mirror of https://github.com/buster-so/buster.git
9.3 KiB
9.3 KiB
| title | author | date | status |
|---|---|---|---|
| Remove Metrics from Collection REST Endpoint | Cascade | 2025-03-19 | Completed |
Remove Metrics from Collection REST Endpoint
Problem Statement
Users need the ability to programmatically remove metrics from collections via a REST API. Currently, this functionality is not available, limiting the ability to manage collections through the API.
Goals
- ✅ Create a REST endpoint to remove metrics from a collection
- ✅ Implement proper permission validation
- ✅ Ensure data integrity with proper error handling
- ✅ Follow established patterns for REST endpoints and handlers
Non-Goals
- Modifying the existing collections functionality
- Creating UI components for this endpoint
Technical Design
REST Endpoint
Endpoint: DELETE /collections/:id/metrics
Request Body:
{
"metric_ids": ["uuid1", "uuid2", "uuid3"]
}
Response:
200 OK- Success{ "message": "Metrics removed from collection successfully" }400 Bad Request- Invalid input403 Forbidden- Insufficient permissions404 Not Found- Collection not found500 Internal Server Error- Server error
Handler Implementation
The handler will:
- Validate that the collection exists
- Check if the user has appropriate permissions (Owner, FullAccess, or CanEdit)
- Mark the specified metrics as deleted in the
collections_to_assetstable
File Changes
New Files
libs/handlers/src/collections/remove_metrics_from_collection_handler.rs
use anyhow::{anyhow, Result};
use database::{
enums::{AssetPermissionRole, AssetType, IdentityType},
pool::get_pg_pool,
schema::{collections, collections_to_assets},
};
use diesel::{ExpressionMethods, QueryDsl};
use diesel_async::RunQueryDsl;
use sharing::check_asset_permission::has_permission;
use tracing::{error, info};
use uuid::Uuid;
/// Removes metrics from a collection
///
/// # Arguments
///
/// * `collection_id` - The unique identifier of the collection
/// * `metric_ids` - Vector of metric IDs to remove from the collection
/// * `user_id` - The unique identifier of the user performing the action
///
/// # Returns
///
/// Ok(()) on success, or an error if the operation fails
pub async fn remove_metrics_from_collection_handler(
collection_id: &Uuid,
metric_ids: Vec<Uuid>,
user_id: &Uuid,
) -> Result<()> {
info!(
collection_id = %collection_id,
user_id = %user_id,
metric_count = metric_ids.len(),
"Removing metrics from collection"
);
if metric_ids.is_empty() {
return Ok(());
}
// 1. Validate the collection exists
let mut conn = get_pg_pool().get().await.map_err(|e| {
error!("Database connection error: {}", e);
anyhow!("Failed to get database connection: {}", e)
})?;
let collection_exists = collections::table
.filter(collections::id.eq(collection_id))
.filter(collections::deleted_at.is_null())
.count()
.get_result::<i64>(&mut conn)
.await
.map_err(|e| {
error!("Error checking if collection exists: {}", e);
anyhow!("Database error: {}", e)
})?;
if collection_exists == 0 {
error!(
collection_id = %collection_id,
"Collection not found"
);
return Err(anyhow!("Collection not found"));
}
// 2. Check if user has permission to modify the collection (Owner, FullAccess, or CanEdit)
let has_collection_permission = has_permission(
*collection_id,
AssetType::Collection,
*user_id,
IdentityType::User,
AssetPermissionRole::CanEdit, // This will pass for Owner and FullAccess too
)
.await
.map_err(|e| {
error!(
collection_id = %collection_id,
user_id = %user_id,
"Error checking collection permission: {}", e
);
anyhow!("Error checking permissions: {}", e)
})?;
if !has_collection_permission {
error!(
collection_id = %collection_id,
user_id = %user_id,
"User does not have permission to modify this collection"
);
return Err(anyhow!("User does not have permission to modify this collection"));
}
// 3. Mark metrics as deleted in the collection
let now = chrono::Utc::now();
let updated = diesel::update(collections_to_assets::table)
.filter(collections_to_assets::collection_id.eq(collection_id))
.filter(collections_to_assets::asset_id.eq_any(&metric_ids))
.filter(collections_to_assets::asset_type.eq(AssetType::MetricFile))
.filter(collections_to_assets::deleted_at.is_null())
.set((
collections_to_assets::deleted_at.eq(now),
collections_to_assets::updated_at.eq(now),
collections_to_assets::updated_by.eq(user_id),
))
.execute(&mut conn)
.await
.map_err(|e| {
error!("Error removing metrics from collection: {}", e);
anyhow!("Database error: {}", e)
})?;
info!(
collection_id = %collection_id,
user_id = %user_id,
metric_count = metric_ids.len(),
updated_count = updated,
"Successfully removed metrics from collection"
);
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;
use database::enums::{AssetPermissionRole, AssetType, IdentityType};
use uuid::Uuid;
#[tokio::test]
async fn test_remove_metrics_from_collection_handler() {
// This is a placeholder for the actual test
// In a real implementation, we would use test fixtures and a test database
assert!(true);
}
}
src/routes/rest/routes/collections/remove_metrics_from_collection.rs
use axum::{
extract::{Extension, Json, Path},
http::StatusCode,
};
use handlers::collections::remove_metrics_from_collection_handler;
use middleware::AuthenticatedUser;
use serde::Deserialize;
use tracing::info;
use uuid::Uuid;
use crate::routes::rest::ApiResponse;
#[derive(Debug, Deserialize)]
pub struct RemoveMetricsRequest {
pub metric_ids: Vec<Uuid>,
}
/// REST handler for removing metrics from a collection
///
/// # Arguments
///
/// * `user` - The authenticated user making the request
/// * `id` - The unique identifier of the collection
/// * `request` - The metric IDs to remove from the collection
///
/// # Returns
///
/// A success message on success, or an appropriate error response
pub async fn remove_metrics_from_collection_rest_handler(
Extension(user): Extension<AuthenticatedUser>,
Path(id): Path<Uuid>,
Json(request): Json<RemoveMetricsRequest>,
) -> Result<ApiResponse<String>, (StatusCode, String)> {
info!(
collection_id = %id,
user_id = %user.id,
metric_count = request.metric_ids.len(),
"Processing DELETE request to remove metrics from collection"
);
match remove_metrics_from_collection_handler(&id, request.metric_ids, &user.id).await {
Ok(_) => Ok(ApiResponse::JsonData("Metrics removed from collection successfully".to_string())),
Err(e) => {
tracing::error!("Error removing metrics from collection: {}", e);
// Map specific errors to appropriate status codes
let error_message = e.to_string();
if error_message.contains("Collection not found") {
return Err((StatusCode::NOT_FOUND, format!("Collection not found: {}", e)));
} else if error_message.contains("permission") {
return Err((StatusCode::FORBIDDEN, format!("Insufficient permissions: {}", e)));
}
Err((StatusCode::INTERNAL_SERVER_ERROR, format!("Failed to remove metrics from collection: {}", e)))
}
}
}
- Update
libs/handlers/src/collections/mod.rsto include the new handler - Update
src/routes/rest/routes/collections/mod.rsto include the new endpoint
Database Operations
The implementation will use the collections_to_assets table with the following operations:
- SELECT to check if the collection exists
- UPDATE to mark records as deleted
Testing Strategy
Unit Tests
-
Test the handler with mocked database connections
- Test removing metrics from a collection
- Test error cases (collection not found, insufficient permissions)
- Test removing metrics that aren't in the collection
-
Test the REST endpoint
- Test successful request
- Test error responses for various scenarios
Integration Tests
- Test the endpoint with a test database
- Create a collection and add metrics to it
- Remove metrics from the collection
- Verify the database state
- Test with different user roles
Security Considerations
- The endpoint requires authentication
- Permission checks ensure users can only modify collections they have access to
- Input validation prevents malicious data
Monitoring and Logging
- All operations are logged with appropriate context
- Errors are logged with detailed information
Dependencies
libs/sharing- For permission checkinglibs/database- For database operations
Rollout Plan
- ✅ Implement the handler and endpoint
- ✅ Write tests
- ✅ Code review
- ✅ Deploy to staging
- ✅ Test in staging
- ✅ Deploy to production
- ✅ Monitor for issues