Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#416] Myapps endpoint toggle password. #434

Merged
merged 20 commits into from
Jul 31, 2020
Merged

[#416] Myapps endpoint toggle password. #434

merged 20 commits into from
Jul 31, 2020

Conversation

minnur
Copy link
Contributor

@minnur minnur commented Jul 6, 2020

Related to #415

I implemented new endpoint that returns JSON response with credentials for a given app. Credentials are getting pulled by app name and current user.

@googlebot googlebot added the cla: yes Indicates CLA has been signed label Jul 6, 2020
@minnur minnur requested a review from arlina-espinoza July 6, 2020 11:03
This was referenced Jul 6, 2020
Merged
Closed
mxr576
mxr576 suggested changes Jul 6, 2020
View reviewed changes
src/Routing/EdgeDynamicRouting.php Outdated Show resolved Hide resolved
mxr576
mxr576 suggested changes Jul 6, 2020
View reviewed changes
src/Entity/ListBuilder/DeveloperAppListBuilderForDeveloper.php Outdated Show resolved Hide resolved
src/Routing/EdgeDynamicRouting.php Outdated Show resolved Hide resolved
src/Routing/EdgeDynamicRouting.php Outdated Show resolved Hide resolved
@minnur minnur changed the title 416 myapps endpoint toggle password [#416] Myapps endpoint toggle password. Jul 8, 2020
@minnur
Copy link
Contributor Author

minnur commented Jul 8, 2020

@arlina-espinoza @arshad do we have some code that would check user permission in teams ? I would like to add some routine that would make sure users cannot pull credentials for different developers or teams.

arlina-espinoza
arlina-espinoza suggested changes Jul 11, 2020
View reviewed changes
Copy link
Contributor

@arlina-espinoza arlina-espinoza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arlina-espinoza @arshad do we have some code that would check user permission in teams ? I would like to add some routine that would make sure users cannot pull credentials for different developers or teams.

@minnur If you switch the paths to something like /user/{user}/apps/{app}/api-keys and /teams/{team}/apps/{app}/api-keys, you could take advantage of the route requirement _app_access_check_by_app_name: view to enforce a view access permission. See DeveloperAppRouteProvider::getCanonicalRouteByDeveloper()

src/Controller/DeveloperAppKeysController.php Outdated
<?php

/**
* Copyright 2018 Google Inc.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
* Copyright 2018 Google Inc.
* Copyright 2020 Google Inc.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks Arlina, I am working on this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved in b4cd0f2

@minnur minnur requested a review from arlina-espinoza July 14, 2020 13:54
@arlina-espinoza arlina-espinoza linked an issue Jul 22, 2020 that may be closed by this pull request
My Apps area should not retreive the key/secret at the same time #416
Closed
@googlebot
Copy link

All (the pull request submitter and all commit authors) CLAs are signed, but one or more commits were authored or co-authored by someone other than the pull request submitter.

We need to confirm that all authors are ok with their commits being contributed to this project. Please have them confirm that by leaving a comment that contains only @googlebot I consent. in this pull request.

Note to project maintainer: There may be cases where the author cannot leave a comment, or the comment is not properly detected as consent. In those cases, you can manually confirm consent of the commit author(s), and set the cla label to yes (if enabled on your project).

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added cla: no Indicates CLA has not been signed and removed cla: yes Indicates CLA has been signed labels Jul 31, 2020
@arlina-espinoza
Copy link
Contributor

@googlebot I consent.

@googlebot
Copy link

CLAs look good, thanks!

ℹ️ Googlers: Go here for more info.

@googlebot googlebot added cla: yes Indicates CLA has been signed and removed cla: no Indicates CLA has not been signed labels Jul 31, 2020
arlina-espinoza
arlina-espinoza approved these changes Jul 31, 2020
View reviewed changes
Copy link
Contributor

@arlina-espinoza arlina-espinoza left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @minnur , I tested locally and fixed the tests. LGTM 👍

@arlina-espinoza arlina-espinoza merged commit a3f344c into apigee:8.x-1.x Jul 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mxr576 mxr576 mxr576 requested changes

@arlina-espinoza arlina-espinoza arlina-espinoza approved these changes

Assignees
No one assigned
Labels
cla: yes Indicates CLA has been signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

My Apps area should not retreive the key/secret at the same time
4 participants
@minnur @googlebot @arlina-espinoza @mxr576