Create comment as a different user via API?

Hi,

I have a need to migrate the content from some source epics to target epics in another project.

I am able to fetch the descriptions from the original source epics and append that information to the target epic description.

But I also need to move or copy the comments from the original epic to the target epic.

Via the API (I am using python-taiga but I don’t mind using direct REST calls to Taiga) Is it possible to either:

a) change the epic id of a comment, or

b) add a comment to the target epic but with a different author id (the id of the author of the original comment)?

I don’t want to add the comment as the user who has authenticated to the API as part of running the script.

I’m not sure what the allowed payload parameters are for adding the comment, e.g whether the author ID can be arbitrary.

Assume that the user running the script (and authenticated to the Taiga API) is the super administrator of the Taiga installation.

Thanks for any advice!

Alternatively - at the database level, it looks like the comments are in the history_historyentry table.

I can see all comments added against epics, with something like this:

SELECT id,user.type,comment,key,... FROM history_historyentry WHERE key LIKE '%epics.epic%';

The ‘key’ might have a value like this: epics.epic:1454

This maps to the id 1454 in the epics_epic table.

Is it safe if I were to do something like:

1. Find the ‘id’ of the epic based on the ‘ref’ column which is the source Epic number I know of, let’s say it’s id 1454 with ref 5153070
2. Find the ‘id’ of the epic based on the ‘ref’ column which is the target Epic number I know of, let’s say it’s id 1998 with ref 7591723
3. Do an UPDATE history_historyentry SET key = ‘epics.epic:1998’ WHERE key = ‘epics.epic:1454’;

Is that safe or am I likely to cause integrity problems in Taiga somehow?

Hi there @mig5!

Good to see you here again!

So, for the first question, no, it is not possible to use the API to alter ids like the author of a comment or an Epic. Just imagine some malicious actor wanted to create false testimony of someone, that would be troublesome.

As for meddling with the history keys, that might break stuff, yeah, particularly with ids. But that in particular, only getting the history refs might work, but it may then break because of the epic belonging to another project.

To be fair, we have not done those tests in the past, so if you feel like trying, please do let us know the results. Else I’ll try myself, but can’t give a timeline since we are quite busy at the moment.

Best!

Thanks @Charlie . That makes perfect sense.

In the end, I solved it a slightly different way. Remembering how I made my migration work from Pivotal Tracker to Taiga, I wrote a ‘manage.py’ command that directly interacts with the database (not via the REST API). In this way, I can preserve the comment authorship.

Here’s how I did it (might be useful for others who come across this thread):