Closed rrdaniels85 closed 7 years ago
If only the user that owns the tank can add update or delete the respective animal/fish, then it would meet the requirements for resource ownership.
I notice you say that you're planning on that controller code, try it and feel free to leave this open while you build and test that.
Thanks! I'll give it a go!
So, this approach appears to be working. When a user tries to create, update, or delete an animal in a tank that is not user owned, they get the following error:
HTTP/1.1 404 Not Found
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
X-Request-Id: 7884ca13-1a48-422b-9bcf-1b4021c89856
X-Runtime: 0.006415
Vary: Origin
Transfer-Encoding: chunked
{"error":{"message":"Not Found"}}
So it prevents them from being able to do anything. Is this ok?
Good morning!
I had a question regarding how I am setting up my API and want to make sure that how I'm handling it meets the requirement of having anything updated or deleted be 'user owned'. I have attached an image of my ERD for the project. I am doing an aquarium management application for people who are fish enthusiasts and have multiple aquariums. As you can see, a user has many tanks and then a tank has many animals. I am confident that the tanks are user owned but want to make sure that I'm understanding the animals piece correctly.
Here are my models: USER
TANK
Planned MODEL FOR ANIMALS:
For my controller for animals, I was planning on doing this:
I did not want to do a user has many animals through tanks because this seems unnecessary given that a fish can only belong to one tank. I believe that with using this approach, only the user that owns the tank can add, update, or delete the fish. Would this meet the 'user owned' requirement for the fish/animals? Or am I thinking about this the wrong way?