Skip to content

NO TICKET: cover all endpoints with auth dependencies#162

Merged
jirhiker merged 1 commit into
stagingfrom
jab-full-auth-coverage
Sep 30, 2025
Merged

NO TICKET: cover all endpoints with auth dependencies#162
jirhiker merged 1 commit into
stagingfrom
jab-full-auth-coverage

Conversation

@jacob-a-brown

@jacob-a-brown jacob-a-brown commented Sep 29, 2025

Copy link
Copy Markdown
Contributor

Why

This PR addresses the following problem / context:

  • every endpoint should be covered with an auth dependency

How

Implementation summary - the following was changed / added / removed:

  • added user: <auth dependency> to every endpoint

Notes

Any special considerations, workarounds, or follow-up work to note?

  • Some routers had auth dependencies injected at the router, not each endpoint. I changed it to be endpoint-specific so that the user object can be utilized. This will allow us in the future to return objects, like things or locations, and hide some fields (e.g. notes), from unauthenticated users. To do this we'll need to set the viewer dependencies to optional=True. But that's an issue for our future selves.
    • This doesn't really adhere to DRY, but if we want to hide specific fields or records from GET endpoints I think that the auth dependency should be injected at the endpoint, not the router.
  • All of the data currently being modeled is from AMP. I'm not sure when to use amp auth dependencies or general dependencies. This is most pertinent to the /thing, /sample, and /observation routers. Should they be general auth dependencies for now? Does it matter for the time being since everyone using the app is AMP?

@codecov-commenter

codecov-commenter commented Sep 29, 2025

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

Files with missing lines Coverage Δ
api/asset.py 98.71% <100.00%> (ø)
api/author.py 100.00% <100.00%> (ø)
api/geospatial.py 97.50% <100.00%> (ø)
api/group.py 100.00% <100.00%> (ø)
api/observation.py 100.00% <ø> (ø)
api/publication.py 100.00% <100.00%> (ø)
api/search.py 97.77% <100.00%> (ø)
api/thing.py 98.47% <100.00%> (ø)
tests/test_observation.py 95.42% <100.00%> (ø)
tests/test_publication.py 100.00% <100.00%> (ø)
... and 1 more

Comment thread api/thing.py
@jirhiker jirhiker merged commit d3895ce into staging Sep 30, 2025
3 of 4 checks passed
@TylerAdamMartinez TylerAdamMartinez deleted the jab-full-auth-coverage branch February 5, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants