agrestio / agrest

Server-side Java REST Framework for easy access to data graphs from various backends
https://agrest.io
Apache License 2.0
81 stars 34 forks source link

OpenAPI descriptors - exclude inaccessible properties #612

Closed andrus closed 1 year ago

andrus commented 1 year ago

While property access rules are sometimes defined per-response, I think it would be reasonable to exclude any properties that are not readable or writable at the common model level (unreadable - from Entity, unwritable - from EntityUpdate).

Limitation: if per-request entity overlays re-enable previously hidden properties, they will still stay hidden in the OpenAPI model. This is not that different from a case when per-request overlays would define entirely new properties (those will also not show up).