Hi all, As we have discussed during the code review which was held on 1st October, there was a doubt *whether we can input foreign characters as comment text*. (whether we support both utf-8 and utf-16 encoding). As a solution, I have changed the data type of the comment text to *BLOB (VARBINARY and BYTEA)* in the table.
AM_API_COMMENTS UUID VARCHAR(255) PRIMARY KEY COMMENT_TEXT BLOB - h2, MySQL, Oracle VARBINARY(MAX) - MSSQL BYTEA - PostgreSQL USER_IDENTIFIER VARCHAR(255) CATEGORY VARCHAR(20) DEFAULT ‘General’ PARENT_COMMENT_ID VARCHAR(255) ENTRY_POINT VARCHAR(20) API_ID VARCHAR(255) FOREIGN KEY REFERENCES AM_API (UUID) ON DELETE CASCADE ON UPDATE CASCADE CREATED_BY VARCHAR(100) CREATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP UPDATED_BY VARCHAR(100) UPDATED_TIME TIMESTAMP DEFAULT CURRENT_TIMESTAMP *How does this solve the problem?* Based on the Java version installed in the machine, when inserting a comment, the default encoding scheme will be applied to the comment text. The database table will just store this comment text as an array of bytes, so it does not care whether this is utf-8 or utf-16. So IMHO, I think this solves the problem that we had. *What do you think about this?* *Current work* - I have changed all the database queries to create table AM_API_COMMENTS in order to have BLOB type for comment text. - Changed the necessary queries to convert comment text (string) to byte array while inserting/updating/retrieving data in *APIDAOImpl.java * file. - Modified DAO integration tests and tested for h2, MySQL, MSSQL, Oracle and PostgreSQL databases. - Wrote integration tests in product-apim and tested them. Thanks! On Wed, Oct 3, 2018 at 11:07 AM Wasura Wattearachchi <[email protected]> wrote: > Hi Pubudu, > > In point 1 > > - The comment owner should be able to edit his comment. +1 for that. > - IMHO, I think it is better if we consider the Entry Point. > For example, let's say there are two Peters (username). One is a Publisher > and the other one is a Consumer. So if we did not check the entry point, > one Peter can edit other Peter's comment without his consent. In order to > avoid this, we can check both username (USER_IDENTIFIER) and the entry > point (ENTRY_POINT) and give the edit permission. > > +1 to the idea of comment moderator/admin should only have the ability to > delete comments, not to edit the comments. > > Thanks! > > On Tue, Oct 2, 2018 at 12:37 PM Pubudu Gunatilaka <[email protected]> > wrote: > >> Hi Wasura, >> >> On Tue, Oct 2, 2018 at 12:20 PM Wasura Wattearachchi <[email protected]> >> wrote: >> >>> >>> Ok sure. >>> I have a doubt to be clarified. When editing a comment, we already have >>> a mechanism to check whether the particular person has the *comment >>> moderator* role. If so we give permission to update the comment. >>> But if the user does not have the comment moderator role, we need a >>> mechanism to check whether the *username* and *entry point* both >>> matches with the comment that is already in the database and give >>> permission to him/her to modify the particular comment. >>> For example, >>> Assume Peter posts a comment (assume commentId is 1001) using API Store. >>> But Peter does not have the comment moderator role. So in here, we need to >>> allow Peter to modify his own comment. We can check USER_IDENTIFIER and >>> ENTRY_POINT in the comment 1001 retrieved from the database, and if they >>> match with the current USER_IDENTIFIER and ENTRY_POINT, then we must allow >>> modifying the comment. (It confirms that Peter is trying to modify the >>> comment via API Store) >>> >> >> When giving edit rights to the comment, I think we need to check the >> following. >> >> 1. The comment owner should be able to edit his comment. We should not >> consider the entry point to in this case. IMHO we should use entry point to >> identify the entry point which we can use to mark the comment user as >> api-publisher in store. >> 2. Comment moderator/Admin roles should be able to delete the comments. I >> think we should avoid editing comments. >> >>> >>> I am looking more into these user roles, and I am trying to distinguish >>> admin and comment moderator roles separately. I think it is better to have >>> the comment moderator role separately, so by default admin will not have >>> that privilege. If someone decides to have a separate person to handle the >>> comment then he/she can be assigned with the comment moderator role. >>> >>> +1 to use a comment moderator separate role if it is possible. >> >> Thank you! >> -- >> *Pubudu Gunatilaka* >> Committer and PMC Member - Apache Stratos >> Senior Software Engineer >> WSO2, Inc.: http://wso2.com >> mobile : +94774078049 <%2B94772207163> >> >> > > -- > Wasura Wattearachchi > Software Engineer Intern | WSO2 > > Email: [email protected] <[email protected]> > Mobile: +94775396038 > <http://wso2.com/signature> > -- Wasura Wattearachchi Software Engineer Intern | WSO2 Email: [email protected] <[email protected]> Mobile: +94775396038 <http://wso2.com/signature>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
