Feat | Add OpenAPI documentation for OAuth2GroupApiController#109
Feat | Add OpenAPI documentation for OAuth2GroupApiController#109matiasperrone-exo wants to merge 2 commits intomainfrom
Conversation
matiasperrone-exo
added
the
documentation
matiasperrone-exo
force-pushed
the
feat/openapi----api-v1---oauth2groupapicontroller
branch
2 times, most recently
from
25a4f67 to
853feef
Compare
smarcet
force-pushed
the
main
branch
2 times, most recently
from
ae79f5e to
4b5b726
Compare
matiasperrone-exo
force-pushed
the
feat/openapi----api-v1---oauth2groupapicontroller
branch
4 times, most recently
from
28dad35 to
04d4dab
Compare
martinquiroga-exo
left a comment
martinquiroga-exo
left a comment
There was a problem hiding this comment.
LGTM
@matiasperrone-exo please add the clickup card link to this PR.
matiasperrone-exo
force-pushed
the
feat/openapi----api-v1---oauth2groupapicontroller
branch
2 times, most recently
from
d4856c2 to
16a5eb6
Compare
caseylocker
left a comment
caseylocker
left a comment
There was a problem hiding this comment.
- Move #[OA\Get] from the class to getAllSerializerType() — Follow the pattern in OAuth2UserApiController where the annotation sits on getAllSerializerType(), not on the class declaration.
- Use the existing user_oauth2 security scheme instead of creating OAuth2GroupsSecurity — user_oauth2 already covers Groups. Add IGroupScopes::ReadAll and IGroupScopes::Write to the scopes in
app/Swagger/Security/UsersOAuth2Schema.php and reference user_oauth2 in the endpoint annotation. Remove OAuth2GroupApiControllerSecuritySchema.php. - Document the lack of route middleware — GET /api/v1/groups has no middleware in routes/api.php. The description field should note this (e.g., "No route-level middleware enforcement; requires valid OAuth2 bearer
token only.").
|
Bullets 1 and 3 were incorporated:
I have some questions regarding your comment (2nd bullet):
This PR does not have UsersOAuth2Schema present, if I disregard that issue, are you sure you want to use the scopes from Users into Groups? Taking into account that one comes from App\libs\OAuth2\IUserScopes and the this one (OAuth2GroupsSecurity) from App\libs\OAuth2\IGroupScopes. If you are sure I will make the change. |
That's a valid callout. Keep #2 as is. |
matiasperrone-exo
force-pushed
the
feat/openapi----api-v1---oauth2groupapicontroller
branch
from
5c100aa to
4693c58
Compare
📝 WalkthroughWalkthroughThis pull request adds OpenAPI documentation annotations to the OAuth2 Groups API endpoint, including new schema definitions for paginated group responses and security configurations. No changes to existing API logic or method signatures. Changes
Poem
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches
🧪 Generate unit tests (beta)
📝 Coding Plan
Comment |
|
Rebased |
|
📘 OpenAPI / Swagger preview ➡️ https://OpenStackweb.github.io/openstackid/openapi/pr-109/ This page is automatically updated on each push to this PR. |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
🧹 Nitpick comments (1)
app/Http/Controllers/Api/OAuth2/OAuth2GroupApiController.php (1)
49-51: Consider documenting the HEAD endpoint.The PR objectives mention both GET and HEAD endpoints are mapped to
getAll. While HEAD behavior typically mirrors GET (returning only headers), you may want to add anOA\Headannotation for completeness if the API explicitly supports HEAD requests.📝 Optional: Add HEAD annotation
#[OA\Head( path: '/api/v1/groups', operationId: 'headGroups', summary: 'Check groups endpoint', description: 'Returns headers only for the groups endpoint.', security: [['OAuth2GroupsSecurity' => [IGroupScopes::ReadAll]]], tags: ['Groups'], responses: [ new OA\Response(response: Response::HTTP_OK, description: 'Endpoint available'), new OA\Response(response: Response::HTTP_UNAUTHORIZED, description: 'Unauthorized'), ] )]🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@app/Http/Controllers/Api/OAuth2/OAuth2GroupApiController.php` around lines 49 - 51, Add an OA\Head annotation for the '/api/v1/groups' endpoint to document the HEAD method (mapped to the existing controller method getAll) so tooling shows HEAD support; include operationId 'headGroups', a brief summary/description, the same security entry as GET (IGroupScopes::ReadAll), the 'Groups' tag, and minimal responses (HTTP_OK and HTTP_UNAUTHORIZED) to mirror GET's contract.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@app/Http/Controllers/Api/OAuth2/OAuth2GroupApiController.php`:
- Around line 49-51: Add an OA\Head annotation for the '/api/v1/groups' endpoint
to document the HEAD method (mapped to the existing controller method getAll) so
tooling shows HEAD support; include operationId 'headGroups', a brief
summary/description, the same security entry as GET (IGroupScopes::ReadAll), the
'Groups' tag, and minimal responses (HTTP_OK and HTTP_UNAUTHORIZED) to mirror
GET's contract.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 4a104c78-dbf9-4f6d-850f-51c87c875d37
📒 Files selected for processing (4)
app/Http/Controllers/Api/OAuth2/OAuth2GroupApiController.phpapp/Swagger/Models/GroupSchema.phpapp/Swagger/OAuth2GroupApiControllerSchemas.phpapp/Swagger/Security/OAuth2GroupApiControllerSecuritySchema.php
3 participants
Task:
Ref: https://app.clickup.com/t/86b8e6jrj
Endpoints:
Summary by CodeRabbit