REST API需要两个单独的资源来创建用户吗?
[英]REST API Two seperate resources to create a user?
问题描述
Currently building a REST API and one of the functions of it will be to create users. 
当前正在构建REST API,它的功能之一就是创建用户。 There are two ways my application will create users: 我的应用程序有两种创建用户的方式:
- Register, users add themselves with the usual data: email, password, username, date of birth. 注册后,用户将使用通常的数据添加自己:电子邮件,密码,用户名,出生日期。
- Manual creation, admin adds a user with usual data AND any extra data as required. 手动创建后,管理员会向用户添加常规数据以及所需的任何其他数据。
My setup is a users table, users_metadata table and users_permissions table, as well as a few others. 我的设置是一个users表, users_metadata表和users_permissions表,以及其他一些表。 The email and password are stored in the users table, the username and date of birth in the users_metadata table. 电子邮件和密码存储在users表中,用户名和出生日期存储在users_metadata表中。 When manually creating a user other metadata and the user's permissions, as well as data in the other tables, can be changed. 手动创建用户时,可以更改其他元数据和用户权限以及其他表中的数据。
Would it be better to have two different resources to handle creating a user? 拥有两个不同的资源来处理创建用户会更好吗?
1 个解决方案
解决方案1
3 已采纳 2017-11-14 09:21:12
Would it be better to have two different resources to handle creating a user?
I wouldn't create two different resources that both represent the user and both model its creation process. 我不会创建两个既代表user又对它的创建过程建模的不同资源。 Since a user is a user, in my opinion they should be created trough the same resource. 由于用户是用户,我认为应该通过相同的资源来创建他们。
Manual creation, admin adds a user with usual data AND any extra data as required .
When manually creating a user other metadata and the user's permissions , as well as data in the other tables, can be changed.
If it makes sense, you could model this extra data as a separate (sub)resource. 如果有道理,您可以将此额外数据建模为单独的(子)资源。 The same goes for permissions. 权限也是如此。 This sub resource can then have its own URL (for instance /users/{id}/meta and /users/{id}/permissions ) to which the client issues separate POST requests, or it can be nested in the data structure that is sent to the API, like so: 然后,该子资源可以具有其自己的URL(例如/users/{id}/meta和/users/{id}/permissions ),客户端可以向其发出单独的POST请求,或者可以将其嵌套在以下数据结构中:发送到API,如下所示:
{
"name": "John",
"email-address": "john@doe.com",
"permissions": {
"read": true,
"write": false
},
"meta-data": {
"date-of-birth": "2000-01-01"
}
}
The approach with separate sub resources at their own URLs makes access control and validation a bit easier. 在自己的URL处使用单独的子资源的方法使访问控制和验证更加容易。 On the other hand, it puts a bigger burden on the client. 另一方面,这给客户带来了更大的负担。 It can also put you in the position where an admin creates a user, the basic information is saved, but there is an error saving permissions; 它还可以使您处于管理员创建用户的位置,可以保存基本信息,但是存在错误保存权限; depending on your use case you may or may not need to somehow handle that automatically. 根据您的用例,您可能会或可能不需要以某种方式自动处理它。
The approach where the sub resources are nested in the data structure makes the logic to handle the POST request a bit more complex, but it does make the client side of things easier and gives you the option to make the whole action atomic by wrapping it in a transaction and rolling back if anything goes wrong. 将子资源嵌套在数据结构中的方法使处理POST请求的逻辑更加复杂,但是它确实使事情变得更轻松,并且通过将其包装在其中,使您可以选择使整个操作具有原子性。交易并在出现任何问题时回滚。
Note: These two approaches are not mutually exclusive; 注意:这两种方法不是互斥的; you can do both if you want. 如果需要,您可以两者都做。
Which of these approaches is best will depend on how many sub resources there are, how complex they are and how complex the access control to the sub resources is; 哪种方法最好,将取决于有多少子资源,它们有多复杂以及对子资源的访问控制有多复杂; the more sub resources there are and/or the more complex access control is, the more likely I would be to setup different URLs for the sub resources. 子资源越多和/或访问控制越复杂,我就越有可能为子资源设置不同的URL。
In this specific case, I would net the sub resources in the data structure and have the clients POST all the data at once. 在这种特殊情况下,我将.NET中的数据结构中的子资源,并且客户端POST一次所有数据。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.