Clean up API endpoints

[CannonLock]

The existing API's don't follow best practices for RESTFUL apis and we should move to that standard before things get bigger. I enumerated below the offenders.

Lets clean up:

• OPTIONS - /registry_ui/namespaces
• PATCH - /registry_ui/namespaces/1/approve
• PATCH - /registry_ui/namespaces/1/deny
• PATCH - /director_ui/servers/filter/f
• PATCH - /director_ui/servers/allow/f

[CannonLock]

@bbockelm Thoughts?

[bbockelm]

@CannonLock - can you expand a bit? What do you mean by "don't follow best practices" and what would you like to see instead?

[CannonLock]

@bbockelm Yes, let me be more verbose.

OPTIONS - /registry_ui/namespaces

The OPTIONS HTTP method requests permitted communication options for a given URL or server.

This request is a metadata request. OPTIONS are sent for things like a preflight check for CORS headers, or looking for the request types a endpoint will except.

This should be a GET request to /registry_ui/fields or something like it.

These break the no verb endpoint spec

I see this broken for login commonly but it hurts for things like this were it just adds extra endpoints that aren't need.

PATCH - /registry_ui/namespaces/<namespace>/approve
PATCH - /registry_ui/namespaces/<namespace>/deny
PATCH - /director_ui/servers/filter/<server-name>
PATCH - /director_ui/servers/allow/<server-name>

I would prefer:

PATCH - /registry_ui/namespaces/<namespace>
PATCH - /director_ui/servers/<server-name>

This way I have one endpoint to adjust every aspect of these entities. This makes it easier to code, and more extensible for the future as I can adjust the json PATCH for the change I want rather then creating a new endpoint for each action.

Note

I crossed out the HEAD request, the docs have it returning a body which is strictly forbidden but on testing it just returns the headers.