Comments (11)
I think that's a great idea. :)
I would however have the 2 callbacks onBeforeDeserialize
and onAfterDeserialize
on lines 388 and 394 so devs can act on both the raw json and the formatted data array that will be applied to the DO. Remembering to pass the payload by reference each time...
I think that would give the right kind of flexibility?
from silverstripe-restfulapi.
I'm not sure if the raw request-body would be of much interest? But more flexibility is better, I guess.
Your proposal sounds good as well.. as long as there's a way to check/sanitize incoming data before writing, I'll be happy :)
from silverstripe-restfulapi.
I thought about this some more and wondered if it would be possible to somehow also perform a callback/precondition before creating records?
Imagine the following use-case: There are Queues, every Queue has_many
Tickets. The amount of tickets per queue is restricted to 10.
How would you go about implementing this? Implementing a canCreate
method on Ticket won't do, because it doesn't know about the queue it's going to be added to.
Your implementation checks canCreate
, then creates the record and after that runs an update. If there's a hook in updateModel
as discussed above (where we could prevent something), the DO will already be persisted to the DB, just without the actual data from the payload.
Maybe this is also an edge case and would be better solved by subclassing RESTfulAPI_DefaultQueryHandler
and overriding createModel
?
from silverstripe-restfulapi.
Should I take a stab at this?
My proposed changes would include the following:
- Add a
onBeforeCreateWithPayload
callback that allows implementing classes to deny creation of an object by looking at the payload. - Add
onBeforeDeserialize
andonAfterDeserialize
as discussed before... although I doubt that the incoming JSON string is of much interest (needs to be parsed anyway to do something meaningful). So this could be simplified to something likeonBeforeUpdateWithPayload
.
from silverstripe-restfulapi.
I think onBefore/AfterDeserialize
are enough.
The before one, even if not always useful, let you alter the JSON and so how it will be parsed, e.g. many_many_extrafields but also anything else that might be implemented in the future.
The after one is great to alter what is to be written to the DO.
For denying creation of DO I don't think this is the right place. This can be done with existing SS logic already, like onBeforeWrite, canCreate and here DO validation would do the trick.
from silverstripe-restfulapi.
You're right, this could be covered with existing SS logic, but would require a rewrite of your code.
As far as I can tell, your code that creates a new DO currently does this (simplified):
- Check
canCreate
on a singleton instance. If allowed, then: - Create a new Object instance and write it to the DB.
- Populate the object via
updateModel
. Access permissions are checked again, but before actually applying any payload data.
So both these canCreate
checks won't help with the use-case I mentioned (Ticket Queues with max. amount per Queue).
In order for this to work, the creation of an Object should go like this:
- (optional) Check
canCreate
on a singleton instance to exit early. - Create an object instance and populate it with the DO payload (only DO values without the relation data)
- Check
canCreate
. If granted, write the object.
onBeforeWrite
isn't meant to be used to cancel object creation or object-writing in general.
from silverstripe-restfulapi.
DO validation is what should be used here I believe. And it's true that at the moment it would not work, but solution have been discussed here #30 and here #22. And that should be implemented soon.
from silverstripe-restfulapi.
Hm. I didn't even know that validation for DataObjects exist.. but you're right, it would make a lot of sense here.
Do you need a hand implementing this? I'd rather have this feature sooner than later.
from silverstripe-restfulapi.
I'll get the refactoring of create/updateModel done early this week so DO validation works, since I have a good idea on how to implement this.
If you can submit a PR for the onBefore/AfterDeserialize
hooks that would be helpful.
from silverstripe-restfulapi.
Awesome. Will send a PR for the deserialize hooks shortly.
from silverstripe-restfulapi.
PR is sent. #46
from silverstripe-restfulapi.
Related Issues (20)
- New release? HOT 1
- Created, LastEdited never seem to be returned HOT 3
- Specify fields to be returned HOT 2
- default limit? HOT 1
- Access to token on dataobjects HOT 2
- Why convert properties and model names by "lcfirst"? HOT 1
- Lost password existing account disclosure HOT 4
- Can I call multiple dataobject in one api request and response in one json object?
- How to prevent POST requests specifying ID HOT 1
- SilverStripe 4 Support HOT 1
- model_permission_check instanceof Member not namespaced HOT 1
- Getting error: Call to undefined method SilverStripe\Config\Collections\CachedConfigCollection::set()
- Embedded Records not working as expected, or at all HOT 2
- Pagination for the Json
- The full configuration for BlogCategories & FeaturedImage
- Setting tokenOwnerClass HOT 2
- password with special characters HOT 1
- Response code 100 when post object has more than 3 relations
- CORS not working - Question really HOT 1
- api/auth/lostPassword -> BadMethodCallException
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from silverstripe-restfulapi.