Hi Chamalee, Why do we have UPDATED_BY column? Do we allow users to update other users comments? IMO this should not be allowed.
Allowing admin users to delete comments/ratings is ok, but we shouldn't allow them to edit. WDYT? On Mon, Apr 3, 2017 at 3:08 PM, Fazlan Nazeem <[email protected]> wrote: > Hi, > > On Mon, Apr 3, 2017 at 2:08 PM, Chamalee De Silva <[email protected]> > wrote: > >> hi all, >> Ratings and Comments impact on the impression of the API Store users of >> the APIs published in the API Store. >> The popularity, importance of the API, the pros and cons of the API can >> be evaluated through the Ratings and Comments given to the APIs. >> >> To achieve that in APIM 3.0.0, following REST APIs are identified to be >> implemented. >> >> >> *Ratings :* >> >> 1. Retrieve the average rating of the API, rating given by the logged in >> user and the rating list. (A composite list will be retrieved as the >> response.) >> 3. Adding a new rating to an API (Updating the existing rating will also >> be handled through this.) >> >> Does this mean we handle both operations using same API operation? If so > we have to send a POST request to an update operation. That doesn't sound > right. We have to have two operations for adding(POST) and update(PUT) the > rating. Any explanation? > > *Comments :* >> >> 1. Retrieve the list of Comments of an API >> 2. Retrieve an individual Comment of an API >> 3. Add a new Comment to an API >> 4. Update an existing Comment of an API >> 5. Delete a particular Comment >> >> Database schema is updated with adding two tables as follows. >> >> AM_API_RATINGS >> >> RATING_ID >> >> API_ID >> >> RATING >> >> USER_IDENTIFIER >> >> CREATED_BY >> >> CREATED_TIME >> >> UPDATED_BY >> >> LAST_UPDATED_TIME >> >> >> >> >> >> >> >> >> >> >> AM_API_COMMENTS >> >> COMMENT_ID >> >> API_ID >> >> COMMENT_TEXT >> >> USER_IDENTIFIER >> >> CREATED_BY >> >> CREATED_TIME >> >> UPDATED_BY >> >> LAST_UPDATED_TIME >> >> >> >> >> >> >> >> >> >> The COMMENT_ID and API_ID are UUIDs which are primary keys. >> >> >> These are further described as user stories in redmine [1] under Epic >> #5963 <https://redmine.wso2.com/issues/5963> >> and the public JIRA can be found at -[2]. >> >> We have done a design review for this and please find the design review >> comments in [3]. >> >> The REST API definition and schema level implementation is complemented >> and following are left to be completed in this feature. >> >> 1. DAO level implementation for retrieving and storing values. >> 2. Permission model considerations >> - As we discussed within the team, to rate an API or to >> Comment an API, the user should have* at least* the permission to view >> the API. He should have the API_ID in hand to manipulate all REST APIs >> which goes under Ratings and Comments. >> Assuming that permission check for API is happening prior to >> every operation we are safe in that side. >> >> 3. Other than that, as discussed in the design review we should calculate >> the average rating of each of the API using a separate Database >> operation and set the rating to the APIInfo object where we do the >> listAllAPIs call as well. >> (For per API scenario, We are going to use a separate REST call as per >> in discussion [4]) >> >> >> >> [1] https://redmine.wso2.com/issues/5963 >> [2] <https://github.com/wso2/carbon-apimgt/pull/3879> >> https://wso2.org/jira/browse/APIMANAGER-5684 >> <https://www.google.com/url?q=https%3A%2F%2Fwso2.org%2Fjira%2Fbrowse%2FAPIMANAGER-5684&sa=D&sntz=1&usg=AFQjCNEKLLoVtUwWONla9d_Gw8FD6iVdlQ> >> [3] Updated Invitation: [APIM][C5][Design Review] REST APIs for Rating >> and Commen... @ Tue Mar 28, 2017 12pm - 12:45pm (IST) (WSO2 Engineering >> Group) >> [4] Retrieving Rating value of API in the GET_API resource API >> >> >> >> >> >> >> -- >> Thanks & Regards, >> >> *Chamalee De Silva* >> Software Engineer >> *WS**O2* Inc. :http://wso2.com/ >> >> Office :- *+94 11 2145345 <%2B94%2011%202145345>* >> mobile :- *+94 7 <%2B94%2077%202782039>1 4315942* >> >> >> >> >> -- >> Thanks & Regards, >> >> *Chamalee De Silva* >> Software Engineer >> *WS**O2* Inc. :http://wso2.com/ >> >> Office :- *+94 11 2145345 <%2B94%2011%202145345>* >> mobile :- *+94 7 <%2B94%2077%202782039>1 4315942* >> >> > > > -- > Thanks & Regards, > > Fazlan Nazeem > > *Senior Software Engineer* > > *WSO2 Inc* > Mobile : +94772338839 > <%2B94%20%280%29%20773%20451194> > [email protected] > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- *Thanks and Regards,* Anuruddha Lanka Liyanarachchi Software Engineer - WSO2 Mobile : +94 (0) 712762611 Tel : +94 112 145 345 a <[email protected]>[email protected]
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
