我有一个用于检索用户的JSON API端点。此资源还将用于获取用户的权限,以显示或隐藏前端应用程序中的特定元素。
资源如下所示:
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
"jsonapi": {
"version": "1.0"
},
"meta": {
"content-type": "application/vnd.api+json"
},
"links": {
"self": "/users/some-uuid"
},
"data": {
"type": "users",
"id": "some-uuid",
"attributes": {
"email": "[email protected]",
"permissions": [
"view-all-users",
"view-all-shifts"
]
},
"relationships": {
"roles": {
"data": [
{
"type": "role",
"id": "some-role-uuid"
}
]
}
}
}
}
permissions属性包含用户拥有的权限的slugs。
如果此属性不存在,前端应用程序必须包含资源roles和roles.permissions才能获得用户的权限。该响应如下所示:
HTTP/1.1 200 OK
Content-Type: application/vnd.api+json
{
"jsonapi": {
"version": "1.0"
},
"meta": {
"content-type": "application/vnd.api+json"
},
"links": {
"self": "/users/some-uuid"
},
"data": {
"type": "users",
"id": "some-uuid",
"attributes": {
"email": "[email protected]",
"permissions": [
"view-all-posts",
"edit-all-posts"
]
},
"relationships": {
"roles": {
"data": [
{
"type": "role",
"id": "some-role-uuid"
}
]
}
},
"included": [
{
"type": "roles",
"id": "some-role-uuid",
"attributes": {
"name": "Editor"
},
"relationships": {
"permissions": {
"data": [
{
"type": "permission",
"id": "some-permission-uuid"
},
{
"type": "permission",
"id": "some-permission-uuid-2"
}
]
}
}
},
{
"type": "permissions",
"id": "some-permission-uuid",
"attributes": {
"slug": "view-all-posts"
}
},
{
"type": "permissions",
"id": "some-permission-uuid",
"attributes": {
"slug": "edit-all-posts"
}
}
]
}
}
在这种情况下,前端必须进行大量处理才能获得许可slu。我的问题是:如上例所示,在用户资源上设置短手属性permissions是不是很糟糕,还是前端总是通过关系来获取slu ??
注意:将来我们将拥有一个管理界面,用户可以在其中管理用户,角色和权限。这就是角色和权限作为单独实体可用的原因。
客户端应用程序可以轻松地将角色的所有权限合并到一个键/数组本身,并从那里开始工作。这样,您就可以保持JSON API的原则,并让客户端应用程序可以自由地使用权限。