Add API to get tool launch url for SPA#11760
Conversation
Co-authored-by: Philip Durbin <philip_durbin@harvard.edu>
…balDataverseCommunityConsortium/dataverse.git into SPA-_api_to_getToolLaunchUrl
delete /api/admin/test but add some TODOs IQSS#11760
…balDataverseCommunityConsortium/dataverse.git into SPA-_api_to_getToolLaunchUrl
| } | ||
|
|
||
| } | ||
|
|
There was a problem hiding this comment.
As I mentioned in standup, tests haven't passed since Sep 3.
I just clicked "build now" to kick off https://jenkins.dataverse.org/job/IQSS-Dataverse-Develop-PR/job/PR-11760/20/
However, we're concerned there's some problem downloading Solr. @ofahimIQSS said he'll be creating an issue. Update, here it is (thanks!):
pdurbin
left a comment
There was a problem hiding this comment.
I didn't re-test at all but I see "meetsRequirements" in there now, which is great.
I'm going to go ahead and approve this so that manual QA can begin but @ofahimIQSS before merging, please make sure that API tests are passing. This might require that we first fix the problems in the issue you opened:
|
looks good, tests are passing and nothing found during regression. |
What this PR does / why we need it: Per discussion with @g-saracca , the back-end was missing an api call to generate the initial (possibly signed) URL for launching an external tool. This PR adds api calls for dataset and file level tools, mirroring what is done in the DatasetPage and FilePage (with more checks for valid dvobject, user, permissions, etc. since those haven't been checked in the page init.)
Which issue(s) this PR closes:
Special notes for your reviewer: The API calls use POST since, in the case of non-public datasets/files, the code generates URLs that include a callback token containing a signed Url which could be accessed via Cross Site Scripting if GET was used.
FWIW: The /admin/test API test started failing despite there being no changes to it. I eventually discovered that the problem was the api never handled api tokens correctly but this didn't matter until the new test added tools that required authentication. I updated the calls to use our standard authentication mechanism.
Suggestions on how to test this: Can call the APIs directly, but this is basically what's done in the IT tests.
Does this PR introduce a user interface change? If mockups are available, please link/include them here:
Is there a release notes update needed for this change?: included
Additional documentation: api docs included.
HTML preview: