views: FAIR signposting level 1 support (HTTP Link headers)

[ptamarit]

❤️ Thank you for your contribution!

Description

• Fixes FAIR signposting level 1 support (HTTP Link headers & link rel item) #2937
• Depends on views: FAIR signposting level 1 support & remove linkset link to itself invenio-rdm-records#1908
• See description in linked ticket

Checklist

Ticks in all boxes and 🟢 on all GitHub actions status checks are required to merge:

• I'm aware of the code of conduct.
• I've created logical separate commits and followed the commit message format.
• I've added relevant test cases.
• I've added relevant documentation.
• I've marked translation strings.
• I've identified the copyright holder(s) and updated copyright headers for touched files (>15 lines contributions).
• I've NOT included third-party code (copy/pasted source code or new dependencies).
  • If you have added third-party code (copy/pasted or new dependencies), please reach out to an architect.

Frontend

• I've followed the CSS/JS and React guidelines.
• I've followed the web accessibility guidelines.
• I've followed the user interface guidelines.

Reminder

By using GitHub, you have already agreed to the GitHub’s Terms of Service including that:

1. You license your contribution under the same terms as the current repository’s license.
2. You agree that you have the right to license your contribution under the current repository’s license.

[ptamarit]

Lars suggested that we might choose to not include authors at all since the list might be long and the full list can be found in the linkset.

[slint]

Maybe we could apply some sensible limit? E.g. if less than 50 authors, include, otherwise don't include at all and basically have people rely on the explicit authors linkset?

[ptamarit]

• [ ] Include authors if up to 50, otherwise do not include.

[ptamarit]

I'm now relying on invenio_rdm_records/resources/serializers/signposting/schema.py's serialize_author which serializes all the authors.

[ptamarit]

Should we support other schemes like ROR, etc?

[slint]

It might be that the safer option would be to use something like idutils.to_url(identifier, scheme) which will consistently produce a link.

[ptamarit]

• [ ] Use idutils.to_url for authors.

[ptamarit]

I'm now relying on invenio_rdm_records/resources/serializers/signposting/schema.py's serialize_author which picks the first linkable ID.

[ptamarit]

The FAIR Signposting docs recommends to use SPDX license identifier (e.g. https://spdx.org/licenses/CC0-1.0).
However, in Zenodo we store URLs like https://creativecommons.org/publicdomain/zero/1.0/legalcode and not spdx.org URLs.

[slint]

If props["scheme"] == "spdx" I think we can safely generate the URL like https://spdx.org/licenses/{right["id"]}. We might have licenses (or even non-SPDX licenses), in which case just using url like here would be ok.

[ptamarit]

Unfortunately our IDs are lower-cased (e.g. antlr-pd-fallback) while the SPDX URLs are are mixed-cased and case-sensitive (e.g. https://spdx.org/licenses/ANTLR-PD-fallback.html).

[slint]

Ouch, I tried in the browser and copy-pasting URLs for some reason kept the original case... Ok, this is a bummer, I think we'll have to add the original spdx ID with the exact case as a props.spdx_id field or similar...

I think it would be fine to shelve this and just use the url, depends on whether we want to spend more time to re-import SPDX and update the existing license vocabulary (funnily, the dump we have is from more than a year ago).

[ptamarit]

Note: this is required for level 2 support and was already added in a previous pull request.
Here we only include a link of the type "application/linkset+json", but the docs requires to also include a link of type "application/linkset".

[ptamarit]

Not sure if there's a better way to do this lookup.
I followed what's done in invenio_rdm_records/resources/serializers/signposting/schema.py.

[lnielsen]

Perhaps just check that it is cached so we don't query db on every landing page request

[slint]

From what I see these are indeed cached here, which is also mentioned in get_vocabulary_props.

[ptamarit]

This is quite a lot of methods added to decorators.py, should it be moved to a signposting-specific file?

[slint]

👍 Agree, I thought the was already some signposting-related directory.

[ptamarit]

• [ ] Move the code to a signposting-related file or directory.

[ptamarit]

There is now much less code in decorators.py now that I rely on invenio_rdm_records/resources/serializers/signposting/schema.py.

[slint]

LGTM, some minor comments only

[slint]

It might be that the safer option would be to use something like idutils.to_url(identifier, scheme) which will consistently produce a link.

[slint]

Maybe we could apply some sensible limit? E.g. if less than 50 authors, include, otherwise don't include at all and basically have people rely on the explicit authors linkset?

[slint]

If props["scheme"] == "spdx" I think we can safely generate the URL like https://spdx.org/licenses/{right["id"]}. We might have licenses (or even non-SPDX licenses), in which case just using url like here would be ok.

[slint]

question/comment: I think the HEAD implementation for Flask/Invenio is that we just treat it as a GET request and skip the body of the response. In that case, we're not saving anything in terms of computation/performance (if that was the original goal of just testing the HEAD response only).

IMHO, it's ok to keep as is, since none of the logic done for generating the header links is that much more complex or adds that big of an overhead compared to the rest of the GET response.

[ptamarit]

The Link header should be included in both GET and HEAD, as stated in the FAIR Signposting docs says:

In addition to being available via HTTP GET requests, the HTTP header that contains Link is accessible via the HTTP HEAD request, which only returns transaction metadata not a resource representation. As such machine agents can obtain a map for their journey by issuing a HTTP HEAD even against resources that have access restrictions. All the while saving bandwidth and hence energy.

• Modify the tests to assert not only HEAD, but also GET.

[ptamarit]

Note that, unlike the Landing Page which relies on invenio_rdm_records.resources.serializers.signposting, the Content Resources and Metadata Resources are not relying on invenio_rdm_records.resources.serializers.signposting because:

1. ContentResourceSchema and ContentResourceSchema expect the record to be passed via context={"record_dict"} which makes it more difficult to reuse here.
2. The logic is pretty simple to add only the collection, describes and linkset headers, so re-implementing it here is not that bad.

[ptamarit]

The logic for the landing page is implemented in FAIRSignpostingProfileLvl1Serializer in invenio-rdm-records and is already tested there (see inveniosoftware/invenio-rdm-records#1908).
It stills makes sense to at least issue the HTTP call to the endpoint here, to make sure that the decorator is working properly, but maybe the assertion should be less detailed to avoid having to adapt this test every time we modify the other module?