search

cerebris / jsonapi-resources

A resource-focused Rails library for developing JSON:API compliant servers.
http://jsonapi-resources.com
MIT License
2.32k stars 529 forks source link

Best practices for making relationships immutable? #838

Open abuiles opened 8 years ago

abuiles commented 8 years ago

From the docs, it looks like we can make a resource read-only by using immutable, but, is there a similar option to restrict operations in a relationship?

Given the following 

  # brand has-many motorcycles
  jsonapi_resources :brand 
  jsonapi_resources :motorcycle

I want to restrict the operations between brands/relationships/motorcycles so only GET is allowed.

I found a workaround doing the following, but I wonder if there is a better solution.

jsonapi_resources :brands do
  jsonapi_relationships only: [:get]
end
jsonapi_resources :motorcycles

If that's the case I'll gladly add a note to the README so others can find it too.

Thanks!

lgebhardt commented 8 years ago

I'd like to get the code fixed instead of adding a note to the README.

abuiles commented 8 years ago

@lgebhardt sounds great, I wanted to confirm if it was intended behavior or a bug.

Are you thinking about a flag in the relationship to mark it as immutable? There could be scenarios where you might want to protect only some of the relationships. 

class MotorcycleResource < JSONAPI::Resource
  attributes

  has_many :likers # you can modify this
  belongs_to :brand, immutable: true # but the brand should be read only 
end
lgebhardt commented 8 years ago

@abuiles I think I misunderstood the question. In your first example I was assuming you were making the brand immutable, which I now see is probably not the case. If the resource is immutable it should restrict the modification of the relationships by not generating the routes. I assumed you were reporting that this wasn't happening, hence the bug label.

To clarify are you just looking making relationships immutable? If so this should be a new feature, not a bug.

abuiles commented 8 years ago

To clarify are you just looking making relationships immutable? If so this should be a new feature, not a bug.

Correct, making brand immutable works as expected - only GET is defined for that resource, but I want to mark some relationships as immutable too. That's why I did the workaround through the routes.

lgebhardt commented 8 years ago

@abuiles Ok, let's plan to add the immutable flag to relationships as well as resources.

Chilinot commented 5 years ago

Whats the status on this issue? I would very much like to use it.