Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistencies in Admin API based user listing #10892

Open
poikilotherm opened this issue Sep 30, 2024 · 1 comment
Open

Inconsistencies in Admin API based user listing #10892

poikilotherm opened this issue Sep 30, 2024 · 1 comment
Labels
Feature: Account & User Info Feature: API Size: 10 A percentage of a sprint. 7 hours. Type: Bug a defect User Role: API User Makes use of APIs User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured

Comments

@poikilotherm
Copy link
Contributor

What steps does it take to reproduce the issue?
Look at the outputs of /api/admin/authenticatedUsers and /api/admin/list-users

When does this issue occur?
When using the API to retrieve all users

Which page(s) does it occurs on?
API

What happens?

  1. I must supply a Superuser Admin Token to both endpoints in addition to my unblock-key. This doesn't make sense and should be mitigated (instead of access policy unblock-key or localhost allow a policy to use tokens, OIDC or API style).
  2. The /list-users endpoint is inconsistent with it's naming. Why isn't this paginated, searchable output enabled under /authenticatedUsers?
  3. The /list-users endpoint doesn't use the JsonPrinter.json(AuthenticatedUser) to include the persistentUserId in the JSON output, while the /authenticatedUsers endpoints do. Instead, it uses the AuthenticatedUser.toJson() converter, which is solely used for this purpose, nowhere else except a test of the AuthenticatedUserclass.
  4. Why is the /authenticatedUsers endpoint deprecated, when there are a lot more endpoints using this path?
  5. Why is the API endpoint to change a user identifier under /api/users instead of /api/admin/authenticatedUsers when it does require a superuser token anyway?
  6. Why aren't there simple CRUD like endpoints for /api/admin/authenticatedUsers/{id}/{attribute}?

To whom does it occur (all users, curators, superusers)?
Superusers, Admins

What did you expect to happen?
See list above.

Which version of Dataverse are you using?
4.20 and develop.

Any related open or closed issues to this bug report?
None that I could find.
@poikilotherm poikilotherm added Feature: API Type: Bug a defect Feature: Account & User Info User Role: API User Makes use of APIs User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured Size: 10 A percentage of a sprint. 7 hours. labels Sep 30, 2024
@pdurbin
Copy link
Member

pdurbin commented Sep 30, 2024

Per discussion in Slack, /api/admin/list-users was added in this PR:

As I said there, at some point the SPA will probably need a new non-blocked (not under /api/admin) endpoint for the users part of the superuser dashboard. Perhaps that would be a good time to clean things up. 😅

@poikilotherm poikilotherm mentioned this issue Oct 7, 2024
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature: Account & User Info Feature: API Size: 10 A percentage of a sprint. 7 hours. Type: Bug a defect User Role: API User Makes use of APIs User Role: Superuser Has access to the superuser dashboard and cares about how the system is configured
Projects
Forschungszentrum Jülich
Status: Important
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pdurbin @poikilotherm