Comments (6)
Sounds like a great idea! Shouldn't be hard to serialize, but do you have an idea on how to detect those relation in SilverStripe?
from silverstripe-restfulapi.
Since somebody might not want "polymorphic" output, while still having polymorphism in SilverStripe, I'd say it should be configurable.
Say you have the following class hierarchy in SilverStripe:
Shape extends DataObject
Rectangle extends Shape
Triangle extends Shape
From what I've seen, it's enough to enable API access for all three classes by adding the following config:
Shape:
api_access: true
So I would make the polymorphism just another flag in the config. Eg.
Shape:
api_access: true
polymorphic: true
I haven't looked into the code that much to see if this is sufficient.. I guess the serializer would have to check the relation, then see if the relation is polymorphic and switch to the polymorphic output mode instead.
from silverstripe-restfulapi.
First, are you sure giving api access to the parent class gives access to all classes that extend it? I never really tested this and am a bit worried of the security issue here...
For the polymorphic relation | think it would be better to have either a 'polymorphic' property on the class with the value being an array with the relation name, or a 'polymorphic' Boolean for each relation.
Shape:
polymorphic:
- Owner
- Other
Or
Shape:
RelationName:
polymorphic: true
I'll have to see what makes most sense when implementing....
from silverstripe-restfulapi.
Hm I haven't tested it extensively, but I just noticed that giving access to the base-class enables access on the subclasses. Why do you think it's an issue? Subclasses should inherit permissions from base-classes, unless explicitly declared otherwise.
Setting it on a relation might also be a good approach. Is probably more flexible.
from silverstripe-restfulapi.
To me access should be explicitly declared, to avoid giving permissions without realising it. So it works a bit like controllers $allow_actions
from silverstripe-restfulapi.
My line of thought was that it would work the same way as permissions in SilverStripe. If your base-class has canView
, canEdit
etc. implemented, the permissions will carry over to subclasses. But since your API also allows "config-only" checks, it might actually be better to force permission-settings on every accessible class.
from silverstripe-restfulapi.
Related Issues (20)
- Embedded Records not working as expected, or at all HOT 2
- Pagination for the Json
- The full configuration for BlogCategories & FeaturedImage
- Setting tokenOwnerClass HOT 2
- password with special characters HOT 1
- Response code 100 when post object has more than 3 relations
- CORS not working - Question really HOT 1
- api/auth/lostPassword -> BadMethodCallException
- New release? HOT 1
- Created, LastEdited never seem to be returned HOT 3
- Specify fields to be returned HOT 2
- default limit? HOT 1
- Access to token on dataobjects HOT 2
- Why convert properties and model names by "lcfirst"? HOT 1
- Lost password existing account disclosure HOT 4
- Can I call multiple dataobject in one api request and response in one json object?
- How to prevent POST requests specifying ID HOT 1
- SilverStripe 4 Support HOT 1
- model_permission_check instanceof Member not namespaced HOT 1
- Getting error: Call to undefined method SilverStripe\Config\Collections\CachedConfigCollection::set()
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silverstripe-restfulapi.