implement new uploads to the addon api, for listed too. #17914
Conversation
This comment has been minimized.
This comment has been minimized.
eviljeff
force-pushed
the
7811-addon-submission-api
branch
from
4a5296d to
2f330e6
Compare
This comment has been minimized.
This comment has been minimized.
| @@ -183,6 +187,7 @@ class AddonViewSet(RetrieveModelMixin, GenericViewSet): | |||
| AllowUnlistedViewerOrReviewer, | |||
| ), | |||
| ] | |||
| authentication_classes = [JWTKeyAuthentication, WebTokenAuthentication] | |||
There was a problem hiding this comment.
It's probably safe to do (ultimately this doesn't let you do that much), but this makes the whole API available with external auth and should be documented.
There was a problem hiding this comment.
Documented in the API docs? Or elsewhere
There was a problem hiding this comment.
In the API docs. For addons (and many others), we currently say The only authentication method available at the moment is the internal one. and this wouldn't be true anymore after these changes.
There was a problem hiding this comment.
The only thing needed is to remove that whole sentence for addons API I think.
| ): | ||
| # Permissions are always checked against the parent add-on in | ||
| # get_addon_object() using AddonViewSet.permission_classes so we don't need | ||
| # to set any here. Some extra permission classes are added dynamically | ||
| # below in check_permissions() and check_object_permissions() depending on | ||
| # what the client is requesting to see. | ||
| permission_classes = [] | ||
| authentication_classes = [JWTKeyAuthentication, WebTokenAuthentication] |
| from olympia.signing.views import VersionView # circular import | ||
|
|
||
| # TODO: consolidate/replicate this behaviour. | ||
| VersionView().check_throttles(request) |
There was a problem hiding this comment.
| version = Version.from_upload( | ||
| upload=upload, | ||
| addon=self.addon or validated_data.get('addon'), | ||
| # TODO: change Version.from_upload to take the compat values into account |
There was a problem hiding this comment.
|
Filed follow-ups and created a project to hold them: https://github.com/orgs/mozilla/projects/174 |
fixes mozilla/addons#5348 ... or the base work for it at least. (draft PR was #17765 - copied text over from it)
Basic flow:
api/v5/addons/submission/to create a FileUpload (returns a serialized response that contains the upload UUID). Upload was added in implement fileupload api, part of new addon submisison api #17919.api/v5/addons/addon/with json like{"categories": {"firefox": ["bookmarks"]}, "version": {"upload": "<uuid>", "license": 7}}api/v5/addons/addon/<addon slug or id or guid>/versions/with json like{"upload": "<uuid>", "license": 7}Known limitations:
AddonSerializertoVersionSerializer.AddonSerializerthat should be writable but are currently eitherSerializerMethodFields or customFields/Serializers that don't have a working write implementation.default_localedid unexpected things during Addon creation with respect to data in the manifest so left it read only.CreateModelMixinhas been added to the views to limit the scope of the changes/tests. The serializers should handle updates without a massive amount of extra work (in theory!).