-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Search sensors in API by asset #1219
Conversation
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks.
Two things I want to see besides what the comments say:
- Please add a test for the new parameter
- The filtering now checks
Sensor.name
andAccount.name
. See line 207f
We should also addGenericAsset.name.ilike(f"%{term}%")
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if all_accessible:
consultancy_account_ids: list = [
acc.consultancy_account_id for acc in accounts
]
account_ids.extend(consultancy_account_ids)
- This seems now to be the only use of
accounts
(we useaccount_ids
in the query).
I guess we don't need that variable, really. - What do we want to do here? We want to add accounts which the current user can see, in addition to his own account (or the one they sent in as parameter).
- if their own account is not in the list, add it here
- more importantly, the code right now adds the current users' consultancy account, for which they have no rights. This should add the accounts which have the current users' account as consultancy account - and that might require a query, like above for the child assets.
Signed-off-by: joshuaunity <[email protected]>
Oh I see, I think it makes sense to remove the |
Yes, but the part after that is even more important to fix. |
Ok. For the second part you mean something like this right
|
Regarding the first part, on a closer look, it seems unlikely that the current user’s account would be missing from the list, given that we’re initializing account_ids with |
Only by default, they can send us another, I believe. |
Seems about right. We should also check if the current user has the role |
Oh yeah that's true, for a second I forgot that the user can specify a different account |
ok, I'll work on that. This will mean that the |
Signed-off-by: joshuaunity <[email protected]>
Have you seen this @nhoening |
Good observation. I guess we have admins who can in principle search everywhere, but I'm not sure that has a valid use case here. |
I agree, it makes sense to rename it for now to clarify its purpose. We could also update line 184 from:
to simply
This would make the parameter’s function clearer and more straightforward. What do you think? |
Yes that would actually be necessary |
ok then, let me work on that |
Signed-off-by: joshuaunity <[email protected]>
You can check it now, I have implemented the new changes. |
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks pretty good, I just found one design issue left :(
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The docstring needs some updating to reflect we filter either by account or by asset.
I believe line 110 (and the corresponding code) could go.
And in the docs (and maybe in the code) we should say that include_consultancy_clients
only applies if the user searches by account. (also if they gave neither, of course, then it is their own account).
On the other hand, include_public_assets
works on both cases I think.
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Almost there for sure now:)
Can you add a test where we ask for account and not for an asset?
For future reference, check your test coverage here
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
Signed-off-by: joshuaunity <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks!
Hi, @nhoening can this be merged today so I can do some testing on the edit form PR |
Sure I was waiting for tests to finish |
Description
Search sensors by asset ID
Look & Feel
How to test
Apply the
asset_id
query param to the sensors APIhttp://localhost:5000/api/v3_0/sensors?page=1&per_page=10&asset_id=2
Simply put in the ID of any valid asset
Further Improvements
None
Related Items
This PR closes: #1209