Time
S
Nick
Message
11:45 juancorr joined #dataverse
12:22 donsizemore joined #dataverse
12:29 sivoais_ joined #dataverse
14:54 Youssef_Ouahalou joined #dataverse
15:05 pdurbin joined #dataverse
15:05 pdurbin
Youssef_Ouahalou: welcome back!
15:06 Youssef_Ouahalou
Hello hahah how are you ?
15:07 pdurbin
Fine but it's cold here. "Feels like" -19 C.
15:12 Youssef_Ouahalou
brrr I'm cold in your place, here it's a little "hotter" it's -2 ° c
15:15 pdurbin
poikilotherm2: thanks for linking to your CC-BY patch. I had forgotten about it.
15:19 poikilotherm2
pdurbin: it's ~ -5°C here
15:19 poikilotherm2
pdurbin: CC-BY: sure.
15:19 poikilotherm2
Maybe there will be a future solution to all of this. At least there might be a project ahead XD
15:20 pdurbin
Yeah, I'm just not sure where license stuff is in terms of priority.
15:25 poikilotherm2
It's super important when speaking about depositing software
15:25 poikilotherm2
One simply cannot use CC0 for software :-D
15:28 pdurbin
Right. What do you use? Various open source licenses?
15:39 pdurbin
poikilotherm2: I just asked this in Slack but maybe you know:
15:39 pdurbin
When I throw an IllegalCommandException from a command it results in a 403 (FORBIDDEN). When I throw a CommandException it results in a 500 (INTERNAL_SERVER_ERROR). Does anyone know where the mapping of these exceptions to HTTP error codes happens?
15:39 poikilotherm2
Where do you throw it?
15:40 pdurbin
AssignRoleCommand
15:40 pdurbin
I'm throwing an exception if the user is disabled.
15:40 poikilotherm2
Coming from API or UI?
15:41 pdurbin
API
15:41 pdurbin
By the way, I hope whatever I'm doing in this branch won't break OIDC.
15:43 poikilotherm2
http://github.com/poikilotherm/dataverse/blob/c1206607ef694e1fee24367df1304c19d1aa212e/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java#L554-L555
15:43 poikilotherm2
There you go
15:45 pdurbin
Huh. Sure enough. Weird! Thanks!
15:47 pdurbin
I guess I was expecting 400 (BAD_REQUEST) but I guess I'll go with 403 (FORBIDDEN). Better than 500!
15:54 poikilotherm2
IllegalCommandExecution - does this mean someone has not the right permissions to do sth, is the command not allowed in some context or sth else?
15:57 poikilotherm2
All this API stuff is a bit weird
15:57 pdurbin
"Thrown when a command does not make sense - e.g moving a Dataverse to one of its children."
15:57 poikilotherm2
We are reusing HTTP error codes for an API
15:57 pdurbin
Yeah, it is a bit weird. Works well enough though, I guess. :)
15:58 poikilotherm2
We might be better of by sending proper error numbers within JSON and send HTTP code 400
15:58 pdurbin
Developers have a suprisingly high tolerance for weird APIs.
15:58 poikilotherm2
Plus documenting the error codes, of course
15:58 poikilotherm2
Some day we might go for API v2 and design things a bit more from the ground up
15:58 pdurbin
It's better than no API , which is what DVN 3 had. :)
16:02 pdurbin
And yes, let's dream of a v2. Maybe we should even scribble down some thoughts as they hit us. I always find it's hard to remember these discussions months or years later. :)
16:02 pdurbin
poikilotherm2: did you see my question about OIDC? How can I test my disable user branch with it?
16:03 poikilotherm2
pdurbin: +1 for scribbling down.
16:03 poikilotherm2
Maybe some pad or google doc
16:03 poikilotherm2
pdurbin: OIDC testing has no automated integration test
16:04 poikilotherm2
For now the only way to test this is adding some OIDC provider and try
16:04 pdurbin
ok
16:04 pdurbin
Do you like the concept of being able to disable a user?
16:04 pdurbin
Does it fit well into your OIDC world?
16:05 pdurbin
My thought is: If you disable a user in Dataverse but the user still has an OIDC account, that user will go through the auth process but then get a message in Dataverse that says "Sorry, your Dataverse account has been disabled."
16:06 pdurbin
donsizemore: same with Shib, of course
16:06 pdurbin
and OAuth
16:06 poikilotherm2
It makes sense to have a moderation option.
16:06 poikilotherm2
Sometimes people simple don't behave
16:06 poikilotherm2
s/e/y/
16:07 poikilotherm2
So disabling them inside Dataverse makes sense
16:07 pdurbin
Ok. It's pretty permanent. All roles, group membership, etc. lost.
16:07 poikilotherm2
(You cannot request people to deactivate an account at some org, Github etc just because they are morons in your Dataverse installation)
16:07 poikilotherm2
Oh
16:08 poikilotherm2
I'm not sure I'd do that the very moment a user is disabled
16:08 poikilotherm2
It might have been a mistake by an admin
16:08 pdurbin
Well, that's what the spec says: https://github.com/IQSS/dataverse/pull/7585/files
16:08 poikilotherm2
Or sometimes people need to receive a "Schuss vor den Bug"
16:09 pdurbin
see "Disabling a user with this endpoint will:"
16:09 poikilotherm2
"shot across the bows"
16:09 poikilotherm2
I'm not sure this idiom works in English
16:09 pdurbin
it definitely does :)
16:10 pdurbin
"I said across her nose, not up it!" -- Spaceballs
16:10 pdurbin
Anyway, please look at that pull request. That's what I'm trying to implement.
16:11 poikilotherm2
Should I leave a comment for further discussion there?
16:13 pdurbin
Sure, go for it. Maybe we need (in the future) another concept. A timeout (like for toddlers) or a pause or something. For disable we're trying to address "I don't want an account in your system anymore."
16:13 pdurbin
Disable is for when delete can't be done.
16:13 pdurbin
(because the user has too much history in the system)
16:16 poikilotherm2
Done
16:17 pdurbin
thanks
21:06 pdurbin
I better head out before anything breaks. Have a good weekend, all!
21:06 pdurbin left #dataverse
