aglinxinyuan commented on code in PR #4138:
URL: https://github.com/apache/texera/pull/4138#discussion_r2650033738
##########
amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowResource.scala:
##########
@@ -712,18 +712,31 @@ class WorkflowResource extends LazyLogging {
}
@GET
- @Path("/owner_user")
Review Comment:
This change doesn’t align with the goal of the PR. The endpoint should
return only the owner’s name, not the full owner information. The url can
remain owner_user or be renamed to owner_name, but no additional owner
information should be included.
##########
amber/src/main/scala/org/apache/texera/web/resource/dashboard/user/workflow/WorkflowResource.scala:
##########
@@ -712,18 +712,31 @@ class WorkflowResource extends LazyLogging {
}
@GET
- @Path("/owner_user")
- def getOwnerUser(@QueryParam("wid") wid: Integer): User = {
+ @Path("/owner_info")
+ @Produces(Array(MediaType.APPLICATION_JSON))
+ def getOwnerInfo(
+ @QueryParam("wid") wid: Integer,
+ @QueryParam("fields") fields: java.util.List[String] // e.g.
&fields=name&fields=...
Review Comment:
Please avoid over-engineering unplanned features in a single PR. We do not
plan to allow this endpoint to return different fields based on user selection.
Introducing a dynamic endpoint increases complexity and the risk of injection
attacks. Each endpoint should have a single, well-defined responsibility.
For example, this endpoint should always return the name. If we also need
the email, we can either introduce a separate endpoint for email or update this
endpoint to always return both name and email. We should not use options or
flags to control endpoint behavior unless there is a strong reason.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
