使用REST API来查找依赖于上下文的列表
[英]Using REST API for lookup lists dependant on context
问题描述
I am currently trying to decide on the best approach to solve a problem I am having with designing my REST API. 
我目前正在尝试确定解决我在设计REST API时遇到的问题的最佳方法。
The simplified scenario is my web application has two resources for example departments and employees. 简化方案是我的Web应用程序有两个资源,例如部门和员工。 Both are security controlled within the business layer. 两者都在业务层中受到安全控制。
A user can exist who has access to employee but not to department, however when this user edits an employee they need to be able to select that employee's department from a drop down list (similarly they might have a list of employees that they want to filter by department). 可以存在一个有权访问员工但不能访问部门的用户,但是,当该用户编辑员工时,他们需要能够从下拉列表中选择该员工的部门(类似地,他们可能具有要过滤的员工列表)按部门)。
Ordinarily that user would not have access to the department object so wouldn't be able to call /department/ for example but in the case of editing an employee they need the list of departments. 通常,该用户将无权访问部门对象,因此将无法调用/ department /,但是在编辑员工的情况下,他们需要部门列表。
What would be the recommended way of dealing with this, would I return a list of departments on each GET of /employee/ or would I create another resource which was a combination of employee and department objects (department being the full list of departments)? 建议的处理方式是什么,我将在/ employee /的每个GET上返回部门列表,还是会创建另一个由员工和部门对象组合而成的资源(部门是部门的完整列表)?
I can't currently change the security on the objects as this is deeply ingrained in the application logic. 我目前无法更改对象的安全性,因为这在应用程序逻辑中已根深蒂固。
Has anybody got any ideas? 有人有想法吗?
Regards, Gary 问候,加里
2 个解决方案
解决方案1
0 2014-01-15 12:30:02
创建一个名为“ DepartmentList”的新资源
解决方案2
0 2014-01-15 14:10:49
Note : I think plural names are better. 注意 :我认为复数名称更好。
You have to think of what would make the life of your users (devs) easier. 您必须考虑什么会使您的用户(开发人员)的生活变得更轻松。
A combined resource would 'pollute' your api. 合并的资源将“污染”您的api。 Your api would expose /employees, /departments and /employeeDepartments. 您的api将公开/ employees,/ departments和/ employeeDepartments。 I don't think the latter deserves to be that high in the hierarchy. 我认为后者不应该在层次结构中那么高。
It'd be also be a little more complex for your users to use: 用户使用起来也会有些复杂:
"To edit an employee you need to set a department, BUT that department is not always available at /department, so you better get it from employeeDepartments ... " “要编辑员工,您需要设置一个部门,但是该部门并不总是在/ department中可用,因此最好从employeeDepartments中获得它。”
Think of your employee object: GET /employees/123 考虑一下您的员工对象:GET / employees / 123
employee:{
name: John,
...
department: {
id: ID
--a subset of data--
}
}
The subset of data should be enough to operate for Users with no rights, and Users with right access may operate on /departments/ID. 数据的子集应足以对没有权限的用户进行操作,而有权访问的用户可以在/ departments / ID上进行操作。
Now, how to get the list of available options? 现在,如何获取可用选项列表?
I use to provide a 'special' action /new where I provide a 'form' which users can use as a template to post and create a new resource. 我过去常常提供一个“特殊”操作/ new,在那里我提供了一个“表单”,用户可以将其用作发布和创建新资源的模板。 This is not an adopted Rest 'standard' but is HATEOAS friendly - it really helps to the discoverability of your api. 这不是采用的Rest“标准”,而是HATEOAS友好的-确实有助于发现您的api。
So, GET /employees/new could print 因此,GET / employees / new可以打印
employee:{
name: "",
...
department: [{ id: 1, --subset of data-- },{ id: 2, --subset of data-- }.. ]
}
There is some convention to be taken on the format (eg: user needs to know that it only has to pick one department). 格式上有一些约定(例如:用户需要知道它只需要选择一个部门)。 But that's a hole new discussion. 但这是一个新的空洞讨论。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.