Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make profile REST API provide same information then XML API #4575

Merged
merged 2 commits into from
Sep 28, 2023
Merged

Make profile REST API provide same information then XML API #4575

merged 2 commits into from
Sep 28, 2023

Conversation

fmarco76
Copy link
Member

Current profile REST API misses the information: visible, enable and enableBy. These are needed by IPA to improve the UI.

Additionally, a filter for visible and enable has been added.

Resolve RHCS-4375

@fmarco76
Make profile REST API provide same information then XML API
7a933c0 
Current profile REST API misses the information: visible, enable and
enableBy. These are needed by IPA to improve the UI.

Additionally, a filter for visible and enable has been added.

Resolve RHCS-4375
@fmarco76
Copy link
Member Author

fmarco76 commented Sep 26, 2023
edited
Loading

@ladycfu I have not changed the logic of which profiles admin and user can access but I am wondering if non admin users should access not enabled profiles. Is this correct or we have to limit them?

edewata
edewata approved these changes Sep 26, 2023
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have some comments/questions, but I have no objection if you want to keep it as is.

base/ca/src/main/java/org/dogtagpki/server/ca/rest/ProfileService.java Outdated
Comment on lines 394 to 398
if (!visibleOnly) {
ret.setProfileVisible(Boolean.valueOf(profile.isVisible()));
ret.setProfileEnable(Boolean.valueOf(profile.isEnable()));
ret.setProfileEnableBy(profile.getApprovedBy());
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IIUC this code will hide the profileVisible, profileEnable, and profileEnableBy attributes from all users except CA admins/agents. Is there a requirement for that behavior? I don't think these attributes are sensitive, so if we can include them in the results it will be easier for the callers/clients to process the results (i.e. no need to handle cases where those attributes are missing).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ideally I think createProfileDataInfo() should only construct a ProfileDataInfo object from a given Profile, so it should not contain any code to filter out entries/attributes, but this is an existing issue, no need to fix it in this PR.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One more thing, I think the Boolean.valueOf() might be redundant because of auto-boxing, but it's fine to keep it.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Initially, I was thinking to add the new information only to the admin but I have modified according to all your comments.

base/ca/src/main/java/org/dogtagpki/server/ca/rest/ProfileService.java Outdated Show resolved Hide resolved
base/common/src/main/java/com/netscape/certsrv/profile/ProfileResource.java Outdated
Comment on lines 20 to 25
@ACLMapping("profiles.list")
public Response listProfiles(
@QueryParam("start") Integer start,
@QueryParam("size") Integer size);
@QueryParam("size") Integer size,
@QueryParam("visible") Boolean visible,
@QueryParam("enable") Boolean enable);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be nice if we can add options into ProfileFindCLI so we can test these params from CLI, but it's not required.

Copy link
Member Author

@fmarco76 fmarco76 Sep 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added. I have added 3 option but they work slightly differently.
The new options for the command ca-profile-find are:

  • --visible shows only visible profiles (this is the default behaviour for non admin users);
  • --enable shows only the enabled profiles;
  • --enableBy <username> shows the profiles enabled by the provided user.

edewata
edewata reviewed Sep 27, 2023
View reviewed changes
Copy link
Contributor

@edewata edewata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update! Please see my comment below.

base/tools/src/main/java/com/netscape/cmstools/profile/ProfileFindCLI.java Outdated
Comment on lines 70 to 71
Boolean visible = cmd.hasOption("visible") ? Boolean.TRUE : null;
Boolean enable = cmd.hasOption("enable") ? Boolean.TRUE : null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This code doesn't allow us to find hidden / disabled profiles. How about something like this?

Boolean visible = cmd.hasOption("visible") ? Boolean.valueOf(cmd.getOptionValue("visible")) : null;
Boolean enable = cmd.hasOption("enable") ? Boolean.valueOf(cmd.getOptionValue("enable")) : null;

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In this way the option will require the explicit value true or false and for a boolean I do not like. However, this is a particular case because it allows to manage all 3 possible conditions: all, only true and only false. Therefore I have update accordingly.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the update! The alternative is to provide options like: --visible-only, --hidden-only, --enabled-only, --disabled-only. I'll let you decide. Regardless, there's no objection from me.

If these changes are sufficient for IPA feel free to merge. Thanks!

@fmarco76
Add profile filter to the CLI
bb13d41 
The command ca-profile-find has 3 additional filters:
- "--visible" shows only visible profiles (this is the default
  behaviour for non admin users);
- "--enable" shows only the enabled profiles;
- "--enableBy <username>" shows the profiles enabled by the provided
  user.
@sonarcloud
Copy link

sonarcloud bot commented Sep 27, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 3 Code Smells

0.0% 0.0% Coverage
11.2% 11.2% Duplication

@fmarco76
Copy link
Member Author

@edewata Thanks!

@fmarco76 fmarco76 merged commit 060bf0e into dogtagpki:master Sep 28, 2023
144 of 151 checks passed
@fmarco76 fmarco76 deleted the RestProfileFilters branch September 28, 2023 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edewata edewata edewata approved these changes

@rcritten rcritten Awaiting requested review from rcritten

@ladycfu ladycfu Awaiting requested review from ladycfu

@ckelleyRH ckelleyRH Awaiting requested review from ckelleyRH

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@fmarco76 @edewata