-
Notifications
You must be signed in to change notification settings - Fork 834
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The current spec (inadvertently?) allows non-standard links, which are used in the wild #1656
Comments
Both v1.0 and v1.1 state in addition:
This forbids any additional members in the links object. In v1.1 your use case is supported using an extension, which defines additional members for |
My bad. I totally missed the connection between these two. Thank you for clarifying this.
Wouldn't the extension have to add a new |
An extension is also allowed to define additional members in the {
"data": {
"type": "folder",
"id": "foo",
"links": {
"self": "/folder/foo"
"fs:makeAllDescendantsInheritAccess": "/folder/foo/make-all-descendants-inherit-access"
}
}
} In this case I assume that the extension is about file systems. It uses the If I got it right, your additional members in |
Yes, that is probably what I'll have to do. That also means that my JSON:API framework, Felicity, will have to continue supporting this feature. Thanks for the clarifications! |
Both the 1.0 and 1.1 specs say:
Specifically, this wording does not prohibit additional members in the links object. (For that, the spec would have to either say something like "MAY ONLY contain", or add a sentence saying that the links object "MAY NOT contain additional members".) However, in #1019 (comment), @ethanresnick stated that this is forbidden.
I have implemented the now two-and-a-half year old JSON:API framework Felicity. Based on my understanding of the spec, it has always allowed custom links, which we use in many of our APIs. I have essentially used custom links in cases where representing state transitions via resource creation or normal
PATCH
update seemed too heavy-handed. For example, in an API representing a directory tree,folder
resources have amakeAllDescendantsInheritAccess
link that supportsPOST
to make all child files/folders inherit its access rules. Its presence or absence indicates whether the operation is currently allowed by the requesting user. We also have adownload
link onfile
resources that serves the actual file contents (i.e., does not return a JSON:API response). I have many more examples if need be.I just wanted to let you know that custom links are easily interpreted as allowed by the current spec, and that these exist in the wild. The spec may need clarification on this point if you really want them to be forbidden (which may cause breaking changes in APIs in the wild, preventing them from targeting a new JSON:API version and still be spec compliant).
The text was updated successfully, but these errors were encountered: