Determine which fields are mutable on each resource.
Determine which fields are mutable on each resource in pulpcore. This will affect which fields a user can update using the REST API.
#4 Updated by ttereshc over 2 years ago
- Checklist item deleted (
Divide and conquer)
- Checklist item Audit current models in pulpcore and pulpcore-plugin added
- Checklist item Adjust mutability upon reaching the agreement added
- Subject changed from Planning: determine which fields are mutable on each resource. to Determine which fields are mutable on each resource.
- Groomed changed from No to Yes
- Sprint Candidate changed from No to Yes
#8 Updated by ttereshc over 2 years ago
The field should be read_only if it's not supposed to be set or updated by users via any REST API calls.
When unsure, set field to read_only (we can make it writable later. Due to semver we can't do it the other way around).
UPD (from comment#9): If a field should be set by user but should remain immutable, this can be adjusted at the viewset level.
Ways for a field to be a read-only one¶
- a field can only be a read-only one
- any IdentityFields
- ManyToManyFields with Through model https://www.django-rest-framework.org/api-guide/relations/#manytomanyfields-with-a-through-model
- nested serializers are read-only by default
- explicitly set on a serializer read_only=True
- editable=False or auto_now=True or auto_now=True or any AutoField on a model
- read_only_fields are specified in Meta class for a serializer
#9 Updated by firstname.lastname@example.org over 2 years ago
Just to be complete, `read_only` is a little different from immutable. Some fields may need to be set, but only during creation time. For one case, ContentUnits are not read-only, but are immutable because their ViewSets do not have have the Update mixin. https://github.com/pulp/pulp/blob/cf30f2e9a77f7ad935184c5cbe58dfad788febc3/pulpcore/app/viewsets/content.py#L90-L93
Another hypothetical case (I don't know of any in our code base) is that some fields may need to be set at creation time, but other fields are update-able. If this is necessary, some custom update code can be created on the ViewSet and/or Serializer to enforce it.
The important takeaway from this comment is that we need to audit more than just the serializers. We need to also check the ViewSets to get the real picture for what is/isn't mutable.
#11 Updated by ttereshc over 2 years ago
Current state which looks good to me. Any concerns/thoughts are welcome.
All resources have the following read-only attributes:
- _ href
read-write (can be set once, can't be updated - restricted in a viewset):
- all checksums
read-write (as per serializer; create/update are not provided by pulpcore, should be done in plugins):
write-only (aka not shown in API responses):
- no create/update are allowed
- all fields are read_only
#12 Updated by ttereshc over 2 years ago
- Checklist item Document criteria for determining which fields should be mutable set to Done
- Checklist item Share that criteria and get feedback from the team set to Done
- Checklist item Audit current serializers in pulpcore set to Done
- Checklist item Adjust mutability upon reaching the agreement set to Done
- Checklist item Audit current viewsets in pulpcore set to Done
Please register to edit this issue