...
Results of 1/15 discussion:
- defer 'optOut' feature
- DO send submission receipt notification to all users on submission list
- Allow submission permission to be restricted to the Team leader (aka 'captain' or 'admin')
- service to return all registered Teams in which a given user is a member should ALSO be able to filter by whether a user is a Team leader (aka 'captain' or 'admin'). We can further refine this to say the client should pass a user ID and the service should return a list of teams on whose behalf the user may submit, taking into account any restrictions.
- When retrieving a TeamState, a hash of the object should be returned. The client submits the hash with the Submission and the server throws an exception if the hash is out of date. This ensures that the Team State at the time of submission is the same as that which the user saw.
Design Approach
1) A Challenge is a Project with some extra metadata. Implement this as a new object which a Project can 'own', and on which CRUD operations can be done independently from the Project.
...
| URI | Method | Request Parameters | Request Body | Response Body | Authorization | Notes |
|---|---|---|---|---|---|---|
| /challenge | POST | -- | Challenge | Challenge | CREATE permission required in referenced project | |
| /challenge/{id} | GET | -- | -- | Challenge | READ permission required in referenced project | |
| /entity/{projectId}/challenge | GET | -- | -- | Challenge | READ permission required in project | |
| /challenge | GET | participantId | -- | PaginatedList<EntityHeader> | PUBLIC? | returns the projects/challenges for which 'participantId' is registered. |
| /challenge/{id} | PUT | -- | Challenge | -- | UPDATE permission required in referenced project | |
| /challenge/{id} | DELETE | -- | -- | -- | DELETE permission required in referenced project | |
| /challenge/{id}/challengeTeam | POST | -- | ChallengeTeam | ChallengeTeam | Must be a member of the Participant Team and be an admin on the referenced Challenge Team. | |
| /challenge/{id}/challengeTeam/{challTeamId} | GET | -- | -- | ChallengeTeam | Must have READ permission in the Challenge Project. | |
| /challenge/{id}/challengeTeam | GET | limit, offset, userIdsubmitterId | -- | PaginatedList<ChallengeTeam> | Must have READ permission in the Challenge Project. | userId is an optional filter, limiting the results to just those Teams containing for which the given user can submit. 400 status if not in the Participant Team. |
| /challenge/{id}/challengeTeam/{challTeamId} | PUT | -- | ChallengeTeam | ChallengeTeam | Must be a member of the Participant Team and be an admin on the referenced Challenge Team. | |
| /challenge/{id}/challengeTeam/{challTeamId} | DELETE | -- | -- | -- | Must be an admin on the referenced Challenge Team. | |
| /evaluation/submission | POST | etag, teamId | Submission | Submission | Must have SUBMIT permission in the Evaluation referenced in the Submission. | If teamId is included then a TeamState object is created for the Submission. If 'contributer' list is non empty then teamId is required and Submission is rejected if submitter or any specified contributers is not on the given team. Notifications sent to all contributers except for submitter, with instructions for opting out. |
| /evaluation/submission/{id}/optOut | PUT | userId | -- | -- | userId must be the one making the request. | Sets 'optOut' field for given userId in the Submission. userId must be a contributer in the Submission (not the submitter himself) and Submission must not be in one of the Evaluation's 'optOutDisallowed' states. |