pullrequest creation API

Mads Kiilerich mads at kiilerich.com
Wed Mar 11 22:08:18 EDT 2015


On 03/11/2015 09:56 PM, Thomas De Schampheleire wrote:
> Hi,
>
> I would like to create a way to create a pull request
> programmatically, through an API call.

You also asked for feedback on the related 
https://bitbucket.org/conservancy/kallithea/pull-request/47/add-pullrequest-json-page/diff 
. Would that PR solve your problem?

> At first sight, using the api_access=True method to create a callable
> web view is the easiest, since you could take in the request and pass
> it to the existing PullrequestsController:create() method. However,
> this existing create method is decorated with @NotAnonymous, causing
> it to be unavailable for API calls.
>
> The alternative is to create an API method in controllers/api/api.py,
> but it's unclear to me how to hook this into the
> PullrequestsController.

I think that is because we have too much logic in the controller. I 
think that in some MVC universes, the controller should only deal with 
the view specific code (html page and user interaction). The logic we 
want to expose for general purposes should thus not be view specific but 
should be a part of the model.

> How to proceed here?
> Should I remove the NotAnonymous decorator and pass the requested user
> as argument to the API call?

I am not sure in what way NotAnonymous and LoginRequired really are 
different. For example, it seems weird that NotAnonymous doesn't 
consider the IP filtering. We should perhaps use LoginRequired 
everywhere? Or would this checking have too much overhead? I don't know. 
Try!

> I was also a bit confused on how these API keys are working: it seems
> that whenever you call an API, you are really the default (anonymous)
> user, regardless of the API key you are using.
> For this use case, it would be better to determine the user this API
> key is belonging to.

As far as I can see, BaseController.__call__ in kallithea/lib/base.py 
_will_ determine the user based on the api key.

LoginRequired will consider the presence of an api key as evidence that 
the user was authenticated with that key.

/Mads


More information about the kallithea-general mailing list