Draft
Conversation
Add file with endpoints and PATCH/POST data to a separate file in order to not clutter the actual test fiels with this data. Implement helper functions for getting superuser and superuser with a package and other testing setup. Refs. TS-2584
Implement new tests for testing the query count for GET endpoints in the cyberstorm API. Implement separate tests for list endpoints to assert they do not exceed the limit of 15 queries. Update the existing endpoint tests accordingly to the refactored changes. Refs. TS-2584
Refs. TS-2584
Remove setup_superuser and use the UserFactory directly. Move get_parameter_values to utils instead of implementing it twice. Fix typo in test. Refs. TS-2597
Query count tests (TS-2584)
Add "latest" field to select_related in order to slightly improve database query when fetching latest package version. Refs. TS-2639
Add a new file for storing pagination classes as these ought to be in one place. Implement a new class for package dependencies list apiview. Refs. TS-2639
Add new serializer to be used with the package dependencies list apiview. Refs. TS-2639
Implement a view responsible for fetching dependencies for a package. The view returns a list of paginated and serialized package versions related to a specific package. Pagination is set to 20 items per page. The view expects a version number, or alternatively "latest" in the URL kwargs to be present. When using "latest", the version is set to None which is handled by get_package_version(). Refs. TS-2639
Add URL and tests for package dependencies API list view. Refs. TS-2639
Refs. TS-2637
Implement a DELETE endpoint for removing team members from a team in the cyberstorm API. Implement URL and tests. Refs. TS-2637
Update the existing form and form view responsible for removing team members from a team to use the service layer function. Update tests accordingly. Refs. TS-2637
Add remove team member endpoint tests. Update test_cyberstorm_DELETE_endpoint_schemas to create a team and add member to team. Update get_parameter_values. Refs. TS-2637
* Add new test to query count tests * Remove the existing query count tests in test file * Update util for asserting query count to check response status code * Add endpoint to endpoint_data Refs. TS-2639
Fix test which returned a 403 due to faulty setup. Refs. TS-2639
…cies-endpoint Cyberstorm api dependencies endpoint (TS-2639)
Cyberstorm api remove team member endpoint (TS-2637)
Implement serializer to be user for serializing package listing status responses. Refs. TS-2598
Implement a view which fetches internal_notes, rejection_reason, review_status, listing_admin_url for package listings. Return the correct data depending on what permissions the user has. These permissions mirror the legacy view's permissions. Implement unit tests and URL for the endpoint. Refs. TS-2598
Add a separate check for who can view the listing_admin_url. Refactor tests as the previous test would have gotten too big by adding one more permission. Refs. TS-2598
Refs. TS-2598
…status Cyberstorm api listing status (TS-2598)
Implement services for the following: * Create service account * Delete service account Implement tests for the services. Refs. TS-2320
Refs. TS-2320
Refs. TS-2320
Refs. TS-2320
Update forms and views for create and delete service accounts. Refs. TS-2320
Add create and delete endpoints to the endpoint test suite. Update the delete view swagger request_body parameter to display explicitly None. Refs. TS-2320
Update the import location for UserFactory. Refs. TS-2320
Sort endpoints in endpoint_data.py in alphabetical order. Refs. TS-2597
Use empty dict instead of None as default value in test_package_listing_action test. Refs. TS-2597
Use conditional_swagger_auto_schema in order to hide endpoint depending on settings. Refs. TS-2597
expected_status_code -> expected_status_code_map. Refs. TS-2597
Annotate the queryset with active_package_versions instead of calling PackageVersion.is_removed, which avoids triggering an N+1 query. Refs. TS-2672
Remove function which is not being used by any tests. Refs. TS-2597
Add the /unlist endpoint to test. Refs. TS-2597
…ackage Cyberstorm api unlist package (TS-2597)
Implement a service in the service layer in the cyberstorm API for updating team members. Refs. TS-2316
Refs. TS-2316
Implement an APIView in the cyberstorm API responsible for updating team members. The view utilizes the service layer functionality for permission checks and performing the update action to the database object. Refs. TS-2316
Add a new endpoint for updating team members in the Cyberstorm API. Implement functional tests. Refs. TS-2316
Update the form which is responsible for updating team members in the legacy application to use the service layer functionality. Update the view and tests accordingly to the new changes. Refs. TS-2316
Add endpoint to endpoint tests, update view swagger docs with request body. Add username to get_parameter_values util. Refs. TS-2316
Refs. TS-2282
Refs. TS-2282
Refs. TS-2282
…dependencies-endpoint-db-query Optimize dependencies list queryset query (TS-2672)
…eam-member Implement update team member endpoint (TS-2316)
Implement test for checking the return types of the plugin_registry. Refs. TS-2282
…e-source-data Add endpoint for fetching package source (TS-2282)
Remove raising ValidationError in Team.create if namespace exists. This check is performed in Team.validation() and does not have to be checked in Team.create(). Do this change in order to have consistent error messaging when using the Team.create function. Refs. TS-2426
Update disband_team service and create_team service. Utilize Team.create() in create_team service and remove redundant validation errors. Use objects as parameters in the services instead of trying to fetch and raise 404 errors in services. Refs. TS-2426
Update the create team and disband team views since the parameter names changed of the services. Refs. TS-2426
Use the create_team and disband_team services in the forms and views responsible for disband teams and creating teams. Update tests accordingly. Update the form for creating teams to clean the name manually in order to keep the error messaging consistent, otherwise tests will fail since because it is a ModelForm which throws a different formatted error by default. Refs. TS-2426
Some actions raise PermissionValidationError instead of ValidationError. Although PermissionValidationError inherits from ValidationError, tests that specifically expect these errors should use PermissionValidationError to ensure accurate validation. Refs. TS-2426
Refactor team disband and create views(TS-2426)
Contributor
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## review-base #1199 +/- ##
===============================================
+ Coverage 92.23% 92.81% +0.57%
===============================================
Files 331 337 +6
Lines 10088 10358 +270
Branches 927 938 +11
===============================================
+ Hits 9305 9614 +309
+ Misses 657 617 -40
- Partials 126 127 +1 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
MythicManiac
commented
Nov 13, 2025
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_service_account_create_error_on_save(user, team): |
Member
Author
There was a problem hiding this comment.
Could be a good idea to explain why the test should fail
|
|
||
|
|
||
| @pytest.mark.django_db | ||
| def test_service_account_delete_error_on_save(service_account): |
Member
Author
There was a problem hiding this comment.
Could be a good idea to explain why the test should fail
Comment on lines
+26
to
+27
| if self.errors: | ||
| raise ValueError("Cannot save form with errors") |
Member
Author
There was a problem hiding this comment.
Is this actually necessary/useful to guard against? Asking because I'd expect Django to have this built in if yes
Comment on lines
+58
to
+59
| if self.errors: | ||
| raise ValueError("Cannot save form with errors") |
Member
Author
There was a problem hiding this comment.
Is this actually necessary/useful to guard against? Asking because I'd expect Django to have this built in if yes
Comment on lines
+72
to
+88
| def get_is_removed(self, obj: PackageVersion) -> bool: | ||
| package_is_removed = not ( | ||
| obj.package.is_active and obj.package_has_active_versions | ||
| ) | ||
| if package_is_removed: | ||
| return True | ||
| return not obj.is_active | ||
|
|
||
| def get_description(self, obj: PackageVersion) -> str: | ||
| return ( | ||
| obj.description | ||
| if obj.is_effectively_active | ||
| else "This package has been removed." | ||
| ) | ||
|
|
||
| def get_icon_url(self, obj: PackageVersion) -> Optional[str]: | ||
| return obj.icon.url if obj.is_effectively_active else None |
Member
Author
There was a problem hiding this comment.
This seems like it could generate lots of queries if this serializer is used in a list context, but I don't know if that's the case (and perhaps we had query count tests already protecting against it?)
Comment on lines
+1
to
+5
| from rest_framework.pagination import PageNumberPagination | ||
|
|
||
|
|
||
| class PackageDependenciesPaginator(PageNumberPagination): | ||
| page_size = 20 |
Member
Author
There was a problem hiding this comment.
Does this really need its own code file, moreover does it need to be called PackageDependenciesPaginatior if it has nothing specific for package dependencies?
I'd add it next to the view itself if it's specific for a single view, and if not, then call it something more generic
| name="cyberstorm.listing", | ||
| ), | ||
| path( | ||
| "listing/<str:community_id>/<str:namespace_id>/<str:package_name>/status/", |
Member
Author
There was a problem hiding this comment.
Since this was a view that varies based on the current user, I think it should be under the current-user URL path
Comment on lines
+207
to
+221
| path( | ||
| "user/delete/", | ||
| DeleteUserAPIView.as_view(), | ||
| name="cyberstorm.user.delete", | ||
| ), | ||
| path( | ||
| "user/linked-account/<str:provider>/disconnect/", | ||
| DisconnectUserLinkedAccountAPIView.as_view(), | ||
| name="cyberstorm.user.linked-account.disconnect", | ||
| ), | ||
| path( | ||
| "team/<str:team_name>/member/<str:team_member>/update/", | ||
| UpdateTeamMemberAPIView.as_view(), | ||
| name="cyberstorm.team.member.update", | ||
| ), |
Member
Author
There was a problem hiding this comment.
These also strike me as something that should be under the current-user API path as that's what we're operating on.
Alternatively we could use some magic value for referring to the current user and parametrize the API, e.g. @me like Discord does.
Comment on lines
+223
to
+252
| def validate_max_queries( | ||
| client: APIClient, | ||
| method: str, | ||
| path: str, | ||
| max_queries: int, | ||
| data: Optional[dict] = None, | ||
| **kwargs, | ||
| ): | ||
| request_func = getattr(client, method.lower()) | ||
|
|
||
| with CaptureQueriesContext(connection) as ctx: | ||
| response = request_func(path, data=data or {}, **kwargs) | ||
|
|
||
| allowed_statuses = [200, 201, 202, 204] | ||
| if response.status_code not in allowed_statuses: | ||
| raise AssertionError( | ||
| f"{method} {path} returned status {response.status_code}, " | ||
| f"expected one of {allowed_statuses}." | ||
| ) | ||
|
|
||
| num_queries = len(ctx.captured_queries) | ||
| if num_queries > max_queries: | ||
| queries_str = "\n".join(q["sql"] for q in ctx.captured_queries) | ||
| raise AssertionError( | ||
| f"{method} {path} executed {num_queries} queries " | ||
| f"(allowed {max_queries}).\n" | ||
| f"Queries:\n{queries_str}" | ||
| ) | ||
|
|
||
| return response |
Member
Author
There was a problem hiding this comment.
Instead of doing the whole getattr(client, method.lower()) logic and making this utility HTTP specific, this could've been implemented as a 2 parameter function, where one parameter is a callable (allowing you to pass in whatever you want to measure) and the other is the query limit.
Member
Author
There was a problem hiding this comment.
submodule changes:
- the
latestparameter should not be supportedif version_number == "latest": return package.latest
- the API response is currently returning all source data in a single response (granted it can be truncated); this is not a good way to design the API and will result in potentially tens of megabytes per API response
- should ideally return links to the raw source files instead, which API clients can fetch separately (and over CDN at that)
large API responses are bad and can choke the service, and currently the API has room to return very large responses
also why do we need datetime_created in the returned API data? it's not the actual creation date of the file, just when it was extracted/processed on the server, which doesn't seem particularly useful for anything?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
this PR is just so I can comment on diffs between the releases