905390 - restrict api to specific products

Status: RESOLVED FIXED

(Input Graveyard :: Submission, defect)

Description

[Will Kahn-Greene [:willkg] ET needinfo? me]

We should restrict the api to specific products and channels. This does two things:

1. prevents (ab)use of the api for nefarious purposes. e.g. FirefoxSUX as a product
2. normalizes the data so we don't end up with "firefox", "Firefox", "FIREfox", "FIREFOX"


I don't want to do a ForeignKey from Response to Product tables. I'd rather have a Product table that lists the appropriate product name and list of appropriate channels and have the API do a check against that table explicitly to validate the data.

Anyhow, this is probably a good idea to do sooner rather than later.

Comment 1

[Will Kahn-Greene [:willkg] ET needinfo? me]

Should probably figure this out in 2013q3.

Comment 2

[Will Kahn-Greene [:willkg] ET needinfo? me]

The current set of products in the table.

MariaDB [fjord]> select distinct product from feedback_response;
+---------------------+
| product             |
+---------------------+
| Firefox             |
| Firefox for Android |
| Firefox OS          |
|                     |
+---------------------+
4 rows in set (0.37 sec)

MariaDB [fjord]> 


I'll tweak the API code to restrict to those three.

Comment 3

[Will Kahn-Greene [:willkg] ET needinfo? me]

PR: https://github.com/mozilla/fjord/pull/138

I thought about restricting channels, but I'm less sure I know what the actual list of channels is plus no one is including channel information, yet. So I only restricted products. Tweaking the title accordingly.

Comment 4

[Will Kahn-Greene [:willkg] ET needinfo? me]

Landed in master in https://github.com/mozilla/fjord/commit/96afa74

We don't push on Fridays, so I'll wait to push this to prod on Monday.

Comment 5

[Will Kahn-Greene [:willkg] ET needinfo? me]

LANDED AND PUSHED!