Implement a "read-only" option for lists

[molomby]

Leading on from thoughts in #1117.

It would be very useful (and probably not especially difficult?) to support a flag on lists that made them read-only (isReadOnly I guess?). When set to true this option would remove all mutations related to the list from the GraphQL schema as well as edit/create/delete functionality from the Admin UI. All read operations/interface would operate in the same manner.

I can think of two scenarios in which this would be useful:

• Supporting database views -- Both core database adapters can be used with DB platforms that support views. DB view let app devs easily incorporate business and reporting logic into their DB then surface it through their Keystone. This also gives app developers the opportunity to leverage tools like materialised views to improve performance of common, time-intensive operations. This was previously discussed in #1777.
• Supporting tables/collections managed outside the system -- Databases often become de facto APIs to other systems. Imagine for example, a piece of legacy software that can sync business data to a relational DB. We can add the data to our DB but the Keystone instance itself does not manage it. By configuring a read-only list, users can view and link to these sync'ed records through the admin UI and surface them through GraphQL without allowing operations that will cause errors.

An example of the "view" scenario -- here we have a "high scores" list with a field that calculates each score's current ranking. This kind of operation is impractical to perform in JS, even with the planned "virtual" fields (#1117).

Lists:

keystone.createList('HighScore', {
  fields: {
    player: { type: Text },
    points: { type: Number, isIndexed: true },
    ranking: { type: Relationship, ref: 'HighScoreRanking', many: false }
  }
});
keystone.createList('HighScoreRanking', {
  options: { isReadOnly: true },
  fields: {
    ordinal: { type: Integer },
    score: { type: Relationship, ref: 'HighScore', many: false }
  }
});

Underlying view (pgSQL):

create view "highScoreRankings" as (
    select "id", row_number() over (order by "points" desc) as "ordinal"
    from "highScores"
);

This can then be used in GraphQL queries:

query {
  # Get a player's scores and the rank of those scores:
  myScores: allHighScores (where: { player: 'molomby' }) {
    player
    points
    ranking: { ordinal }
  }

  # Get the current top 10 scores:
  topScores: allHighScoreRankings (where: { ordinal_lte: 10 }, orderBy: "ordinal desc") {
    ordinal
    score: {
      player
      points
    }
  }
}

[gautamsi]

an isReadOnly option for field is also needed.

[MadeByMike]

This is possible with access control and now that the bug related to read-only fields rendering in the Admin UI has been resolved I don't think this gives us much. Sure the queries and mutation will still be created (which could still be useful internally) but on the client they will always fail.

@molomby I think we can mark this as resolved?

[gautamsi]

an isReadOnly option for field is also needed.

^this one is fixed, original read-only list (not just field) may still be needed.

[stale[bot]]

It looks like there hasn't been any activity here in over 6 months. Sorry about that! We've flagged this issue for special attention. It wil be manually reviewed by maintainers, not automatically closed. If you have any additional information please leave us a comment. It really helps! Thank you for you contribution. :)