Closed deepsidhu85 closed 3 weeks ago
Covered | Threshold |
---|---|
92.45% | 90% |
Overall looks great!
Can you make a separate error message for attempting to use an expired token? Right now the error returned is
Unable to access object while accessing the API in guest mode
, which doesn't make much sense for this case.
I added that error message in PR 620. At that stage, the token would have already failed authentication and when that happens the User is placed in guest mode. The same thing happens if the User attempts to use the API without a token. So when the error is thrown there is no context of having an expired token as it wont be set. So long ways around to saying that we can't change this error message, as it is can be thrown when accessing specific API endpoints that require authorization while attempting to use an expired token or while not providing any token at all.
What does this PR do and why?
Describe in detail what your merge request does and why.
This PR updates policy methods for a user with uploader access level to be able to create a sample, modify a sample (create/remove files, update sample metadata), and read projects
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other pull requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
UPLOADER
access level. Copy down the tokensPostman
to test out the graphql queriesUntitled Request
and selectGraphql
URL
input, type inhttp://localhost:3000/api/graphql
authorization
tab. Here you can run the query/mutation with the bot accounts using their email and the tokens as the password. Make sure to try out all the queries/mutations using the valid and expired tokens for each bot account. Verify the bot account with theUPLOADER
access level can query/mutate if they have a valid token, otherwise they should not be able to.test/graphql/
directory for all the queries and mutations and to see how the data is passed in to each query and mutation.PR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.