<p></p>
<p><b>@kcne</b> commented on this pull request.</p>
<hr>
<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5344#discussion_r1867597558">app/views/api/notes/_note.xml.builder</a>:</p>
<pre style='color:#555'>> @@ -14,6 +14,10 @@ xml.note("lon" => note.lon, "lat" => note.lat) do
xml.date_closed note.closed_at if note.closed?
+ note.tags.each do |k, v|
</pre>
<p dir="auto">This code is duplicated multiple times, consider creating a shared helper method to reuse instead.</p>
<hr>
<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5344#discussion_r1867640626">app/models/note_tag.rb</a>:</p>
<pre style='color:#555'>> + validates :note, :associated => true
+ validates :k, :v, :allow_blank => true, :length => { :maximum => 255 }, :characters => true
+ validates :k, :uniqueness => { :scope => :note_id }
</pre>
<p dir="auto">To ensure stronger data integrity, we can enforce that k and v are always present, within length limits, and unique per note. Additionally, using <code class="notranslate">presence: true</code> for note simplifies and improves performance compared to <code class="notranslate">associated: true</code></p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-en">validates</span> <span class="pl-pds">:note</span><span class="pl-kos">,</span> <span class="pl-pds">presence</span>: <span class="pl-c1">true</span>
<span class="pl-en">validates</span> <span class="pl-pds">:k</span><span class="pl-kos">,</span> <span class="pl-pds">presence</span>: <span class="pl-c1">true</span><span class="pl-kos">,</span> <span class="pl-pds">length</span>: <span class="pl-kos">{</span> <span class="pl-pds">maximum</span>: <span class="pl-c1">255</span> <span class="pl-kos">}</span><span class="pl-kos">,</span> <span class="pl-pds">uniqueness</span>: <span class="pl-kos">{</span> <span class="pl-pds">scope</span>: <span class="pl-pds">:note_id</span> <span class="pl-kos">}</span>
<span class="pl-en">validates</span> <span class="pl-pds">:v</span><span class="pl-kos">,</span> <span class="pl-pds">presence</span>: <span class="pl-c1">true</span><span class="pl-kos">,</span> <span class="pl-pds">length</span>: <span class="pl-kos">{</span> <span class="pl-pds">maximum</span>: <span class="pl-c1">255</span> <span class="pl-kos">}</span></pre></div>
<hr>
<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5344#discussion_r1867658626">db/migrate/20241030122707_create_note_tags.rb</a>:</p>
<pre style='color:#555'>> +class CreateNoteTags < ActiveRecord::Migration[7.2]
+ def change
+ # Create a table and primary key
+ create_table :note_tags, :primary_key => [:note_id, :k] do |t|
+ t.column "note_id", :bigint, :null => false
+ t.column "k", :string, :default => "", :null => false
+ t.column "v", :string, :default => "", :null => false
+
+ t.foreign_key :notes, :column => :note_id, :name => "note_tags_id_fkey"
+ end
+ end
+end
</pre>
<p dir="auto">This migration works well for ensuring uniqueness with a composite primary key. However, if querying by tags (e.g., <code class="notranslate">{k: "created_by", v: "openstreetmap"}</code>) is expected, a surrogate primary key (<code class="notranslate">id</code>) with additional indexes might be more efficient. For example:</p>
<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-en">create_table</span> <span class="pl-pds">:note_tags</span> <span class="pl-k">do</span> |<span class="pl-s1">t</span>|
<span class="pl-s1">t</span><span class="pl-kos">.</span><span class="pl-en">bigint</span> <span class="pl-pds">:note_id</span><span class="pl-kos">,</span> <span class="pl-pds">null</span>: <span class="pl-c1">false</span>
<span class="pl-s1">t</span><span class="pl-kos">.</span><span class="pl-en">string</span> <span class="pl-pds">:k</span><span class="pl-kos">,</span> <span class="pl-pds">null</span>: <span class="pl-c1">false</span><span class="pl-kos">,</span> <span class="pl-pds">default</span>: <span class="pl-s">""</span>
<span class="pl-s1">t</span><span class="pl-kos">.</span><span class="pl-en">string</span> <span class="pl-pds">:v</span><span class="pl-kos">,</span> <span class="pl-pds">null</span>: <span class="pl-c1">false</span><span class="pl-kos">,</span> <span class="pl-pds">default</span>: <span class="pl-s">""</span>
<span class="pl-s1">t</span><span class="pl-kos">.</span><span class="pl-en">timestamps</span>
<span class="pl-k">end</span>
<span class="pl-en">add_index</span> <span class="pl-pds">:note_tags</span><span class="pl-kos">,</span> <span class="pl-kos">[</span><span class="pl-pds">:note_id</span><span class="pl-kos">,</span> <span class="pl-pds">:k</span><span class="pl-kos">]</span><span class="pl-kos">,</span> <span class="pl-pds">unique</span>: <span class="pl-c1">true</span> <span class="pl-c"># Enforce uniqueness</span>
<span class="pl-en">add_index</span> <span class="pl-pds">:note_tags</span><span class="pl-kos">,</span> <span class="pl-kos">[</span><span class="pl-pds">:k</span><span class="pl-kos">,</span> <span class="pl-pds">:v</span><span class="pl-kos">]</span> <span class="pl-c"># Optimize tag-based queries</span></pre></div>
<p dir="auto">This approach aligns with Rails conventions, simplifies queries, and allows adding indexes for tag lookups (<code class="notranslate">k</code>/<code class="notranslate">v</code>).</p>
<hr>
<p>In <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5344#discussion_r1867580434">app/controllers/api/notes_controller.rb</a>:</p>
<pre style='color:#555'>> @@ -83,12 +85,30 @@ def create
lat = OSM.parse_float(params[:lat], OSM::APIBadUserInput, "lat was not a number")
comment = params[:text]
+ # Extract the tags parameter (if it exists)
+ tags = []
+ if params[:tags].present?
+ # Split by commas to get individual key-value pairs
+ pairs = params[:tags].split(",")
+
+ # For each pair in parameters, store it in tags variable
+ pairs.each do |pair|
+ key, value = pair.split(":", 2)
+ tags << { :k => sanitize(key), :v => sanitize(value) } if key && value
+ end
+ end
</pre>
<p dir="auto">I agree with Tom here. Also independent of implementation, validation here would be necessary in my opinion.</p>
<p dir="auto">Two alternative approaches that could be useful here is to:</p>
<ul dir="auto">
<li>use nested form parameters:</li>
</ul>
<pre class="notranslate"><code class="notranslate">tags[created_by]=OpenStreetMap-Website&tags[editor]=JOSM
</code></pre>
<ul dir="auto">
<li>using a prefix for tag related properties:</li>
</ul>
<pre class="notranslate"><code class="notranslate">tag_created_by=OpenStreetMap-Website&tag_editor=JOSM
</code></pre>
<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/5344#pullrequestreview-2475434346">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLP6QMWORN2JKPF7ZWT2DWRU7AVCNFSM6AAAAABSCG2KCWVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDINZVGQZTIMZUGY">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLIU5JUDUGYEVKSTKUD2DWRU7A5CNFSM6AAAAABSCG2KCWWGG33NNVSW45C7OR4XAZNRKB2WY3CSMVYXKZLTORJGK5TJMV32UY3PNVWWK3TUL5UWJTUTRQQWU.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/pull/5344/review/2475434346</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/5344#pullrequestreview-2475434346",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/5344#pullrequestreview-2475434346",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>