http://localhost/ticket/27 en-us http://assets.okfn.org/p/ckan/img/ckan_logo_shortname.png http://localhost/ticket/27 Trac 0.12.3 rgrp Tue, 08 Jan 2008 10:32:01 GMT http://localhost/ticket/27#comment:1 http://localhost/ticket/27#comment:1 <ul> <li><strong>description</strong> modified (<a href="/ticket/27?action=diff&amp;version=1">diff</a>) </li> <li><strong>milestone</strong> set to <em>v0.6</em> </li> </ul> <p> In many ways everything that is needed is already in place in that the package update and create controller just require raw posts to do their work. However should implement some kind of authentication/authorization to prevent automated spamming. </p> <p> This would also require some way of distinguishing posts from our own WUI and those coming from outside (at present no checking is performed and the 'post' to these controllers is freely allowed by anyone out there! </p> Ticket rgrp Thu, 07 Feb 2008 16:00:48 GMT http://localhost/ticket/27#comment:2 http://localhost/ticket/27#comment:2 <ul> <li><strong>owner</strong> changed from <em>somebody</em> to <em>johnbywater</em> </li> </ul> <p> Methods potentially in need of access control at present (on controllers/package.py) </p> <ul><li>update (_update) </li><li>create </li></ul><p> Frankly, for time being we can probably leave these unsecured but with monitoring. Should they be abused we can add access control fairly easily. So decision: no work on access control/auth for time being here. </p> <p> Focus instead should be on: </p> <ul><li>documentation of post parameters (rgrp) </li><li>returning restful status values (201 Created, 204 Updated, etc) </li><li>returning machine readable output from read and list (json) </li></ul> Ticket johnbywater Thu, 14 Feb 2008 13:40:41 GMT http://localhost/ticket/27#comment:3 http://localhost/ticket/27#comment:3 <p> So, after reading all about REST interfaces, I've written a functional requirement for a RESTfull interface to a web application domain model: </p> <p> <a class="ext-link" href="http://desire.appropriatesoftware.net/requirements/60/"><span class="icon">​</span>http://desire.appropriatesoftware.net/requirements/60/</a> </p> <p> Basically, the 'fit criteria' require answers to these questions: </p> <ul><li>What are the URIs? </li><li>What's the format? </li><li>What methods are supported at each URI? </li><li>What status codes could be returned? </li></ul><p> I think we can hope to make a clean rest interface at (something like) ckan.net/api/rest. Having such a distinct location is fairly common (cf. flickr.com) and prevents any clutering the web browser client interface with aspects of machine client support. </p> <p> To make this point clearer, as RESTfullness claims to describe the web as it is, then the existing web browser interface must already be RESTfull. Hence, the main distinction with CKAN development is between CKAN's RESTfull machine interface and CKAN's RESTfull web browser client interface. </p> <p> Hence, if a CKAN machine client will follow the client-server interaction of a CKAN web browser client, the main requirement is to make sure the format of the responses is client-appropriate. Whilst machine clients can make POST and GET requests in the same way as a web browsers, clearly machine clients don't need lots of decorative HTML when accessing domain objects. </p> <p> Therefore, CKAN needs first to make user of a data format for rendering domain objects, and it needs to detect when it is required to return data in this format. </p> <p> Options for data format are bascially XML or JSON. It looks like JSON is preferable. </p> <p> Options for detecting client type are to prefix normal resource path with /api/rest/ or for the machine clients to pass a format=json parameter with each request. </p> Ticket johnbywater Thu, 14 Feb 2008 14:03:01 GMT http://localhost/ticket/27#comment:4 http://localhost/ticket/27#comment:4 <p> So for this ticket, a REST interface for packages would involve: </p> <p> See <a class="wiki" href="http://localhost/wiki/RestfulAPI">this wiki page</a> for more information. </p> Ticket rgrp Tue, 08 Apr 2008 19:44:23 GMT http://localhost/ticket/27#comment:5 http://localhost/ticket/27#comment:5 <p> The remaining issue is authentication. Initially was hopeful that we could use openid (perhaps with oauth) but this does not seem possible (despite much talk of openid and oauth being complementary) ... Thus we shall adopt this old-fashioned approach. </p> <ul><li>A user who wishes to use the web api must obtain a web api key. They do this by: <ul><li>Going to ckan.net and signing in using their open id. </li><li>Visit /account/apikey/: this should generate them a unique uuid key (or show their existing key if they already have one). This key should then be stored in the db along with their openid. </li></ul></li><li>Once a user has an api key they must include in the request when making changes. This may necessitate an update to the restful api to start having a more generic message format (this also makes it more extensible for the future): <ul><li>auth: auth key </li><li>data: data body (what we currently send) </li></ul></li></ul> Ticket rgrp Tue, 08 Jul 2008 19:05:33 GMT http://localhost/ticket/27#comment:6 http://localhost/ticket/27#comment:6 <ul> <li><strong>status</strong> changed from <em>new</em> to <em>closed</em> </li> <li><strong>resolution</strong> set to <em>fixed</em> </li> </ul> <p> Massive ticket now thoroughly addressed (early start in <a class="missing changeset" title="No default repository defined">r242</a> and ff. then later in <a class="missing changeset" title="No default repository defined">r275</a>, <a class="missing changeset" title="No default repository defined">r276</a> etc). Also now have start of demo ckan REST client at <a class="source" href="http://localhost/browser/ckanclient">browser:ckanclient</a> </p> Ticket