ducky/devices

Paddy 2016-01-02 Parent:a700ede02f91

20:ed1b5ba69551 Go to Latest

ducky/devices/apiv1/devices.go

Add updating devices to apiv1. We needed a way to be able to update devices after they were created. This is supported in the devices package, we just needed to expose it using apiv1 endpoints. In doing so, it became apparent that allowing users to change the Owner of their Devices wasn't properly thought through, and pending a reason to use it, I'm just removing it. The biggest issue came when trying to return usable error messages; we couldn't distinguish between "you don't own the device you're trying to update" and "you're not allowed to change the owner of the device". I also couldn't figure out _who should be able to_ change the owner of the device, which is generally an indication that I'm building a feature before I have a use case for it. To support this change, the apiv1.DeviceChange type needed its Owner property removed. I also needed to add deviceFromAPI and devicesFromAPI helpers to return devices.Device types from apiv1.Device types. There's now a new validateDeviceUpdate helper that checks to ensure that a device update request is valid and the user has the appropriate permissions. The createRequest type now accepts a slice of Devices, not a slice of DeviceChanges, because we want to pass the Owner in. A new updateRequest type is created, which accepts a DeviceChange to apply. A new handleUpdateDevice handler is created, which is assigned to the endpoint for PATCH requests against a device ID. It checks that the user is logged in, the Device they're trying to update exists, and that it's a valid update. If all of that is true, the device is updated and the updated device is returned. Finally, we had to add two new scopes to support new functionality: ScopeUpdateOtherUserDevices allows a user to update other user's devices, and ScopeUpdateLastSeen allows a user to update the LastSeen property of a device. Pending some better error messages, this should be a full implementation of updating a device, which leaves only the deletion endpoint to deal with.

Download raw file
View source Diff to previous Annotate
History
paddy@15 1 package apiv1
paddy@15 2
paddy@15 3 import (
paddy@16 4 "errors"
paddy@15 5 "time"
paddy@15 6
paddy@16 7 "code.secondbit.org/api.hg"
paddy@15 8 "code.secondbit.org/ducky/devices.hg"
paddy@15 9 "code.secondbit.org/uuid.hg"
paddy@15 10 )
paddy@15 11
paddy@16 12 var (
paddy@16 13 errUnauthorizedLastSeen = errors.New("not authorized to set last seen")
paddy@16 14 errUnauthorizedCreated = errors.New("not authorized to set created")
paddy@16 15 errUnauthorizedOwner = errors.New("not authorized to set owner")
paddy@16 16 errInvalidDeviceType = errors.New("device type invalid")
paddy@16 17 errDeviceNameTooShort = errors.New("device name too short")
paddy@16 18 errDeviceNameTooLong = errors.New("device name too long")
paddy@16 19 )
paddy@16 20
paddy@15 21 // Device represents a device as exposed through the API. It is its
paddy@15 22 // own type as the business logic and the API have different requirements
paddy@15 23 // for the Device type, and require different representations.
paddy@15 24 type Device struct {
paddy@15 25 ID uuid.ID `json:"id"`
paddy@15 26 Name string `json:"name,omitempty"`
paddy@15 27 Owner uuid.ID `json:"owner,omitempty"`
paddy@15 28 Type devices.DeviceType `json:"type,omitempty"`
paddy@15 29 Created time.Time `json:"created,omitempty"`
paddy@15 30 LastSeen time.Time `json:"lastSeen,omitempty"`
paddy@15 31 PushToken string `json:"pushToken,omitempty"`
paddy@15 32 }
paddy@15 33
paddy@15 34 // DeviceChange represents a set of changes to a device that will be used
paddy@15 35 // to update that device. It is its own type as the business logic and the
paddy@15 36 // API have different requirements for the DeviceChange type, and require
paddy@15 37 // different representations.
paddy@15 38 type DeviceChange struct {
paddy@15 39 DeviceID uuid.ID `json:"id"`
paddy@15 40 Name *string `json:"name,omitempty"`
paddy@15 41 Type *devices.DeviceType `json:"type,omitempty"`
paddy@15 42 LastSeen *time.Time `json:"lastSeen,omitempty"`
paddy@15 43 PushToken *string `json:"pushToken,omitempty"`
paddy@15 44 }
paddy@15 45
paddy@15 46 func apiDeviceFromCore(d devices.Device, includePushToken bool) Device {
paddy@15 47 device := Device{
paddy@15 48 ID: d.ID,
paddy@15 49 Name: d.Name,
paddy@15 50 Type: d.Type,
paddy@15 51 Created: d.Created,
paddy@15 52 LastSeen: d.LastSeen,
paddy@20 53 Owner: d.Owner,
paddy@15 54 }
paddy@15 55 if includePushToken {
paddy@15 56 device.PushToken = d.PushToken
paddy@15 57 }
paddy@15 58 return device
paddy@15 59 }
paddy@15 60
paddy@20 61 func deviceFromAPI(d Device) devices.Device {
paddy@20 62 return devices.Device{
paddy@20 63 ID: d.ID,
paddy@20 64 Name: d.Name,
paddy@20 65 Type: d.Type,
paddy@20 66 Created: d.Created,
paddy@20 67 LastSeen: d.LastSeen,
paddy@20 68 PushToken: d.PushToken,
paddy@20 69 Owner: d.Owner,
paddy@20 70 }
paddy@20 71 }
paddy@20 72
paddy@20 73 func devicesFromAPI(in []Device) []devices.Device {
paddy@20 74 out := make([]devices.Device, 0, len(in))
paddy@20 75 for _, d := range in {
paddy@20 76 out = append(out, deviceFromAPI(d))
paddy@20 77 }
paddy@20 78 return out
paddy@20 79 }
paddy@20 80
paddy@15 81 func changeFromAPI(d DeviceChange) devices.DeviceChange {
paddy@15 82 return devices.DeviceChange{
paddy@15 83 DeviceID: d.DeviceID,
paddy@15 84 Name: d.Name,
paddy@15 85 Type: d.Type,
paddy@15 86 LastSeen: d.LastSeen,
paddy@15 87 PushToken: d.PushToken,
paddy@15 88 }
paddy@15 89 }
paddy@15 90
paddy@15 91 func createDevicesFromChanges(changes []DeviceChange) []devices.Device {
paddy@15 92 newDevices := make([]devices.Device, 0, len(changes))
paddy@15 93 for _, change := range changes {
paddy@15 94 newDevices = append(newDevices, devices.ApplyChange(devices.Device{}, changeFromAPI(change)))
paddy@15 95 }
paddy@15 96 return newDevices
paddy@15 97 }
paddy@15 98
paddy@16 99 func validateDeviceCreation(d devices.Device, scopes []string, user uuid.ID) error {
paddy@16 100 canImport := api.CheckScopes(scopes, ScopeImport.ID)
paddy@16 101 canCreateOtherUserDevices := api.CheckScopes(scopes, ScopeCreateOtherUserDevices.ID)
paddy@16 102 if !d.LastSeen.IsZero() && !canImport {
paddy@16 103 return errUnauthorizedLastSeen
paddy@16 104 }
paddy@16 105 if !d.Created.IsZero() && !canImport {
paddy@16 106 return errUnauthorizedCreated
paddy@16 107 }
paddy@16 108 if !d.Owner.Equal(user) && !canCreateOtherUserDevices {
paddy@16 109 return errUnauthorizedOwner
paddy@16 110 }
paddy@16 111 if !devices.IsValidDeviceType(d.Type) {
paddy@16 112 return errInvalidDeviceType
paddy@16 113 }
paddy@16 114 if len(d.Name) < devices.MinDeviceNameLength {
paddy@16 115 return errDeviceNameTooShort
paddy@16 116 }
paddy@16 117 if len(d.Name) > devices.MaxDeviceNameLength {
paddy@16 118 return errDeviceNameTooLong
paddy@16 119 }
paddy@15 120 return nil
paddy@15 121 }
paddy@20 122
paddy@20 123 func validateDeviceUpdate(d Device, change DeviceChange, scopes []string, user uuid.ID) error {
paddy@20 124 canUpdateOtherUserDevices := api.CheckScopes(scopes, ScopeUpdateOtherUserDevices.ID)
paddy@20 125 canUpdateLastSeen := api.CheckScopes(scopes, ScopeUpdateLastSeen.ID)
paddy@20 126
paddy@20 127 if !d.Owner.Equal(user) && !canUpdateOtherUserDevices {
paddy@20 128 return errUnauthorizedOwner
paddy@20 129 }
paddy@20 130 if change.LastSeen != nil && !change.LastSeen.IsZero() && !canUpdateLastSeen {
paddy@20 131 return errUnauthorizedLastSeen
paddy@20 132 }
paddy@20 133 if change.Type != nil && !devices.IsValidDeviceType(*change.Type) {
paddy@20 134 return errInvalidDeviceType
paddy@20 135 }
paddy@20 136 if change.Name != nil && len(*change.Name) < devices.MinDeviceNameLength {
paddy@20 137 return errDeviceNameTooShort
paddy@20 138 }
paddy@20 139 if change.Name != nil && len(*change.Name) > devices.MaxDeviceNameLength {
paddy@20 140 return errDeviceNameTooLong
paddy@20 141 }
paddy@20 142
paddy@20 143 return nil
paddy@20 144 }