKAN that normal users can only update their own accounts, while sysadmins can update any user's account (if they type the edit URL for that user's account profile into their location bar manually).
Does receiving a 200 OK and a request ID from The Platform mean the user details have been updated on The Platform? What is the request ID for?
Agree that we'll need to customize the user edit form and split fullname into first name and last name, which is a real shame (just pointless make-work).
Does receiving a 200 OK and a request ID from The Platform mean the user details have been updated on The Platform? What is the request ID for?
Yes, a 200 means the request (should have) worked. The request ID is largely used for the audit logs in the EC.
Agree that we'll need to customize the user edit form and split fullname into first name and last name, which is a real shame (just pointless make-work).
Indeed. It's also contrary to the Government Service Design Manual, but unfortunately, it's what is required of us.
I can only see a need to split names on the
forms.
In the rest of cases, given name should be fine to use. Quite how you want to implement that, I'll leave to you.
Ok, what I suggest for this is that we integrate it into the user profile editing page in CKAN.
Agree.
The API follows standard HTTP REST APIs behaviour defined in NFR #891.
What is NFR #891?
@seanh All publicly visible HTTP REST APIs should follow behaviours specified: APIs, which require authentication and specific permissions, should check if the caller is authenticated and has required permission before the APIs logic is executed. APIs, which require the request body to have certain structure (e.g. JSON format, required fields, etc.), should validate the request body before the APIs logic is executed. Scenarios: Unauthenticated Given I'm not authenticated or my OAuth authentication token is invalid When I access a public API requiring authentication, Then:
Invalid permissions Given I'm authenticated, but I don't have suitable access rights When I access a public API requiring authentication and specific rights, Then:
Bad request Given my request is malformed, When I access a public API requiring its body to follow a certain format, Then I receive a response with HTTP status 400 (Bad Request) and a JSON response containing the error details.
This user story needs a clarification, as, as far as I understand things, 'ordinary' users will not be using WAAD (down to cost), but should still be created.
Can Glasgow please confirm that for ordinary users (citizens, etc), user accounts will not be created in WAAD/Identity Services, but that they should live in CKAN? @stevenlivz, maybe?
This is to update user profiles.
Complication: we'll be having mixed users (EC and CKAN). We need to do user changes for EC users via the Identity Services / Metadata API, and changes for CKAN users in CKAN.
API
Data Collection service should expose the following HTTP REST API to add update user account:
PUT https://<hostUrl>/Users{/Organisation/<organisationId>}/User/<userId>
<JSON body defining metadata for user>
The body of the request should contain the following properties:
The description is expected to be in markdown format (no validation is required - every text is a valid markdown)
The API will be called only by authenticated users:
The successful response will contain a unique request ID.
Scenarios
Successful submission
Given:
the request is well formed,
When I send a user update request, Then:
Authenticated User trying to update an account other than their own
Given:
When I send a user update request, Then:
Standard HTTP REST API behaviour
The API follows standard HTTP REST APIs behaviour defined in NFR #891.
Business rules:
Accept Criteria