show name for saved project on builder page - backend

Create issue
Issue #13 resolved
Dan Bean created an issue

I want to show users the name of the currently open project when they open a saved one. Currently I don't get the project name, but I do get a projectid, which I could use for a query to the project names table. Is there an action to go from projectid to label already? Or is there a better way? It could alternatively be added to the response when I load from the server with action "view" or "viewpublished"

Comments (9)

  1. joshkh

    Dan,

    Try running a POST request on manager.php with the following parameters:

    action=describe
    projectid=[projectid]
    

    That should return the following, which includes the label:

    {
        "editors":[],
        "viewers":[],
        "owner":"someone@example.com",
        "projectid":"40",
        "label":"My First Network",
        "type":"binary",
        "visibility":"0",
        "sharecount":0
    }
    
  2. Dan Bean reporter

    There is a bit of a secruity/ privacy issue with that method though - I just tried and I can find out all the information from "describe" about a project I don't have permissions for.

  3. joshkh

    You're right about the security. That will need to be wrapped in authentication, but it becomes a bit complex because of people's potential read/write/ownership status of a given network.

    It's a high priority, but it may take a day or two before I get a chance to implement it.

  4. joshkh

    Added a new API call to describe published networks. POST to manager.php:

    action=describePublished
    publishedid=[publishedid]
    

    Returns something like:

    {
      "publishid": "1",
      "label": "The First Network",
      "type": "binary",
      "owner": "someone@example.com",
      "publishdate": "2014-03-13 19:57:07",
      "data": "{...}"
    }
    

    This too will need the security padding that you mentioned before, since it exposes the owner's email address.

    ( Pushed to dev: https://bitbucket.org/esyn/esyn-project/commits/960e44eaac7b6a665d26cd2f9c6fb05b820b4dca )

  5. Dan Bean reporter

    What if we just have the action "showlabel" that literally just takes a projectid or publishedid and returns something like:

    {
    "success": true,
    "label": "the interesting label"
    }
    

    Then we could just leave it without authentication (at least for now), and if somebody wants to sit and guess ids until they get to see the project name then let them. And you don't have to worry about changing how describe is used within manager.php.

  6. Log in to comment