You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If a certain user isn't granted access to a certain table or view, it's not shown in the OpenAPI output, which seems correct.
But, views only allow for SELECT queries so why showing also POST/DELETE/PATCH options? Also, if I only allow certain access to a table, I would only expect the corresponding features in OpenAPI output.
Is there a reason that the OpenAPI is always showing GET/POST/DELETE/PATCH features for all tables and views?
The text was updated successfully, but these errors were encountered:
Is there a reason that the OpenAPI is always showing GET/POST/DELETE/PATCH features for all tables and views?
The only reason is that a more fine-grained output is not implemented, yet. We are unlikely to make major changes to the OpenAPI output right now, because we expect to move it out of core alltogether (see #1698). Once we have solved that, we're in a much better position to improve OpenAPI a lot.
If a certain user isn't granted access to a certain table or view, it's not shown in the OpenAPI output, which seems correct.
But, views only allow for SELECT queries so why showing also POST/DELETE/PATCH options? Also, if I only allow certain access to a table, I would only expect the corresponding features in OpenAPI output.
Is there a reason that the OpenAPI is always showing GET/POST/DELETE/PATCH features for all tables and views?
The text was updated successfully, but these errors were encountered: