studio
studio copied to clipboard
learningequality
Private redirecting link for support from a Studio Admin
🙂 Looking for an issue? Welcome! This issue is open for contribution. If this is the first time you’re requesting an issue, please:
- Read Contributing guidelines carefully. Pay extra attention to Using generative AI. Pull requests and comments that don’t follow the guidelines won’t be answered.
- Confirm that you’ve read the guidelines in your comment.
Desired behavior
Within the channel edit view, under the top right dropdown menu:
We can navigate into "Share channel".
Within this page:
A new section should be added above "Invite collaborators".
This will display either the link for the support link in the same style (disabled text box and copy button) as the channel token sharing:
Or, if no link yet exists, a button to generate a link.
This link will include a specially generated token that is not otherwise displayed to the user, and does not allow for channel import, and the link will only properly redirect for Studio administrators.
Technical implementation
A new support_token ForeignKey field should be added to the ChannelModel. This should be nullable and have no default. It should foreign key to the same SecretToken model that is used for this field: https://github.com/learningequality/studio/blob/unstable/contentcuration/contentcuration/models.py#L798 but as it is distinct, it will not be able to be used for channel import look ups.
To support the redirect, a new view should be created that has permissions restricted to admin only, and then looks up the token in the URL. It should then redirect to the channel edit page for the channel associated with the support token. If the token does not exist, or the token is a valid token but not a support token, then it should return a 404.
To support the frontend functionality, a new detail endpoint on the main channel viewset should be created for fetching the support token. Additionally, the endpoint should support creation of a token, but only if a token does not already exist. Attempts to create a token when one already exists should return a 409 error code.
In the frontend, loading the token and creating the token can happen using direct interaction with the API endpoints, and do not need to happen via the indexedDB layer/sync endpoint.
Hey @rtibbles @MisRob @AlexVelezLl , can you assign this issue to me please?
Hey @rtibbles,
Here's an update on the progress of this task.
- Added support token to the channel model
However you mentioned to make it a foreign key and make it foreign key to SecretModel , This gave me a warning since Foreign Key with
unique = trueis the same as OnetoOneFIeld, Therefore I decided to switch to OnetoOneField. - Added
support_token_redirectin the admin view, since its an admin only endpoint - Added
get_support_tokenandcreate_support_tokento the channel viewset
Currently im trying to test the endpoints I have defined, However i'm not sure how to setup the authentication in postman. Would you have an idea on how I could go about this? I tried basic auth with the following credentials [email protected] and a but it didn't seem to work.
I have raised a draft PR, it would be great if you could have a look at it and let me know if i'm going in the right direction.
Hi @adibmbrk, I believe you connected with Richard already on Slack about this, right?
Hi @rtibbles! Thanks for having a look at my draft PR. Just a quick update on this task:
- The GET and POST request to read and create a token works as expected. I have verified it with unit tests which i've also added to the draft PR.
- I have also implemented the logic along with the suggested changes for the
support_token_redirect, However I faced an error when writing tests for itAssertionError: 403 != 302. Although I've defined the user asself.user.is_admin = Truewhen setting up the test case, I still get a 403 forbidden error. Im actively trying to solve this error at the moment. Any insight on what might be causing the error would be super helpful.
FAILED contentcuration/contentcuration/tests/views/test_admin.py::SupportTokenRedirectTestCase::test_valid_token_redirects_to_channel - AssertionError: 403 != 302
Hrm, I'm not seeing anything obvious why this would be a problem. One thing you do need to do is to create a Django migration for the model change though:
python contentcuration/manage.py makemigrations
and commit the resulting file.
Clearly that's not a problem in your local testing though, so I don't think that's the root of the issue. But doing this would let me see the test run on the PR and look at the code locally potentially.
The test run is now available on the PR @rtibbles, and the issue seems to be reproducible on the PR builder as well. I'll try a couple of different approaches as well to see if I could solve this issue.
Oh - one thought, I don't think you've logged the client in as your test user!
Can use this method of the client force_authenticate to authenticate as your user before making the request.
See how we do that in our test base class: https://github.com/learningequality/studio/blob/unstable/contentcuration/contentcuration/tests/base.py#L40
Hey @rtibbles, I traced the issue to the @is_admin decorator. After switching to @permission_classes, everything seems to be working fine, and the unit tests are passing as well. Thanks for pointing me to class StudioTestCase(TestCase) it helped in writing the unit tests.
Since the backend is done now, I will progress onto implementing the frontend.
@adibmbrk Can I work on you with this? I am new to open Source contribution and I am not able to independently work on issues
Great, thanks @adibmbrk - glad that helped unblock. What was the issue with the @is_admin decorator (I am interested because if that's not working it might be affecting other things too!)
@devv2632 I think @adibmbrk has got this covered, thanks for your interest. You're welcome to find an unassigned 'help wanted' issue instead. There aren't many available issues right now so it's best to wait and keep an eye on the list. We label new ones on a weekly basis. I'd also invite you to have a look at the contributing guidelines (CONTRIBUTING.md) if you haven't seen them yet. Thank you.
@rtibbles, it seems that the @is_admin decorator is incorrectly denying access to an authenticated admin user, resulting in unexpected 403 Forbidden errors. Despite verifying that the user has admin privileges (by printing the user object inside the support_token_redirect method), the decorator still blocks access.
This issue is causing test failures in test_admin.py
test_invalid_token_format: Expected400but received403test_token_not_found: Expected404but received403test_valid_token_redirects_to_channel: Expected302but received403
This means that the @is_admin decorator is not correctly identifying or allowing admin users. We need to investigate further to identify what actually causes this issue. For now the permission classes seems to do the job and the tests are passing as well.
Hey everyone,
Here's an update on the frontend progress for this task. Right now, it’s implemented with hardcoded values.
https://github.com/user-attachments/assets/9c89ba86-43c5-4287-8d24-ff02c8dc2887
Let me know if this UI/UX aligns with the expected requirements or if you have any suggestions.
CC: @rtibbles @MisRob @AlexVelezLl
Yes, this looks broadly correct! I think I'd like to have it take up a little less space overall - so let's display the title and description on the left, and the button/text box on the right, but on the same line.
Similar to how the title is inline for the channel token elsewhere:
As a small edit, it should be "Channel support token" not "Channel Support Token" to follow our writing guidance https://design-system.learningequality.org/writing#punctuation - we prefer to use sentence case capitalization rather than title case.