848494 - Create an API endpoint for submitting a rating

Status: RESOLVED FIXED

(Marketplace Graveyard :: API, defect, P1)

Description

[Christopher Van Wiemeersch [:cvan]]

Only authenticated users can POST to this.

For free apps, anyone can post a review. For paid apps, only a user who has purchased the app can post a review.

Fields to accept:
* `app` (required - we can infer from the URL)
* `user` (required)
* `rating` (required)
* `body` (required)

Comment 1

[Matt Basta [:basta]]

Note that the code for this should be significantly less complicated than the code in mkt/ratings/views.py because there's no need to handle logic for replies or for existing reviews (i.e.: we should have separate endpoints, or at least verbs for adding and editing).

If you look at the code:

https://github.com/mozilla/zamboni/blob/master/mkt/ratings/views.py#L131

- Everything below line 228 is unnecessary
- Everything between lines 178-212 isn't necessary
- The `flag` field of the review form isn't a thing anymore.

We can safely assume:

- If there is an existing review, the client should expect an HTTP error (409 Conflict?)
- If the validation of the data fails, the client should expect an HTTP error (400 Bad Request)
- Flags are not submitted via this endpoint, so we should just not even introduce the bits of code.

Comment 2

[Chuck Harmston [:chuck]]

Status update: I have a working patch for this, but want to hash out authentication + authorization details with the API team before committing. Should land early next week.

Comment 3

[Chuck Harmston [:chuck]]

Landed: https://github.com/mozilla/zamboni/commit/aa96f1740bab9bd8dd6955b1517eb9c2ad1728f4