0

I am using Katharsis library in my Spring Boot server to build automatically JSON-API interface.

Let's say I have an endpoint (resource) /resource, for which I would like to offer POST method (to create new resources) but restrict PATCH (to restrict resources updating). Meanwhile, the io.katharsis.repository.ResourceRepository offers only save() method, which applies to both POST and PATCH.

My only idea at the moment is to add another Filter to FilterChain that will disallow PATCHing the required endpoint.

Are there any better (i.e. shorter or more elegant) ways to achieve this?

ppi
  • 86
  • 7

2 Answers2

0

To disable PATCH method you should follow the steps:

  1. Check if in Database exists object with ID provided in requested URL
  2. If object exists, throw UnsupportedOperationException
masterspambot
  • 516
  • 4
  • 11
  • Thanks for the hint! Is this the way that JsonApi somehow recommends? My doubt is: why should I even ask the database? I know that PATCH is unsupported at all, regardless of what is in the database. So, it sounds like one extra database call that can be skipped, right? After reading my question again - maybe it is not clear enough, I will correct it. – ppi Apr 25 '16 at 16:49
  • Also, I would greatly appreciate even a short explanation, why this solution is better than adding filter. Thanks in advance! – ppi Apr 25 '16 at 17:01
  • Usage of filter would be more appropriate if you'd want to disable patch for all requests and I assume you don't want to do that. Considering skipping first step - in production deployment cases with huge amounts of transaction and requests presumably only DB layer would know whether the object truly already exists. It's mostly for data consistency. – masterspambot Apr 28 '16 at 18:47
  • Thanks again. I decided to accept this answer, as long as there is no other option. It can be indeed considered more elegant than Filter – ppi Apr 30 '16 at 05:05
0

A PATCH contains an ID.
So you could check if ID != null and throw an error instead.
On this way you don't need to check the database.
This solution assumes that you don't generate id's on the client.

Maurice Mohlek
  • 36
  • 9
  • Thanks, nice idea. In our API it is actually allowed to both POST resource/{id} and PATCH resource/{id}. So, as you wrote this one won't work. Honestly, I stayed with Filter (matching every PATCH /resource request) solution to avaid database query. – ppi Oct 10 '16 at 21:58