Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Preventing fields from being updated on a PATCH request

See original GitHub issue

I need to perform validation on specific fields, such that the user would be able to assign them a value on a POST request, yet would not be able to update their value in a PATCH request. Since @JsonProperty provides limitation on READ and/or WRITE access only, I would not be able to perform such functionality using this annotation.

A solution I was trying to implement was to retrieve the attributes specified by the user in the body of a PATCH request, so as to identify those fields that will be updated. If I perform such a check from inside my repository class, I would not be able to identify the updated attributes since the resource would have already been merged.

A potential solution I was investigating was extending the ResourcePatchController class so that I can get the list of updated attributes in my overridden handleAsync(..) method from the requestDocument parameter. In order to implement such a solution, I would require to add my custom extended class as a controller instead of the default ResourcePatchController.

Is there any way of how I can achieve such a behaviour?

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
remmeiercommented, Jul 18, 2018

@JsonApiField.patchable seems what you are looking for? Or if you need more advanced logic, you can provide a custom ResourceFilter implementation.

0reactions
duncanportellicommented, Jul 21, 2018

Hi @remmeier,

Managed to achieve this by using the DocumentFilter. Thanks for all your help!

@Override
public Response filter(DocumentFilterContext context, DocumentFilterChain chain) {

	if (context.getMethod().equals(HttpMethod.PATCH.name())) {
		Set<String> modifiedAttributes = context.getRequestBody().getSingleData().get().getAttributes().keySet();

		List<ResourceField> forbiddenPatchFields =
			context.getQueryAdapter().getResourceInformation().getAttributeFields()
			.stream()
			.filter(field -> !field.getAccess().isPatchable() && modifiedAttributes.contains(field.getJsonName()))
				.collect(Collectors.toList());

		// Do logic
	}

	return super.filter(context, chain);
}
Read more comments on GitHub >

github_iconTop Results From Across the Web

Spring Data Rest PATCH forbid update on specific fields
This won't throw errors but will avoid the field from being updated. ... the specific PATCH endpoint and retain only the allowed fields...
Read more >
rest - Best way to enable field removal through PATCH
Is there a better way to allow a user to remove a field from an object using a REST API? I would like...
Read more >
A better way to implement HTTP PATCH operation in REST APIs
Therefore, the server must carefully implement behavior that ignores such fields and updates the remaining part of the resource.
Read more >
Difference Between PUT and PATCH Request - GeeksforGeeks
PUT and PATCH requests are HTTP verbs and both relate to updating the ... PUT requests by sending only the fields that we...
Read more >
Patch function in Power Apps (contains video) - Power Platform
Use the Patch function to modify records in complex situations, such as when you do updates that require no user interaction or use...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

NullPointerException when using the [LIKE] filter operator

Next page

Can not override crnk resource domain