[GitHub] [airflow] uranusjr commented on a change in pull request #18757: Make REST API patch user endpoint work the same way as the UI

Wed, 06 Oct 2021 03:08:15 -0700 


uranusjr commented on a change in pull request #18757:
URL: https://github.com/apache/airflow/pull/18757#discussion_r723091557



##########
File path: airflow/api_connexion/endpoints/user_endpoint.py
##########
@@ -124,9 +124,21 @@ def patch_user(username, update_mask=None):
     if user is None:
         detail = f"The User with username `{username}` was not found"
         raise NotFound(title="User not found", detail=detail)
-
-    # Get fields to update. 'username' is always excluded (and it's an error to
-    # include it in update_maek).
+    # Check unique username
+    new_username = data.get('username')
+    if new_username:
+        usr = security_manager.find_user(username=new_username)
+        if usr and usr != user:
+            raise AlreadyExists(detail=f"The username `{new_username}` already 
exists")
+
+    # Check unique email
+    email = data.get('email')
+    if email:
+        usr = security_manager.find_user(email=email)
+        if usr and usr != user:
+            raise AlreadyExists(detail=f"The email `{email}` already exists")

Review comment:
       I think one important consideration is that those fields are pre-filled 
in the web UI (I think by Flask-Appbuilder?) so setting them as required 
imposes no cost to the user, but that's not the case for the API. The PATCH 
verb is designed to allow the user to not send fields they don't want to 
modify, so requiring fields is kind of against the spirit IMO, especially for 
`email` (`username` is already needed to access the endpoint anyway so 
requiring it in the payload is only unnecessary duplication and slightly less 
problematic).
   
   But even if we decide to make these fields required, they still need to have 
`minLength: 1` IMO. It's very non-obvious that setting those fields to an empty 
string implies not changing them. The expected behaviour for providing an empty 
string in a field is setting that field to an empty string.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to