[TM-2096] Delete polygon function #335
Conversation
| @ExceptionResponse(UnauthorizedException, { description: "Authentication failed." }) | ||
| @ExceptionResponse(NotFoundException, { description: "Site polygon not found." }) | ||
| async deleteOne(@Param("uuid") uuid: string) { | ||
| await this.policyService.authorize("deleteAll", SitePolygon); |
There was a problem hiding this comment.
It's weird for this delete one function to require deleteAll permissions. Is there no way at the policy level to narrow this down so that some folks can delete specific polygons without needing to be able to delete all of them? How will this endpoint be used?
Also, I'm surprised to see no updates to the site polygon policy. Is this deleteAll permission already defined from some other feature?
There was a problem hiding this comment.
I've updated the implementation to use instance-based authorization instead of "deleteAll". The endpoint deletes all versions of a polygon (via primaryUuid) plus associated data, in the Polygon Review tab we have the option to delete a polygon, so we are planning to use this endpoint there.
|
|
||
| const sitePolygonIds = relatedSitePolygons.map(sp => sp.id); | ||
| const polygonUuids = relatedSitePolygons.map(sp => sp.polygonUuid).filter((uuid): uuid is string => uuid != null); | ||
| const pointUuids = relatedSitePolygons.map(sp => sp.pointUuid).filter((uuid): uuid is string => uuid != null); |
There was a problem hiding this comment.
Why is uuid is string needed here?
There was a problem hiding this comment.
I used this cause sp.polygonUuid and sp.pointUuid are typed as string but we have the decorator @AllowNull (we have records with point_id as null in site_polygon table) and this predicate tells if a uuid is definitely a string preventing errors when passed to Sequelize queries.
2 participants
https://gfw.atlassian.net/browse/TM-2096