lbhackney-it / account-api Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
Get All (Accounts)
endpoint's Gateway does not make use of provided Account Type
parameter when filtering entities (see bellow), ...account-api/AccountsApi/V1/Gateways/AccountApiGateway.cs
Lines 38 to 49 in 069bfa1
account-api/AccountsApi/V1/Controllers/AccountApiController.cs
Lines 78 to 92 in 069bfa1
public async Task<List<Account>> GetAllAsync(Guid targetId, AccountType accountType)
{
if (targetId == null)
throw new ArgumentException("Invalid targetId");
var data = _accountDbContext
.AccountEntities
.Where(p => p.TargetId == targetId);
// something like:
if (accountType != null)
data = data.Where(a => a.AccountType == accountType);
return await data.Select(p => p.ToDomain())
.ToListAsync()
.ConfigureAwait(false);
}
Option 1: The name of the endpoint is "GetAll"
and it is accessed via \accounts
url. Additionally, it's parameters are being provided via the Query String
(rather than via Route
) and are not validated for being Required
(nor are described in the XML description as required).
All these facts together imply that the endpoint was designed with the thought of Getting All Accounts
by default, with the optional parameters of targetId
(tenureId) and the accountType
for filtering purposes should it be needed.
account-api/AccountsApi/V1/Controllers/AccountApiController.cs
Lines 81 to 94 in 069bfa1
If that is the case, the problem is that When a user of the API does not provide the 'targetId', they will get NO Results, meanwhile they should be expected to get ALL existing accounts
. This is because the filtering condition in the endpoint's Gateway will look for all accounts with targetId == Guid.Empty
(see Line 45):
account-api/AccountsApi/V1/Gateways/AccountApiGateway.cs
Lines 38 to 45 in 069bfa1
Option 2: The intent of the endpoint is: to retrieve ALL accounts WITH specific 'targetId'
, which would mean that the following are wrong:
Required
validation on the parameters (it most likely does not make much sense for the user to search for accounts based on "Guid.Empty" targetId, so required param validation might be useful. If it turns out that it does make sense to do such search, then it should be mentioned under the parameter's XML documentation that 'when targetId value is not provided, the endpoint retrieves all accounts with no targetId under them.'
)Option 1
, then it means that we have a bug preventing a user from retrieving ALL Accounts
with no filtering. The fix in this case would be similar to that of mentioned in the previous issue relating to unused "Account Type" (See: #88 ).Option 2
, then it means that at the bare minimum, the XML documentation needs to be changed & Required parameter
validation needs to be added. Of course, a full fix of fixing the bullet list items above would break the V1
contract, so going into the future, the V2
version of this endpoint should be created to address these problems.A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.