Migrate /exports to nested assets endpoint
#3011
Conversation
…values to viewsets
joshuaberetta
added
API
joshuaberetta
changed the title
/api/v2/exports endpoint
joshuaberetta
changed the title
/api/v2/exports endpoint/exports to nested assets endpoint
| perms_map['POST'] = perms_map['GET'] | ||
| perms_map['DELETE'] = perms_map['GET'] |
There was a problem hiding this comment.
🤔
I an wondering why only view_submissions is needed to delete objects.
Do we want users to be able to delete exports created by others.
Let's say Olivier is owner of Project A, gives view_submissions permission to Joshua.
Olivier creates some exports. Should Joshua be allowed to delete them? Not sure. Maybe we need more granularity at this point (e.g.: view_exports, add_exports, change_exports, delete_exports).
Until then, what about requiring change_asset and view_submissions to create / delete exports?
@tinok , @jnm . What do you think? I was wrong, please read below
There was a problem hiding this comment.
That's a good point 👍 I'd be in favour of my granular permissions, however I guess the more granular permissions we end up adding the greater chance we have of getting it wrong (I can speak for myself here at least).
@noliveleger, I assume you mean: DELETE requires change_asset and POST requires view_submissions?
There was a problem hiding this comment.
@joshuaberetta, I said something wrong.
I looked at the v1 code and exports are filtered by user. The user can see only their exports. So it's perfectly fine to still use view_submissions for POST, DELETE.
Having that said, I do not see this condition in the queryset of the v2 viewset.
Does it mean, every user can see every other user's exports in v2? We should keep the same behaviour.
There was a problem hiding this comment.
Ah yes... thanks for picking that up. In my mind it made sense that the export objects themselves were also shared, but I've changed it to have the same behaviour as v1 👍
List of export tasks endpoints
Lists the export tasks accessible to requesting user, for anonymous access
nothing is returned.
GET /api/v2/assets/{asset_uid}/exports/Examples
List can be filtered with the query parser
Query searches within
uidby default if no field is provided inq.Examples:
Exports matching
uidsCRUD
Creates an export task
POST /api/v2/assets/{asset_uid}/exports/Example
curl -X POST https://[kpi]/api/v2/assets/aSAvYreNzVEkrWg5Gdcvg/exports/Payload
{ "fields_from_all_versions": "true", "group_sep": "/", "hierarchy_in_labels": "true", "lang": "English (en)", "multiple_select": "both", "type": "geojson", "fields": ["field_1", "field_2"], "flatten": "true" }where:
multiple_select-type responses. Valid inputs include:Retrieves current export task
GET /api/v2/assets/{asset_uid}/exports/{uid}/Example
Deletes current export task
DELETE /api/v2/assets/{asset_uid}/exports/{uid}/Example
Description
Support the new SearchFilter and object ordering in the exports API by migrating and updating the old
/exportsendpoint to/api/v2/assets/{asset_uid}/exports.Related issues
closes #3010