search

oreoshake / hackerone-client

An unofficial wrapper for the HackerOne API
https://api.hackerone.com/docs/v1
MIT License
55 stars 27 forks source link

Feature: Assign Reports #2

Closed oreoshake closed 7 years ago

oreoshake commented 7 years ago

See https://api.hackerone.com/docs/v1#/reports/assignee/update

esjee commented 7 years ago

The endpoint expects an id and a type to be provided. Where type is one of user, group or nobody. The id is, of course, the id of the user or the id of the group.

To support this functionality in this gem, we introduce something like

def assign_to(type, user_or_group_id=nil)

report = Hackerone::Report.first
esjee = Hackerone::User.find 'esjee'
report.assign_to(esjee.id, 'user')

However, I'm doubting whether that's a perfect solution. Perhaps masking the details of how the API works is nicer, and we could do something like

def remove_assignee    #  assign_to 'nobody'
def assign(user_or_group_name)

report = Hackerone::Report.first
report.remove_assignee
report.assign_to 'esjee'
report.assign_to 'developers'

But maybe I'm just overthinking this. 😄

Do you have any thoughts on this? Do you plan to use this functionality, and if so, how would you like to use it?

oreoshake commented 7 years ago

@esjee Woah, I didn't realize h1 had the option to assign issues to a group or even how that is managed.

report.assign_to(esjee.id, 'user')

What happens if you do something like report.assign_to(some_group.id, 'user')? Would the API reject that? It seems like supplying the type would only be useful as a sanity check, but the param is required so I'm assuming it matters greatly.

report.assign_to 'esjee'

Would this do a lookup to see if esjee is a group or a user? Same goes for developers. Assuming the assignment blows up if you supply the wrong type, I think this API is better even if it does cost an extra API call (although I'd prefer that the actual API treated the type as optional).

esjee commented 7 years ago

What happens if you do something like report.assign_to(some_group.id, 'user')? Would the API reject that?

Well, that depends. It'll try to assign to a user with the id of the group. If you happen to have a user in your team that is lucky enough to have the same id as the group, then the API assumes you want to assign to that person. If no such user can be found, the request fails.

So yes, it matters greatly. :confused:

Would this do a lookup to see if esjee is a group or a user? Same goes for developers. Assuming the assignment blows up if you supply the wrong type, I think this API is better even if it does cost an extra API call (although I'd prefer that the actual API treated the type as optional).

Cool! I'll try to implement this behavior.

oreoshake commented 7 years ago

If you happen to have a user in your team that is lucky enough to have the same id as the group

Ah, I guess I was assuming a user ID couldn't be a group ID but I'm not sure where I'd get that feeling.

oreoshake commented 7 years ago

Fixed in https://github.com/oreoshake/hackerone-client/issues/16