-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal to add a GET method to read account data #1339
Comments
I guess the only question here is whether we want account data to be |
Could also do with a plain |
i hadn't remembered that we currently support PUTing based on type, and so the concept of a state key is already thrown away. So i vote we just go and do this; i think the only reason it doesn't exist today is because people didn't bother to implement the GET endpoint at the point of implementation as there wasn't a use for it at that point. |
@mscbot fcp merge I think this is pretty well good to go. |
@mscbot fcp merge let's try this again |
Team member @turt2live has proposed to merge this. The next step is review by the rest of the tagged teams: No concerns currently listed. Once a majority of reviewers approve (and none object), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up! See this document for info about what commands tagged team members can give me. |
@turt2live it's not entirely clear what is included in this proposal: are we doing plain Also: I'm hesitant to scope-creep this, but since we're in the area, the |
the reason {userId} is in there is to let you set other users' account_data if you have permission. why is it unnecessary & inconsistent? |
why would you have permission to do so? We don't do the same thing for other per-account data, such as pushrules. |
I'd like to, but it's probably not as needed. This would be a good point to get feedback on.
I'd rather keep it and have another proposal for dropping it everywhere else rather than scope creep this one. |
if you are a server admin helping out a user.
perhaps that's an oversight? |
I'd rather we introduce some kind of Client Management sub-API for things like doing something on behalf of other users. And I'd really be happy if it were secured by some capabilities-style system, the current power levels system is not really flexible; meanwhile getting/setting data of other users has sweeping consequences, especially with regards to data privacy. I think we should keep the user id in the URL for the sake of consistency, as @turt2live proposed. Further changes towards either enabling the same for other endpoints or dropping it for the account_data endpoints need a separate discussion. |
where does this end? Endpoints that let you send messages on behalf of other users? Perhaps we ought to have a userId in all of our API endpoints. I'm not that attached to this argument either way, to be honest, but I do feel it's reasonable to at least question it before we further entrench the current position. |
@mscbot seems to be sleeping on the job, so... 🔔 This is now entering its final comment period, as per the review above. 🔔 |
@mscbot is still sleeping... The final comment period, with a disposition to merge, as per the review above, is now complete. (leaving this open to track implementation/state, given this is a grandfathered MSC) |
The final comment period, with a disposition to merge, as per the review above, is now complete. |
Original proposal: #1339 This contains no known differences to what was ultimately decided upon and implemented.
Merged via #1873 |
Stick a `definition-` on the front of the autogenerated anchors for definition blocks. This solves a problem where, for example, https://spec.matrix.org/unstable/application-service-api/#registration could refer to either the "Registration" section or the `Registration` definition therein. (These anchors are relatively recent: they were added in #1191.
The spec provides a PUT method for setting account data, but the only way to read the data back is from the sync queries.
This is very nice if you want to be able to get a stream of data between clients, but in the case of bots that just use the account data to store configuration / state between restarts - or use the HS as a key-value store - then it's more of a nuisance.
Adding GET methods that will directly retrieve the latest data in the given id would be helpful for those use cases;
A
Last-Modified
header could be nice to have, but most definitely not a necessity for the feature.The text was updated successfully, but these errors were encountered: