amiv-eth / amivapi Goto Github PK
View Code? Open in Web Editor NEWThe REST API behind most of AMIV's web services.
Home Page: http://api.amiv.ethz.ch/docs
License: GNU Affero General Public License v3.0
The REST API behind most of AMIV's web services.
Home Page: http://api.amiv.ethz.ch/docs
License: GNU Affero General Public License v3.0
Implement rights to access GET, PUT, PATCH and DELETE for all ressources
This should check at least:
When the root and anonymous user are created they are created by insert statements which don't update metadata fields. This would be nice to have to be able to send requests to that item.
There should be a possibility to revert actions as DELETE and PATCH when they change information which may have taken a lot of work to do. This could be achived by archiving stuff or by versioning. Discussion?
Changes to the forwards resource should propagate into the filesystem, where they are read by the mailserver. For every forward there should be a file ~/.forward+<address_to_forward>, which contains one address per line and can have comments prepended with '#'.
For example the list "[email protected]" with the addresses "[email protected]" and "[email protected]" should have a file ~/.forward+helfer with the contents:
# Maintained by amivapi, changes are overwritten
[email protected]
[email protected]
Implement functionality to import users from LDAP and to update account information.
All requests should be logged including their query strings(except passwords). This should vastly improve bug detection.
Yes we scan.
A unittest should only test its own set of operation and not rely on necessary steps such as user creation before that, which could also fail. Therefore it should start with an already filled database. This hopefully makes it easier to see which part exactly is the problem.
Sort an clean all functions necessary to configure the api.
One single setup would be optimal.
It should be possible to get what roles exist and which permissions they grant via the API to display those informations to a user, when he is performing administrative tasks.
Different resources should need different whitelistists, e.g.
Joboffers:
logos: png, jpeg, ...
pdf: pdf (Duh.)
There should be a simple baseclass, which unittests can use, when they should not require authentification.
One might want to signup for an event which is already full, in case somebody cancels his/her signup.
The function in download.py will send a file from directory when the correct URL is accessed.
Currently, no authentification is necessary for this, I don't know how to implement it properly.
I don't know where to create the folder. Ideas?
Describe how the file interface can be used in the User Guide.
Also describe implementation details in the Developer Guide.
Associate files with studydocuments and update the association on changes to the studydocument. Remove the file when it is not needed anymore.
It is possible to create the file resource without sending a file, but this will break all GET requests that try to access the resource.
What needs to be done
There should be a feature, that accounts are updated from LDAP at regular intervalls. This needs a mechanism to schedule task to run at a regular interval(cron interface).
The API should send a version string, which can be used to provide backwards compatibility when the API is changed.
When deleting anything which is referenced by a ForeignKey which can not be nulled, 400 will be returned. We need hooks which handle this before the action is performed.
Same problem for puts.
Make it possible to upload files to the /files resource, retrive the metainfo or the content
Implement to reroute the login to LDAP and when credentials match there login the user without local password check.
signup with user_id:-1 returns error 422 even if it is a public event and i provide an valid email-address
don't return password-fields in any case for anyone
A documentation of all resources with their methods, their fields and the possible value ranges should be available.
Log all exceptions with relevant information to fix bugs. The log should be informative enough to reproduce the situation where it occured.
Describe in the Developer Guide what files we have and where to start to understand the code.
Need to implement a correct mapping between different resources
The 'with' block in utils.parse_data() closes any files sent before they reach the point at which they are written to the disk.
This causes an I/O error.
Should include somehow:
Advanced:
There is no parsing of arguments for logins yet
Regarding or master students and general API viability, I would like to implement support for english and german.
This is a minor change in the model - does anything speak against it?
Only callbacks for POST and PATCH are registered to call the check_ functions in event_hooks.py
Currently everybody can join any forward. There should be restricted forwards, which only owners or admins can add people to.
prices are stored as string because sqlalchemy does not support decimal-objects
Therefore they need to be validated by a schema
The app will run on MySQL in production, so add support for it. Since we are already using SQLAlchemy for the data layer, adding MySQL support is as simple as switching the SQLALCHEMY_DATABASE_URI setting to a MySQL URI. The real issue is to support multiple instances running seperated from each other on the same database, e.g. when running the test suite on the developer machine (or even multiple test suites in parallel).
In short: Make sure the tests create their own (preferably random) database "on-the-fly".
The unit test should check whether the manage.py script correctly initializes config files and the database.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.