REST API设计
[英]REST API design
问题描述
I'm writing a REST API and i want some feedback. 
我正在编写REST API,希望获得一些反馈。 I will have one resource called Items. 我将有一个称为项的资源。 I want it to be accessed publically or it can be privated (only the user can see it). 我希望可以公开访问它,也可以将其私有化(只有用户可以看到它)。 My First idea was to put a URL to public items like /Root/Items where the public items will live, and other URL like /Root/User/Items where private items will live. 我的第一个想法是将URL放置到公共项目(如/ Root / Items所在的公共项目)和其他URL(例如/ Root / User / Items所在的私人项目)。 An Item can be linked to another user so it will have permission to update it. 一个项目可以链接到另一个用户,因此将有权更新它。 Something like /Root/User/Operator/Items .... but then i realize i'm creating too many addresses. 像/ Root / User / Operator / Items ....之类的东西,但是后来我意识到我正在创建太多地址。
I dont like the idea to put all the items inside de /Root/Items url because each user will have a different output. 我不喜欢将所有项目放在de / Root / Items url中的想法,因为每个用户将有不同的输出。 And putting it only inside the /Root/user/Items will be not possible to list all the public items (that can belongs to any user). 并且仅将其放在/ Root / user / Items内将不可能列出所有公共项目(可以属于任何用户)。
Any idea how can i design that? 知道如何设计吗?
1 个解决方案
解决方案1
0 2012-01-18 10:00:36
In RESTful architectures every "thing" should have one identifier which is a URI if you use HTTP as I expect. 在RESTful架构中,每个“事物”都应具有一个标识符,如果您按我期望的那样使用HTTP,则它是一个URI。 In your case, every item should have exactly one URI. 在您的情况下,每个项目都应该只有一个URI。
My First idea was to put a URL to public items like /Root/Items where the public items will live, and other URL like /Root/User/Items where private items will live.
I assume that you are not only talking about collection resources which will return a collection of items. 我假设您不仅在谈论将返回项目集合的集合资源。 I assume that you will have also single item resources. 我假设您还将有单个项目资源。 A URI of a single item could be /Root/Items/42 or /Root/User/Items/23 in your scheme. 方案中单个项目的URI可以是/ Root / Items / 42或/ Root / User / Items / 23。
You can use different URI schemes for public and private items if it helps you doing the authorization needed. 如果可以帮助您进行所需的授权,则可以对公共项目和私有项目使用不同的URI方案。 But anyway URIs did not matter in REST. 但是无论如何,URI在REST中并不重要。 URIs should be always regarded opaque. URI应该始终被视为不透明的。 If you use that different schemes for public and private items, you have to ensure that a public item can never become private and the other way around. 如果对公共物品和私人物品使用不同的方案,则必须确保公共物品永远不会变成私人物品,反之亦然。 If so the URI of a item would change and that's the same as if you would change the primary key of a row in a database. 如果是这样,则项目的URI会更改,这与更改数据库中行的主键一样。 Identifiers should not change. 标识符不应更改。 What you are doing if you are using different URI schemes for public and private items is encoding the privacy level of your items into there identifiers. 如果对公共项目和私有项目使用不同的URI方案,您正在做什么,就是将项目的隐私级别编码到那里的标识符中。 If your problem domain allows this, it is ok. 如果您的问题域允许这样做,则可以。
An Item can be linked to another user so it will have permission to update it.
This sounds like as you want to change the privacy level of an item. 这听起来像您想要更改项目的隐私级别。 As I said before, one item should have exactly one URI which never changes. 就像我之前说过的,一项应该恰好具有一个永远不变的URI。 If you are talking about collection resources, your scheme might be. 如果您在谈论收集资源,那么您的方案可能就是这样。 I'm not sure what you mean here. 我不确定你在这里是什么意思。
At the end: What you need is Authentication and Authorization. 最后:您需要的是身份验证和授权。 You need to return a 403 Forbidden if a user wants to access a private item of another user regardless of its URI. 如果用户要访问另一个用户的私有项而不管其URI,则需要返回403 Forbidden。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.