46 replies

ash json patch with composite primary key

I have a resource with 2 primary keys

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

And this update action

    update :update do
      primary? true
      accept :exposed
    end

    update :update do
      primary? true
      accept :exposed
    end

And finally this json API route

patch :update

patch :update

But how do I use it now? If I make this request

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

Then the wrong data is set as exposed. This is the query SQL query that is generated

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

In other words, the ID for the data is ignored and idk how to set it properly.

I also have this policy for what it's worth

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

Solution

a new guide on the topic: https://github.com/ash-project/ash_json_api/blob/main/documentation/topics/composite-primary-keys.md

GitHub

ash_json_api/documentation/topics/composite-primary-keys.md at main...

The JSON:API extension for the Ash Framework. Contribute to ash-project/ash_json_api development by creating an account on GitHub.

Jump to solution

Ash Framework•8mo ago•

46 replies

Sienhopist

ash json patch with composite primary key

I have a resource with 2 primary keys

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

json_api do
  type "client_data"

  primary_key do
    keys [:client_id, :data_id]
    delimiter "~"
  end
end

And this update action

    update :update do
      primary? true
      accept :exposed
    end

    update :update do
      primary? true
      accept :exposed
    end

And finally this json API route

patch :update

patch :update

But how do I use it now? If I make this request

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

curl -X 'PATCH' \
  'http://localhost:4000/api/v1/client_data/00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982' \
  -H 'accept: application/vnd.api+json' \
  -H 'Content-Type: application/vnd.api+json' \
  -d '{
  "data": {
    "attributes": {
      "exposed": true
    },
    "id": "00000000-0000-0000-0000-000000000000~3e8be57c-26ed-4eef-abe5-52526d52b982"
  }
}'

Then the wrong data is set as exposed. This is the query SQL query that is generated

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

UPDATE "client_data" AS p0 SET "exposed" = $1 FROM (SELECT sp0."exposed" AS "exposed", sp0."client_id" AS "client_id", sp0."data_id" AS "data_id" FROM "client_data" AS sp0 WHERE (sp0."client_id"::uuid = $2::uuid) AND ((CASE WHEN sp0."client_id"::uuid = $3::uuid THEN $4 ELSE ash_raise_error($5::jsonb) END)) LIMIT $6) AS s1 WHERE ((p0."data_id" = s1."data_id") AND (p0."client_id" = s1."client_id")) RETURNING p0."client_id", p0."data_id", p0."exposed" [true, "00000000-0000-0000-0000-000000000000", "00000000-0000-0000-0000-000000000000", true, "{\"input\":{\"authorizer\":\"Ash.Policy.Authorizer\"},\"exception\":\"Ash.Error.Forbidden.Placeholder\"}", 1]

In other words, the ID for the data is ignored and idk how to set it properly.

I also have this policy for what it's worth

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

policies do
  # Filter which rows the tenant sees instead of rejecting their whole request (this is default).
  default_access_type :filter

  # Reject whole request if actor is absent.
  policy actor_present() do
    authorize_if expr(client_id == ^actor(:client_id))
  end
end

Solution

a new guide on the topic: https://github.com/ash-project/ash_json_api/blob/main/documentation/topics/composite-primary-keys.md

GitHub

ash_json_api/documentation/topics/composite-primary-keys.md at main...

The JSON:API extension for the Ash Framework. Contribute to ash-project/ash_json_api development by creating an account on GitHub.

Jump to solution

ash json patch with composite primary key

ash json patch with composite primary key

Similar Threads

Similar Threads

Similar Threads