Loading ...
Sorry, an error occurred while loading the content.

19272Re: [rest-discuss] Re: New Internet-Draft: JSON Hypertext Application Language

Expand Messages
  • Mike Kelly
    Feb 13, 2013
    • 0 Attachment

      Hi Craig,

      Thanks for your response.

      The problem with that approach is you have to force your access model around the HTTP verbs. So if you have different transitions possible for a PUT or POST request on a given resource, and each have different access rules, then you're out of options (no pun intended).

      Another approach is to create permission resources that represent the roles the requesting user has for particular activities. The roles can be more descriptive, flexible, and intuitive to clients that way.

      Are there some compelling reasons to work around HTTP that i'm missing.

      Along the same lines, I'm a bit concerned about absorbing HTTP stuff into the media type. Which I think this technique is guilty of. A while back I considered adding etag info for embedded resources but canned it because of the same concern.. Out of interest how would you feel about that etag approach?

      Cheers,
      M

      On 13 Feb 2013 17:35, "Craig McClanahan" <craigmcc@...> wrote:
      >
      > I've written several APIs lately that contain a similar concept to the "links" abstraction with a useful extension -- we also include an "allowed" field that contains an array of the HTTP verbs that this user is allowed to perform against the URL specified by "href".  Essentially, we're saving the client the need to do an OPTIONS call to determine what verbs are supported for that user.
      >
      > A use case for this is when displaying content that may or may not be editable (or can be deleted) by the requesting user.  If so, the "allowed" field would say '[ "GET", "PUT", "DELETE" ]'.  If not, it would just say '[ "GET" ]'.  A client UI can use this information to decide whether or not to display enabled "Edit" or "Delete" buttons.
      >
      > Craig McClanahan
      >
      > On Tue, Feb 12, 2013 at 1:52 PM, Mike Kelly <mikekelly321@...> wrote:
      >>
      >>  
      >>
      >> Here's a slightly more useful link than the previous one!
      >>
      >> http://tools.ietf.org/html/draft-kelly-json-hal-05
      >>
      >> On Tue, Feb 12, 2013 at 7:53 AM, Mike Kelly mikekelly321@...> wrote:
      >> > Hello all,
      >> >
      >> > fyi, I have updated the following internet draft:
      >> >
      >> > http://www.ietf.org/id/draft-kelly-json-hal-04.txt
      >> >
      >> > All thoughts, comments, suggestions, etc welcome
      >> >
      >> > Cheers,
      >> > Mike
      >>
      >> --
      >> Mike
      >>
      >> http://twitter.com/mikekelly85
      >> http://github.com/mikekelly
      >> http://linkedin.com/in/mikekelly123
      >>
      >>
      >
      >

    • Show all 5 messages in this topic