-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add and delete site image routes #191
Conversation
service/src/main/java/com/codeforcommunity/requester/S3Requester.java
Outdated
Show resolved
Hide resolved
Just a note for anyone testing the add image route that the request body's To get the value for |
S3 permissions should be all set now and performing any operations on S3 (put, delete, etc.) without correct access/secret keys should be blocked. Lmk if anyone can add or delete objects without the keys! |
Good job! Everything looks pretty good. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome work!! Just a few comments/questions:
persist/src/main/resources/db/migration/V4_6__AddSiteImagesApprovalStatus.sql
Outdated
Show resolved
Hide resolved
common/src/main/java/com/codeforcommunity/enums/ImageApprovalStatus.java
Outdated
Show resolved
Hide resolved
api/src/main/java/com/codeforcommunity/api/IProtectedSiteProcessor.java
Outdated
Show resolved
Hide resolved
service/src/main/java/com/codeforcommunity/processor/ProtectedSiteProcessorImpl.java
Outdated
Show resolved
Hide resolved
Sounds like someone (me) was lazy with their planning... and you guys brought up really good points! How about this: Add site route:
Delete site route:
Also, when an admin rejects an image, we should immediately delete it. We should not be storing any rejected images and this will also mean that the reject image route is just going to be the delete image route |
@chromium-52 I think that looks really good! Do you think we'd want to limit the number of pending/approved images for an entry as well? If somebody really had it against us they could easily just make a bunch of burner accounts and spam us with uploads - I don't think anyone would actually do this, but might be worth considering. |
@huang0h That's a good point but I think we don't have to worry about that for now. Even if we do implement it, we have a lot (12000+) of sites and there's nothing stopping anyone from trying to upload images for all of them. You're right that we would ideally be proactive and not reactive when dealing with things like this and we can monitor the number of submitted images but dealing with every possible edge case is a real pain and given our scale (<400 users with no bad no users so far), I think we can put it on the back burner |
35372ab
to
0fd7dfa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm! just a small nitpick:
service/src/main/java/com/codeforcommunity/processor/ProtectedSiteProcessorImpl.java
Outdated
Show resolved
Hide resolved
service/src/main/java/com/codeforcommunity/processor/ProtectedSiteProcessorImpl.java
Show resolved
Hide resolved
I forgot where it was mentioned, but I believe somewhere we said that we'd want to allow users to remain anonymous behind the image uploads (at least on the site page; I think admins should still see usernames when approving images) - this was from the final figma design of the new page. Is that still something we'd want to do? |
@huang0h Ehhh since it's there and doesn't add that much more dev work, let's just do it. Good call! |
0fd7dfa
to
4b4654a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks good!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for removing the unnecessary imports-- are the other changes just formatting?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah these were actually just changes that were applied automatically when I ran mvn clean install
Checklist
Why
GH Projects Ticket
Adds two backend routes to allow users to add (for anyone) and delete (for admins+ only) images for site entries.
This PR
Add a new route that adds/uploads an image for a site entry to the user uploads AWS S3 bucket and stores the generated image URL and other info like the uploader's user ID in the
SITE_IMAGES
table. Anyone can call this route. An image's approval status (see below) isSUBMITTED
by default unless it is uploaded by an admin in which it's auto-APPROVED
.Add a new route that deletes an image with the given image ID both in the user uploads AWS S3 bucket and the
SITE_IMAGES
table. Only admins+ can call this routeAdd a new enum called
ImageApprovalStatus
that keeps track of whether each image has beenSUBMITTED
(i.e. pending review from an admin) or eitherAPPROVED
orREJECTED
by an admin.Verification Steps
Add site image (http://localhost:8081/api/v1/protected/sites/site_image/:site_entry_id)
sftt-user-uploads
S3 bucket in AWS and theSITE_IMAGES
table in postgresDelete site image (http://localhost:8081/api/v1/protected/sites/site_image/:image_id)
STANDARD
user throws a 401sftt-user-uploads
S3 bucket in AWS and theSITE_IMAGES
table in postgres