46 replies

ash json patch with composite primary key

I have a resource with 2 primary keys

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

And this update action

    update :update do
      primary? true
      accept :exposed
    end

    update :update do
      primary? true
      accept :exposed
    end

    update :update do
      primary? true
      accept :exposed
    end

    update :update do
      primary? true
      accept :exposed
    end

And finally this json API route

patch :update

patch :update

patch :update

patch :update

But how do I use it now? If I make this request

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

Then the wrong data is set as exposed. This is the query SQL query that is generated

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

In other words, the ID for the data is ignored and idk how to set it properly.

I also have this policy for what it's worth

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

Solution

a new guide on the topic: https://github.com/ash-project/ash_json_api/blob/main/documentation/topics/composite-primary-keys.md

GitHub

ash_json_api/documentation/topics/composite-primary-keys.md at main...

The JSON:API extension for the Ash Framework. Contribute to ash-project/ash_json_api development by creating an account on GitHub.

Jump to solution

ash json patch with composite primary key

Similar Threads

Similar Threads

Similar Threads