laravel-json-api / core Goto Github PK

lets assume we have a companySchema and branchSchema and they have a m-t-m relationship
lets also assume that a user has permission to 'index', 'show', 'showRelationship' of the branchSchema but does not have any permissions to the companySchema using the Authorizer.

if that user used the url: domain.com/api/v1/branches/{branch_id}/companies he will be able to see the data of each company ?

Hey,

Any chance the $fields property and allFields(), allAttributes(), allSortFields(), and allRelation() methods could be changed to protected.

I need to inject some dynamic fields into the Schema during Server::serving(), but fields are cached in the Schema earlier, during routing. Ideally I'd override allFields() to start caching after the dynamic fields have been injected.

More info: In my application I have a Schema which represents several user generated content types. This works by setting Schemas the uriType() to include a route variable for the type, and url() to generate the correct URL. The JsonApiResources type() returns a type congruent with the route variable.

I have two issues I'm trying to overcome. The first is the visibility mentioned above, and second I need to get the Spec\ResourceBuilder and Spec\RelationBuilder to handle the 'fake' type when given a document. I have something hacky working, but not sure it's the best approach. I'm basically mutating the JSON document just before it's created. Any ideas here would be awesome?

Cheers,

George

At the moment the LaravelJsonApi\Core\Support\Arr helper forwards static calls through to the Illuminate\Support\Arr class. This does not work for methods, e.g. forget, where the array is passed by reference. To fix, we will need to implement these methods on our Arr class and mark the value as passed by reference: then forward on to the correct method in the Illuminate class.