Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support readOnly and writeOnly keywords #276

Open
ahx opened this issue Jul 10, 2020 · 5 comments
Open

Support readOnly and writeOnly keywords #276

ahx opened this issue Jul 10, 2020 · 5 comments

Comments

@ahx
Copy link

ahx commented Jul 10, 2020

Spec: http://spec.openapis.org/oas/v3.0.3#fixed-fields-19

In OpenAPI 3.1 this will be taken straight from the json-schema 2019-09 spec: readOnly and writeOnly

Supporting these keywords should be useful to describe readOnly fields.
AFAIK there is no Ruby JSON Schema validator library that supports this at the moment.

@Linuus
Copy link

Linuus commented Nov 6, 2020

I think OpenAPIParser which Committee is using supports readOnly and writeOnly already?
See: https://github.com/ota42y/openapi_parser/blob/f609caa0ac69d5583a027ded60b29427c3256b4c/lib/openapi_parser/schemas/schema.rb#L76-L82

@ahx
Copy link
Author

ahx commented Nov 6, 2020

I was thinking about making the validation respect readOnly/writeOnly properties like:

  • Raise an error if response body includes a writeOnly property
  • Return 400 if request body includes a readOnly property

OpenAPI does not adapt validation based on readOnly/writeOnly annotations. AFAIK the code line is just about adding an accessor method to read these fields (read_only vs readOnly).

@ota42y
Copy link
Member

ota42y commented Nov 14, 2020

Currently, openapi_parser can only read readOnly / writeOnly, and we can't use validation based on that properties.

The committee validate parameters by these methods.
I think we can validate using these properties by adding checking flag to options and checking these flags in validators

e.g.
When we called validate_request_body funciton, we add reject_by_readOnly flag to the option.
The validators finds readOnly properties withreject_by_readOnly = true, raise error)

@ota42y
Copy link
Member

ota42y commented Nov 14, 2020

OpenAPI 3 define these (writeOnly too)

  • reject request when the client send readOnly properties
  • when we use readOnly with required=true, ignore required in response validation.

Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as readOnly being true and is in the required list, the required will take effect on the response only.

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.3.md#fixed-fields-20

But OpenAPI 3.1.0.rc1, we can ignore or raise error.

An instance document that is marked as "readOnly for the entire document MAY be ignored if sent to the owning authority, or MAY result in an error, at the authority's discretion.

So I think it's better to support option to raise error or ignore these properties bacause easy to migration.

@aliaksandrb
Copy link

Would love this feature available as well 😌
It makes schema definitions much cleaner, especially for cases when request body for creation is almost identical as response body, except the fields that set internally (ex: ownership, timestamps & etc).

If a readOnly or writeOnly property is included in the required list, required affects just the relevant scope – responses only or requests only. That is, read-only required properties apply to responses only, and write-only required properties – to requests only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants