Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(accessLogsExport): create new endpoints TASK-1147  #5304

Merged
merged 34 commits into from
Dec 4, 2024

Conversation

RuthShryock
Copy link
Member

@RuthShryock RuthShryock commented Nov 26, 2024

👷 Description for instance maintainers

Create two new endpoints for access log exports which will return the status of the export job. One endpoint is restricted for superusers and allows them to access all logs while the other endpoint is for regular users to access their own logs.

👀 Preview steps

Test /api/v2/access-logs/export

  1. Login to kpi as a super user.
  2. Make a GET request to /api/v2/access-logs/export
  3. If this is your first time accessing the endpoint, then verify you receive a 200 Ok with an empty list:
[]
  1. If not, verify you receive a 200 Ok with a list of created export tasks:
[
    {
        "uid": "alezKqwR8diLDQEepA83Rz4V",
        "status": "complete",
        "date_created": "2024-12-03T17:29:21.602245Z"
    },
    {
        "uid": "aleyTYvQjKT4QAcFztyYNHVC",
        "status": "created",
        "date_created": "2024-12-03T00:01:32.580491Z"
    },
    {
        "uid": "alebV6fWMgUARPmCBJDKQGKQ",
        "status": "complete",
        "date_created": "2024-12-02T23:59:47.426752Z"
    }
]
  1. Make a POST request to /api/v2/access-logs/export and verify you receive a 202 Accepted with this response:
[
    "status: created"
]
  1. Logout and try to access the endpoint. Verify you get receive a 401 Unauthorized
    with this response:
{
    "detail": "Authentication credentials were not provided."
}
  1. Login as a regular user and access the endpoint. Verify you receive a 403 Forbidden with this response:
{
    "detail": "You do not have permission to perform this action."
}

Test /api/v2/access-logs/me/export

Follow the same testing instructions above but skip number 7 as both superusers and regular users have the same access to the endpoint.

🟢 Also verify that making a POST request on both endpoints should now generate an email with the follow format:

kpi_worker-1      | MIME-Version: 1.0
kpi_worker-1      | Content-Transfer-Encoding: 7bit
kpi_worker-1      | Subject: Access Log Report Complete
kpi_worker-1      | From: webmaster@localhost
kpi_worker-1      | To: [email protected]
kpi_worker-1      | Date: Wed, 27 Nov 2024 19:38:29 -0000
kpi_worker-1      | Message-ID: <173273630990.23.10232391233968451994@948bfe8772ce>
kpi_worker-1      | 
kpi_worker-1      | Hello test,
kpi_worker-1      | 
kpi_worker-1      | Your report is complete: http://kf.kobo.local:8080/private-media/test/exports/access_logs_export-test-2024-11-27T193829Z.csv
kpi_worker-1      | 
kpi_worker-1      | Regards,
kpi_worker-1      | KoboToolbox

@RuthShryock RuthShryock self-assigned this Nov 26, 2024
@RuthShryock RuthShryock requested a review from rgraber as a code owner November 26, 2024 21:29
@RuthShryock RuthShryock changed the title feat(accessLogsExport): create new endpoints for access log exports TASK-1147  feat(accessLogsExport): create new endpoints TASK-1147  Nov 26, 2024
@RuthShryock RuthShryock removed the request for review from magicznyleszek November 27, 2024 19:42
Base automatically changed from access-log-export-task-class to main December 2, 2024 19:06
Copy link
Contributor

@rgraber rgraber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can make this more declarative/django-y if we use 2 different endpoints (like we do for viewing access logs).
We can use filter_backends and permission_classes like we do in the AllAccessLogViewSet and AccessLogViewSet to handle filtering down to the correct user and only allowing super users. That should allow us to get rid of a lot of the if-elses and having to check the request path, which is a little brittle (sometimes we might want to change the url of something without changing its functionality).

Also the endpoints need documentation :)

return Response(
{'uid': task.uid, 'status': task.status}, status=status.HTTP_200_OK
)
else:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No 404 here. An empty list is not an error response

Copy link
Contributor

@rgraber rgraber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couple small things

)

def list_tasks(self, request):
tasks = AccessLogExportTask.objects.filter(user=request.user).order_by(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this mean we'll only get a superuser's tasks even if they hit the all endpoint? Not a huge deal if that ends up being the functionality since it's optional anyway but we should make sure we document the correct behavior

response = self.client.post(self.url)
assert response.status_code == status.HTTP_401_UNAUTHORIZED

def test_export_for_user_commences(self):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

non-blocking nit, since this doesn't technically test that the task started, only that the request suceeded

Suggested change
def test_export_for_user_commences(self):
def test_export_for_user_returns_success(self):

response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)

def test_export_for_superuser_commences(self):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

.first()
)
self.assertIsNotNone(task)
self.assertEqual(task.status, 'complete')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a tiny bit risky since we don't know exactly when the task will finish. Maybe test status in ['created', 'processing', 'complete']?


def test_get_status_of_tasks(self):
self.force_login_user(User.objects.get(username='anotheruser'))
response = self.client.post(self.url)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to make this test more unit-y, I think we should manually create a task with AccessLogExportTask.objects.create(...). That way, we're only testing the list functionality and not the create functionality as well, since that's already tested.

response = self.client.post(self.url)
self.assertEqual(response.status_code, status.HTTP_202_ACCEPTED)

def test__superuser_create_export_task_on_post(self):
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
def test__superuser_create_export_task_on_post(self):
def test_superuser_create_export_task_on_post(self):

.first()
)
self.assertIsNotNone(task)
self.assertEqual(task.status, 'complete')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as previous test, the test should pass if the status is 'processing' or 'created'

Copy link
Contributor

@rgraber rgraber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

error message suggestions and one thing on a test

kobo/apps/audit_log/views.py Outdated Show resolved Hide resolved
kobo/apps/audit_log/views.py Outdated Show resolved Hide resolved
kobo/apps/audit_log/views.py Outdated Show resolved Hide resolved
Copy link
Contributor

@rgraber rgraber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

)
self.assertIsNotNone(task)
self.assertIn(task.status, ['created', 'processing', 'complete'])
self.assertEqual(task.get_all_logs, False)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit (nonblocking)

Suggested change
self.assertEqual(task.get_all_logs, False)
self.assertFalse(task.get_all_logs)

@RuthShryock RuthShryock merged commit 2ae607e into main Dec 4, 2024
4 checks passed
@RuthShryock RuthShryock deleted the endpoints-for-access-logs-export branch December 4, 2024 18:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants