-
Notifications
You must be signed in to change notification settings - Fork 689
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Journalist Interface and API return different subsets of Source
s
#6667
Comments
This is the kind of bug that motivates me to argue that the Journalist Interface should be a consumer of the Journalist API, whereas they're currently independent implementations of overlapping functionality. |
Thanks @cfm, and agree that consuming the API in the JI would be a best practice (with my standard caveat about investing in an implementation that I hope we'll be able to deprecate with the SecureDrop Workstation). In your estimation, could this issue plausibly arise outside the development environment / |
That's a fair question to raise, @eloquence, and in practice I think you're right (to imply :-) that this is a rare edge-case. In theory, however, I don't see how it's meaningfully more rare via securedrop/securedrop/loaddata.py Lines 172 to 174 in 87d84cf
...than via the Source Interface's securedrop/securedrop/source_app/main.py Lines 307 to 309 in 542b59d
My concern here, however, is not really that this state is a possibility, since it's really just an edge case of the normal |
Thanks - I was mostly trying to understand the risk of production-level data integrity issues or user-facing impact.
If this summary is an accurate description of the flush/commit behavior, then it seems like But yes, completely agree they should also behave the same way in terms of the query. |
On Thu, Nov 03, 2022 at 03:25:45PM -0700, Erik Moeller wrote:
If [this summary](https://stackoverflow.com/a/4202016) is an accurate
description of the flush/commit behavior, then it seems like
`loaddata` may sometimes not persist the `last_updated` information if
it doesn't reach a `commit` call. It's not clear to me why this
particular method doesn't commit and only flushes.
Yes, I meant to look into that question next. Curiously, this is our
*only* use of session.flush() *anywhere*[1], which makes me question it in
the absence of any accompanying justification. I'll start a checklist
at the top of this ticket: two tasks, and maybe a *two*-line fix. :-)
[1]: https://github.com/freedomofpress/securedrop/search?q=session.flush&type=
|
I'll work on this |
Sorry to post so many questions on such a simple task, but here goes. What is the preferred way of reconciling the Journalist Interface and the Journalist API? That is, should they both filter by |
I think the preferred behavior would be for the API to also filter with The interface in the screenshot is the SecureDrop Client, which you see at https://github.com/freedomofpress/securedrop-client - let us now if you have any difficulty setting it up, and thanks for working on this :) |
…idate-sources-search
Description
The Journalist Interface and API return different subsets of
Source
s. Under certain circumstances, the same journalist user will see more sources listed in a SecureDrop Client session than they will see in a simultaneous Journalist Interface session.Recommended approach
index()
and the Journalist API'sget_all_sources()
loaddata.py::record_source_interaction()
can usesession.commit()
as usualSteps to Reproduce
On the Server: Not an exact reproduction; this is my long-running test instance.
Previously:
Then I used the Journalist Interface to Select All sources and Delete Selected.
Expected Behavior
On the Client: No sources are listed.
Actual Behavior
On the Client:
Comments
On the Server:
And sure enough, compare:
The Journalist Interface filters on
last_updated != None
:securedrop/securedrop/journalist_app/main.py
Lines 101 to 106 in 6170370
The Journalist API does not:
securedrop/securedrop/journalist_app/api.py
Lines 124 to 126 in 6170370
The text was updated successfully, but these errors were encountered: