Skip to content

Groups API clarification #242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jmgasper opened this issue May 5, 2020 · 7 comments
Closed

Groups API clarification #242

jmgasper opened this issue May 5, 2020 · 7 comments
Labels
Feature: Work Participants P1
Milestone
Backlog

Comments

@jmgasper
Copy link
Collaborator

jmgasper commented May 5, 2020

Currently, our call to get the groups for launching a challenge returns all groups, not just the groups the user has access to

Currently

We're calling GET https://api.topcoder-dev.com/v5/groups with an Authorization header for the user

Change

I'm expecting we'll have to make a call like this, with the memberId and membershipType, but I want to make sure this will actually return the groups the user has access to. For TonyJ in dev, it returns an empty list.

https://api.topcoder-dev.com/v5/groups?memberId=8547899&membershipType=group

Expectation

I need to have a call that returns just the groups the current has access to so I can update the challenge-engine-UI to only show those instead of all groups. Please clarify what the request should look like.
@sharathkumaranbu
Copy link

@jmgasper Please use the below end point with Authorization header, it should return the groups the user belongs to.

https://api.topcoder-dev.com/v5/groups/memberGroups/:memberId

E.g. https://api.topcoder-dev.com/v5/groups/memberGroups/8547899

cc @rootelement

@jmgasper
Copy link
Collaborator Author

jmgasper commented May 6, 2020

@rootelement / @sharathkumaranbu - I don't think that's what I'm looking for. I want the list of groups, like we get from just GET 'ing /v5/groups, but only those the current user is allows to launch challenges for.

    {
        "ssoId": "",
        "updatedBy": "1",
        "description": "Test Group",
        "privateGroup": true,
        "oldId": "1",
        "createdAt": "2017-05-18T10:29:38.000Z",
        "selfRegister": false,
        "createdBy": "1",
        "domain": "",
        "name": "TestGroup",
        "id": "304b042f-19f1-4d06-9788-104572eca795",
        "status": "active",
        "updatedAt": "2017-05-18T10:29:38.000Z"
    },

@sharathkumaranbu
Copy link

@jmgasper Please use this

https://api.topcoder-dev.com/v5/groups?memberId=8547899&membershipType=user

It looks like membershipType=group is used to fetch groups which is part of another groups. The above query is working fine for me.

Ideally speaking, the below end point should have been made robust to return the groups which the user has access to.

https://api.topcoder-dev.com/v5/groups/memberGroups/:memberId

The work around way by calling /groups with memberId is not robust and it lacks security checks IMHO.

@jmgasper
Copy link
Collaborator Author

jmgasper commented May 6, 2020

@rootelement - Just FYI, we may want to tweak this in the groups API. Not sure who handles that. ☝️

@jmgasper
Copy link
Collaborator Author

jmgasper commented May 6, 2020

topcoder-platform/groups-api#51

@jmgasper jmgasper mentioned this issue May 6, 2020
Closed
@vikasrohit
Copy link

Can we close it @jmgasper?

@acshields acshields added the P1 label Jun 4, 2020
@acshields acshields added this to the Backlog milestone Jun 24, 2020
@vikasrohit
Copy link

Closing as it seems to be working fine for me. I can see only my groups being returned for the groups api call.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature: Work Participants P1
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
4 participants
@jmgasper @vikasrohit @sharathkumaranbu @acshields