Skip to content

Add show user block api endpoint #4240

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 14, 2023
Merged

Add show user block api endpoint #4240

merged 2 commits into from
Sep 14, 2023

Conversation

@AntonKhorev
Copy link
Collaborator

@AntonKhorev AntonKhorev commented Sep 8, 2023

Going through the DWG Wishlist, there was a blocks api.

Currently scripted blocks in osmtools are done by emulating the browser, loading webpages and filling out forms. That requires passing the password around. It would be better to be able to access block functionality with a proper api and an oauth token.

But before doing block creation, there need to be block read api endpoints. Here the xml block show method is added at /api/0.6/user_blocks/:id with an output like:

<osm version="0.6" ...>
<user_block id="6" created_at="2023-08-01T15:55:58Z" updated_at="2023-08-05T00:46:36Z" ends_at="2023-08-05T00:46:36Z" needs_view="false">
  <user uid="1" user="fakeuser1"/>
  <creator uid="2" user="fakemod1"/>
  <revoker uid="2" user="fakemod1"/>
  <reason>longer block test</reason>
</user_block>
</osm>

All of this is already accessible through the web ui at /user_blocks/:id.

@mmd-osm
Copy link
Contributor

mmd-osm commented Sep 8, 2023

#1618 seems to be related to this one

tomhughes
tomhughes reviewed Sep 8, 2023
View reviewed changes
Copy link
Member

@tomhughes tomhughes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we be adding JSON output as well?

@AntonKhorev
Copy link
Collaborator Author

AntonKhorev commented Sep 9, 2023

#1618 seems to be related to this one

This PR alone won't be enough for what was originally asked there. The next required thing is a search endpoint with the ability to search by usernames/ids.

Should we be adding JSON output as well?

Yes, if the xml output format is ok. The biggest decision here was to make separate user/creator/revoker subelements.

@tomhughes
Copy link
Member

tomhughes commented Sep 10, 2023

I assume there's nothing being exposed here that isn't already visible through the web interface? I think pretty much everything is visible there already?

@mmd-osm
Copy link
Contributor

mmd-osm commented Sep 10, 2023
edited
Loading

As a normal user, I don't see any of the "uid" values in the web interface, neither for the user which has been blocked, nor for the creator and potential block revoker.

By the way, does this also work for deleted users, like this one: https://www.openstreetmap.org/user_blocks/14719

mmd-osm
mmd-osm reviewed Sep 10, 2023
View reviewed changes
app/controllers/api/user_blocks_controller.rb
before_action :set_request_formats

def show
raise OSM::APIBadUserInput, "No id was given" unless params[:id]
Copy link
Contributor

@mmd-osm mmd-osm Sep 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe make it a bit clearer, which "id" we expect here, like "No user block id was given".

@tomhughes
Copy link
Member

tomhughes commented Sep 10, 2023

As a normal user, I don't see any of the "uid" values in the web interface, neither for the user which has been blocked,
nor for the creator and potential block revoker.

Right, but in general the mapping between username and ids is not hidden - the user details call will get it for example.

@AntonKhorev
Copy link
Collaborator Author

AntonKhorev commented Sep 11, 2023

The web interface prefers to work with usernames while the api prefers user ids. For example you need a user id for user details. When you know a username and want to get the corresponding id through the api, you typically do a changeset search by the username and get the id from the search results. It's only difficult to do if the user has no contributions, but then, if it's a genuine user and not a pre-blocked vandal account, there has to be a problem with their contributions and changesets (or notes) searchable by the username exist.

@tomhughes tomhughes merged commit 85b17a1 into openstreetmap:master Sep 14, 2023
@AntonKhorev AntonKhorev deleted the blocks-api branch September 15, 2023 11:49
@AntonKhorev AntonKhorev mentioned this pull request Jan 1, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tomhughes tomhughes tomhughes left review comments

+1 more reviewer

@mmd-osm mmd-osm mmd-osm left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AntonKhorev @mmd-osm @tomhughes