Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add patch endpoint for attachment metadata #27 #95

Merged
merged 7 commits into from
Feb 5, 2025
Merged

Add patch endpoint for attachment metadata #27 #95

merged 7 commits into from
Feb 5, 2025
+424 −8

Conversation

rowan04
Copy link
Member

@rowan04 rowan04 commented Jan 16, 2025
edited
Loading

Description

Implements a PATCH endpoint /attachment/<attachment_id> that:

  • Allows editing of
    • title
    • description
  • Returns the updated attachment metadata
    • Without object_key and without a download url

Also prevents a file extension and content type mismatch when editing an attachment.

Testing instructions

Add a set up instructions describing how the reviewer should test the code

  • Review code
  • Check Actions build
  • Review changes to test coverage
  • {more steps here}

Agile board tracking

Resolves #27
Resolves #96

Sorry, something went wrong.

@codecov-commenter
Copy link

codecov-commenter commented Jan 16, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.59%. Comparing base (ba67c36) to head (e222a9d).

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop      #95      +/-   ##
===========================================
+ Coverage    99.57%   99.59%   +0.02%     
===========================================
  Files           19       19              
  Lines          468      492      +24     
===========================================
+ Hits           466      490      +24     
  Misses           2        2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rowan04 rowan04 marked this pull request as ready for review January 23, 2025 12:55
@asuresh-code asuresh-code self-requested a review January 23, 2025 14:52
asuresh-code
asuresh-code requested changes Jan 23, 2025
View reviewed changes
Copy link
Contributor

@asuresh-code asuresh-code left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All looks good, I actually do have 1 minor suggestion, which I realised after approving

@asuresh-code
Copy link
Contributor

This PR addressed an issue where the file extension could be edited to not match the content type of an image, making it unopenable. I think the same problem exists for attachments, and could be addressed with the same implementation. The update portion of it could be covered in this PR, or be made a separate issue?

@rowan04
Copy link
Member Author

rowan04 commented Jan 23, 2025

This PR addressed an issue where the file extension could be edited to not match the content type of an image, making it unopenable. I think the same problem exists for attachments, and could be addressed with the same implementation. The update portion of it could be covered in this PR, or be made a separate issue?

yeah the same problem does exist for attachments, I'll look into it.

@rowan04
Copy link
Member Author

rowan04 commented Jan 27, 2025

My last commit checks for file extension and content type mismatch when an attachment is being edited, but not when its being created. I don't think I can follow the same implementation as images (as seen at https://github.com/ral-facilities/object-storage-api/pull/82/files#diff-89e412be5e05de57abb22dd8b7385de050592624f92bef53c8447c019f2fa3faR59), as attachments doesn't have an upload_file.content_type (please correct me if I'm wrong!). I think it would be possible to check the actual file and take the file type from that using magic (https://pypi.org/project/python-magic/), but that requires installing separately. So I'd appreciate advice, should this even be tackled in a separate PR? @asuresh-code @joelvdavies

@joelvdavies
Copy link
Collaborator

joelvdavies commented Jan 28, 2025
edited
Loading

My last commit checks for file extension and content type mismatch when an attachment is being edited, but not when its being created. I don't think I can follow the same implementation as images (as seen at https://github.com/ral-facilities/object-storage-api/pull/82/files#diff-89e412be5e05de57abb22dd8b7385de050592624f92bef53c8447c019f2fa3faR59), as attachments doesn't have an upload_file.content_type (please correct me if I'm wrong!). I think it would be possible to check the actual file and take the file type from that using magic (https://pypi.org/project/python-magic/), but that requires installing separately. So I'd appreciate advice, should this even be tackled in a separate PR? @asuresh-code @joelvdavies

Yeah I would personally do it as a separate PR linking #96. Yes the content type is irrelevant in this case as it is always treated as binary data. My personal thought would be that the same logic preventing changing of the file extension on edit should still be fine - you can compare the old and new extension. But for upload there is nothing to prevent as we don't know the content type so its purely up to the front end instead.

Good spot with the library, that would also allow invalid images to be detected even if the content type/extension was manually manipulated. The only issue with it is it doesn't look like its had an update for 3 years so I would prefer to avoid using it if possible.

@rowan04
Copy link
Member Author

rowan04 commented Jan 28, 2025

Yeah I would personally do it as a separate PR linking #96. Yes the content type is irrelevant in this case as it is always treated as binary data. My personal thought would be that the same logic preventing changing of the file extension on edit should still be fine - you can compare the old and new extension. But for upload there is nothing to prevent as we don't know the content type so its purely up to the front end instead.

Good spot with the library, that would also allow invalid images to be detected even if the content type/extension was manually manipulated. The only issue with it is it doesn't look like its had an update for 3 years so I would prefer to avoid using it if possible.

ok thanks. So can this PR stay as it is, and the check when uploading attachments can be done in a different issue/pr? Or would you like the check when patching an attachment in a separate pr as well?

@joelvdavies
Copy link
Collaborator

Yeah I would personally do it as a separate PR linking #96. Yes the content type is irrelevant in this case as it is always treated as binary data. My personal thought would be that the same logic preventing changing of the file extension on edit should still be fine - you can compare the old and new extension. But for upload there is nothing to prevent as we don't know the content type so its purely up to the front end instead.
Good spot with the library, that would also allow invalid images to be detected even if the content type/extension was manually manipulated. The only issue with it is it doesn't look like its had an update for 3 years so I would prefer to avoid using it if possible.

ok thanks. So can this PR stay as it is, and the check when uploading attachments can be done in a different issue/pr? Or would you like the check when patching an attachment in a separate pr as well?

Ignore the upload attachments on the backend (the front end issue should prevent it instead), only add the check for editing attachments, I think you have already done it in this PR? In which case that is fine, it can be left as part of this PR and just link the issue in the description by adding another resolves/closes on it.

@rowan04 rowan04 requested a review from asuresh-code January 28, 2025 10:20
@joelvdavies joelvdavies requested a review from VKTB January 29, 2025 14:55
asuresh-code
asuresh-code approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@asuresh-code asuresh-code left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works well, and testing and implementation looks good.

joelvdavies
joelvdavies approved these changes Jan 31, 2025
View reviewed changes
Copy link
Collaborator

@joelvdavies joelvdavies left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, worked well for me.

@rowan04 rowan04 merged commit 4803069 into develop Feb 5, 2025
3 checks passed
@rowan04 rowan04 deleted the add-patch-endpoint-for-attachment-metadata-#27 branch February 5, 2025 09:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@VKTB VKTB

@asuresh-code asuresh-code

@joelvdavies joelvdavies

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@rowan04 @codecov-commenter @asuresh-code @joelvdavies @VKTB