xuzhg
commented
3 years ago @dilipmurugeshkumar
It's interesting. You put the capabilities vocabulary on entity set "artikelon". But, you are concerned about the request Uri starting from "Companies".
Basically, if you decorate the capabilities for the navigation property, you should use the "navigation property path".
for example you should use "https://github.com/oasis-tcs/odata-vocabularies/blob/main/vocabularies/Org.OData.Capabilities.V1.xml#L587" for the non-insertable navigation property.
Besides, if a navigation property is containment navigation property (aka, containstarget="true"), you should not put a top level entity set for a navigation property.
Short summary (3-5 sentences) describing the issue. Swagger displays API on the UI even if PropertyValue bool = false OData validation rules do not currently check if annotations containing properties of navigation or property paths are valid or reachable
Assemblies affected
Which assemblies and versions are known to be affected e.g. OData .Net lib 7.x
Reproduce steps
We see that even though property value bool = false, we still see the API end points exposed on the swagger UI
The above IEdmModel is parsed and converted to OpenApiDocument and later which is displayed in swagger
The End points Put, Post and Delete should not be displayed as it is not reachable. This may be because of the property value attribute bool = false. This causes an issue when trying to invoke these api’s For Example If I try to post
As we can see the endpoint does not exists and there by we get 405 exception. Is the exception occurring due to property value attribute bool = false? And the swagger displaying the endpoint. What should be done to hide such API's
Expected result
All the API End points which are not reachable should not be displayed on swagger.
Actual result
The API End points which are not reachable are displayed on swagger.
Additional detail
Optional, details of the root cause if known. Delete this section if you have no additional details to add.