Projects Tech Spec #112
Replies: 3 comments 1 reply
-
|
Great write up!
How will skills be assigned to a project?
Why do we need to double enforce this? Edge case: What happens if two people are owners/organization members of the same repo. Could they add the same project twice? |
Beta Was this translation helpful? Give feedback.
-
|
Looked through the spec and its pretty extensive. I have nothing else to add or comment on so LGTM 👍 |
Beta Was this translation helpful? Give feedback.
-
|
I don't think I saw this, are the projects going to be posted up on the board page indefinitely? (Only being able to be taken down by the original creator? ) Additionally, would it be possible to switch ownership of a project if an owner decides to step down? |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
This is the Discord feature we've always wanted but could never get prioritized. A project board featuring all the projects of 100devs.
Scope
In scope:
Out of scope:
Data Model
New table:
projectsusers.idPlus timestamps
statusenum values:New table:
github_access_tokensusers.idPlus timestamps
User Stories
Implementation Details
A new page is created that facilitates all interactions involving projects:
visibility=publicaffiliation=owner,organization_memberThe page also allows filtering by skill:
Updating and deleting a project is done on the specific project's page itself, if you are also the owner.
When viewing a project, we show:
https://in a link withdiscord://, it'll open in the discord client. ExampleAPIs
POST /api/auth/githubcode: stringthe github oauth code used to generate the access tokenGET /api/projectsskills: string[]the skills to filter projects byClientProject[]GET /api/projects/:idClientProjectPOST /api/projectsname: stringthe project namedescription: stringthe project descriptionrepo_idthe id of the chosen repo (ownership validated on backend)discussion_linklink to discord discussionstatusthe project statusClientProject(the created project)PATCH /api/projects/:idname: string(optional) the project namedescription: string(optional) the project descriptiondiscussion_link(optional) link to discord discussionstatus(optional) the project statusClientProject(the updated project)DELETE /api/projects/:idSecurity/Privacy
We'll be following the Principle of Least Privilege when users authenticate with GitHub through us. Meaning, we ask only for the permissions we need - in this case, just read access to public repositories.
When they authenticate with GitHub OAuth, we will only ask for the following scopes:
read:user(to get the user's github ID)public_repoAccess tokens are configured to last only for 30 minutes, and are encrypted when stored in the database.
Project page / viewing is not gated by authentication.
Testing
GitHub Oauth / GitHub API calls will have to be mocked, as we cannot / should not be making real requests for GitHub data as part of tests.
Otherwise, tests will follow the standard pattern of jest acceptance tests for the backend, and cypress e2e tests on the frontend.
Open Questions
No response
Deployment
No response
Beta Was this translation helpful? Give feedback.
All reactions