Issue/101 REST API: Chapter Management #152
Conversation
|
Yeah - I think probably for short circuiting errors a |
There was a problem hiding this comment.
Some notes to be addressed (all inline explained):
- Choice of id for chapters (if not changed to the proposed
startthen the id needs to be reported in the GraphQL api as well to be able to be modified) - Missing audio_id field on get/result
- Missing
:show- if that was intentionally, it needs to be removed more thoroughly in the docs as well, if kept I think reporting audio_id in show.json is important too - Leakage of image files
| conn | ||
| |> assign(:audio, audio) | ||
|
|
||
| error = {:error, _} -> |
There was a problem hiding this comment.
As mentioned before, this is probably better done using a raise and catch the exception the way the original not found is done
|
Ready for a second review. A few notes:
|
| @@ -3,7 +3,12 @@ defmodule RadiatorWeb.Api.ChaptersController do | |||
|
|
|||
| alias Radiator.Directory.Editor | |||
|
|
|||
| plug :assign_audio when action in [:create, :update] | |||
| plug :assign_audio when action in [:show, :create, :update, :delete] | |||
| plug :assign_chapter when action in [:show, :update, :delete] | |||
There was a problem hiding this comment.
ah - i see what you did there. Interesting pattern.
| else | ||
| error = {:error, _} -> | ||
| conn | ||
| |> RadiatorWeb.Api.FallbackController.call(error) |
There was a problem hiding this comment.
Hmm, shouldn't we somehow just refer to the assigned fallbackcontroller? e.g. something like
apply(@phoenix_fallback, :call, [error])? - in the middle of some other change now, can't verify if that is the way this should work. but the falback seems to be in the phoenix_fallback attribute
|
Thanks for pointing out What I came up with: defp apply_action_fallback(conn, response) do
case @phoenix_fallback do
{:module, module} -> apply(module, :call, [conn, response]) |> halt()
end
endThen I can defp assign_chapter(conn, _) do
with {:ok, chapter} <-
conn
|> current_user()
|> Editor.get_chapter(conn.assigns[:audio], conn.params["start"]) do
conn
|> assign(:chapter, chapter)
else
response -> apply_action_fallback(conn, response)
end
endIt's at least removes the direct reference to the plug module name, which is nice. What bothers me is that I cannot add the |
This logic existed before in a similar way but was removed[1]. I'm not sure why. Also, we had a discussion[2] before on checking permissions on objects that don't have permissions and decided to avoid that and instead pass in the proper parent object into permission checks. However in that discussion the topic was chapters and it was trivial to just pass in the parent instead. Checking the permission on the Audio however is more envolved and I want this logic in _one_ place only. [1]: 9b878fc7#diff-8fce5c34154f97d93f212e64bd95fee7L61 [2]: #152 (comment)
Calling a plug directly in https://github.com/podlove/radiator/compare/issue/101-api-chapter-management?expand=1#diff-d0559d752a76cec019da187d4034d879R43 feels strange but the general idea of short-circuiting here should be ok.
I added
so the permission check on chapter always fails and falls back to the parent (Audio). Is that the intended place? Should there be a general
def get_permission(_user = %Auth.User{}, _subject), do: nilcatchall?closes #101