Only authenticated users can POST to this. For free apps, anyone can post a review. For paid apps, only a user who has purchased the app can post a review. Fields to accept: * `app` (required - we can infer from the URL) * `user` (required) * `rating` (required) * `body` (required)
Priority: -- → P2
Whiteboard: [fireplace] → [fireplace] p=2
Note that the code for this should be significantly less complicated than the code in mkt/ratings/views.py because there's no need to handle logic for replies or for existing reviews (i.e.: we should have separate endpoints, or at least verbs for adding and editing). If you look at the code: https://github.com/mozilla/zamboni/blob/master/mkt/ratings/views.py#L131 - Everything below line 228 is unnecessary - Everything between lines 178-212 isn't necessary - The `flag` field of the review form isn't a thing anymore. We can safely assume: - If there is an existing review, the client should expect an HTTP error (409 Conflict?) - If the validation of the data fails, the client should expect an HTTP error (400 Bad Request) - Flags are not submitted via this endpoint, so we should just not even introduce the bits of code.
Status update: I have a working patch for this, but want to hash out authentication + authorization details with the API team before committing. Should land early next week.
Status: NEW → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.