Include and exclude columns doesn't apply to sub resources #211
Comments
|
+1 on this |
|
This is definitely a bug, but I think this may be best solved by a major overhaul of the include/exclude/endpoints-for-relations system. What I'm envisioning is something like calling This is also related to #168. |
|
Not exactly what you envisioned, but I've created a branch which does the trick for me. Allows you to specify the model relation endpoints independently, each with their own include and exclude rules, methods, and post and pre processors. I've haven't tested this extensively yet, just thought you may want to have a look. It implements it in the simplest manner. Basically, if The branch is master-define-relation-endpoints I think declaring relation endpoints individually is good because it allows for the most flexibility without much complication. It also makes API development more declarative requiring you to think though each exposed endpoint. Let me know what you think. |
|
@dnordberg Can you make a pull request with that branch, just so that it is easier to see the differences on GitHub? |
Before the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") several issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
Previously, the behavior of Flask-Restless was a bit arbitrary. Now we force it to comply with a concrete (though still changing) specification, which can be found at http://jsonapi.org/. This is a (severely) backwards-incompatible change, as it changes which API endpoints are exposed and the format of requests and responses. This change also moves JSON API compliance tests to a convenient distinct test module, `tests.test_jsonapi.py`, so that compliance with the specification can be easily verified. These tests correspond to version 1.0rc2 of the JSON API specification, which can be found in commit json-api/json-api@af5dfcc. This change fixes (or at least makes it much easier to fix or much easier to mark as "won't fix") quite a few issues, including but not limited to - #87 - #153 - #168 - #193 - #208 - #211 - #213 - #243 - #252 - #253 - #258 - #261 - #262 - #303 - #394
|
.. still not work |
|
Using Flask-Restless 0.17 this issue is still there. As said by others, this is of particular importance because it exposes all the data even for models that you don't want to provide any, which is my case. For example, using the classes Even though there is no api for And every computer related to a person is exposed, though I explicitly asked for the exclusion of that info when I created the I don't really know whether this is too difficult or not, but maybe a possible solution could be that related models should use their related api, but without further relations to avoid infinite cycles. Or maybe, instead of retrieving the related objects, just provide an URI to get those related objects with respect to the related api. For example, for person with id=3: |
|
This may have been fixed in version 1.0.0b1, see pull request #493. Please test your code with either |
Using 0.12.0-dev, for a resource Country, if include_columns is set to 'code', 'name', 'cities', 'cities.name', accessing the countries endpoint results in the correct response.
Accessing country/1/cities however returns all fields and relations in the City resource.
Accessing sub resources should apply the same rules used in accessing the resource. In this case, only 'cities.name' should be exposed, and not all other fields and relations under the cities sub resource.
The text was updated successfully, but these errors were encountered: