Each resource (optionally) has a primary endpoint and (optionally)
secondary endpoints. The primary endpoint is used for link generation,
the secondary endpoints serve as a whitelist. These endpoints are used
to generate the schema.
We wouldn't want to define an endpoint, generate a schema, but also
accidentally call the wrong resource in the actual runtime code. This
commit ensures only a resource associated with a given endpoint can be
called.
This behavior can be overriden:
def self.allow_request?(path, action)
# ... code ...
end
richmolj
commented
5 years ago
Each resource (optionally) has a primary endpoint and (optionally) secondary endpoints. The primary endpoint is used for link generation, the secondary endpoints serve as a whitelist. These endpoints are used to generate the schema.
We wouldn't want to define an endpoint, generate a schema, but also accidentally call the wrong resource in the actual runtime code. This commit ensures only a resource associated with a given endpoint can be called.
This behavior can be overriden:
To whitelist endpoints:
The primary endpoint is derived from the class name by default. To do nothing but limit the actions: