Comments (5)
but isn't a POST required only when a state change occurs in the server?
In a strict, RESTful resource sense, sure. But /api/me
isn't really a REST resource so much as a general information endpoint. But you can use POST for whatever you want. For example, graphQL read-only search use POST. POST is often used when a request needs a body and url parameters are unwieldy (or size-limited), nothing more. I think I've seen several 'do this query' search APIs use POST. Arguably, POST is appropriate here because it's asking the server to 'do something' because checking individual permissions is an action (it's not existing readable state, the server has to go and check each one), not purely a read operation. But that's a detail. We can use POST if it suits our needs better than GET.
It's not perfect, and GET with a body would make the most sense, but HTTP is annoying that way.
from jupyter_server.
For instance in Jupyverse, the Swagger UI cannot show a nice input
I don't follow why it can't. This is an optional parameter, so it can be ignored. Is jupyverse forcing a usually-empty field to be non-empty?
the structure of the permissions parameter is not apparent
The structure of the permissions parameter is the structure of the permissions model in the response, and I think there's value in it matching exactly, which is how it is currently (I have a dict of lists, return me the same dict with items filtered to only those whose permissions I currently hold). JSON seems more sensible than form-encoding for a JSON API, but if it should be form-encoded, it should all be nested under permissions
, not top-level kernels
arguments, e.g. permissions.kernels=read&permissions.kernels=write&permissions.kernels=execute
. That would be quite a bit more complex for both the request and the response than JSON, and result in far-longer URLs, so I'm not quite sure what the improvement or reason would be to make that change.
It seems the solution is to fill in the missing documentation for the optional permissions parameter.
from jupyter_server.
By lack of structure, I mean that Swagger just shows a box where one has to manually enter some free-form text. I was hoping it could be a bit more "user-friendly", for instance by having a line for each resource where one could enter the permissions.
Also, it's almost impossible to write a URL by hand, since it's URL-encoded.
But I understand your argument about passing the exact same structure that is returned. It just feels weird to me that it's in a query parameter. Passing it as a JSON body parameter would feel more natural, but GET
requests cannot have a body.
from jupyter_server.
Passing it as a JSON body parameter would feel more natural, but GET requests cannot have a body.
I agree 100%, it would have been in the body if that were allowed. We could also split checking permissions into its own endpoint so it can be a POST. What do you think about that? POST to /api/me
for checking permissions, rather than folding it into the identity model?
I don't think folks should be creating the URLs by hand. I'd try to omit it from openapi UI, if you can. But I know those tools don't usually allow for any kind of nuance.
from jupyter_server.
We could also split checking permissions into its own endpoint so it can be a POST.
Yes I think it would be better, but isn't a POST required only when a state change occurs in the server?
from jupyter_server.
Related Issues (20)
- async start_extension hook HOT 4
- Change allow_hidden config default for easier hidden files access HOT 1
- can't delete file in jupyterlab HOT 11
- GatewayTokenRenewer classes stopped being called with the 2.8.0 release of the `jupyter_server` package. HOT 3
- Contents API fetches are cached for too long HOT 1
- Latest release 2.9.0 broken on install HOT 4
- Custom ContentsManager with a NoOpCheckpoints cannot open notebook, raises Unhandled error HOT 1
- Navigating in the JupyterLab UI can prevent idle kernels from being culled. HOT 11
- Remove usages of tornado io_loop in favor of native asyncio HOT 4
- Latest release is breaking custom ContentManager HOT 4
- lots of ways to trigger unhandled errors via filesystem permissions
- Stop using deprecated function in tornado HOT 1
- Serve kernel WASM assets
- Enable EPUB and HTML outputs from the docs HOT 1
- Tests failing in the latest version HOT 2
- Removing `nbconvert` as a required dependency HOT 4
- Missing Python target version bound leads to incorrect `ruff` suggestions HOT 3
- Kernel's execution state is not updated after the kernel is crashed while executing code HOT 4
- Should `current_user` and `prepare` guards be set in `AuthenticatedHandler` rather than `JupyterHandler`? HOT 2
- The Shut Down and Log Out menu items disappeared between 2.12.5 and 2.13.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jupyter_server.