I have a rest service and on that I want to add an attribute for each object I have it. So I have player objects and I want to add their games' statistics after each game.
My endpoint to get all players is;
GET /api/players
and I have a game object in which there is a player id; so is it ok if I develop a service without indicating player id on the link as the object has already have it;
POST /api/players/game [gameObject]
or should I put id to the link as well
POST /api/player/{playerID}/game [gameObject]
Both of them are perfectly fine. It is a matter of how descriptive you can be with your URLs.
Personally I would prefer the second URL because it is easier to comprehend and in the first look it is clear that the game object is meant for a particular player.
READ:
Best Practices for Designing a Pragmatic RESTful API
Related
I have been trying to replicate typeracer which is an online platform to increase typing speed and also I am a beginner in django.
I have three models named, Players(is an abstraction of the default user model and holds info of all the registered users), Posts(contains all the passages that are available to practice typing), UserPost(contains id of all the posts which are used and the id of Account which used it).
My question is how can I implement multiple games. For example, suppose A and B are playing together on one game, and at the same time C,and D want to start a new game identified by another game url, also again at the same time E, F, G, H want to start another game identified by different game url to compete just amongst themselves at the same time.
If I am not able to make myself clear, please check
this and go on to race your friends, and just click on invite people to join! You will get what I mean.
How to do implement this.? Any ideas?
I think you will have to create a new model named games and make a slug field called url, it can act as pk too.
I need to create a one-to-one relationship between a Game and a Site - each game happens in one site. In my database, site is an attribute of the Game object which points to a Site object.
I couldn't find much on the internet about this, these are my ideas:
GET /game/<game_id>/site
Gets a game's site, hiding the site id.
POST /game/<game_id>/site
Creates a game's site, this is only used once when creating the game.
PUT /game/<game_id>/site
Updates a game's site
DELETE /game/<game_id>/site
Deletes a game's site.
But what if someone wants to get a list of all the sites? Should I add a /sites URI and have the get method for the Site object detect whether a game_id has been passed in? Should I also let people access a site by /sites/<site_id> Or should I let the client populate their own list of sites by iterating over all games? Finally, I usually have an 'href' attribute for each object which is a link back to itself. If I went with the above design (incl. the /sites/ URI), do I link to /game/<game_id>/site or /sites/<site_id>? Should there be two places to access the same info?
Am I on the right track? Or is there a better way to model one-to-one relationships in REST?
If it matters, I'm using Flask-RESTful to make my APIs.
Your ideas make a lot of sense.
The big distinction is whether or not a site can exist independently of a game. It sounds like it can. For example, two games may point to the same site.
As far as I understand with RESTful API design, there isn't a problem with exposing the same site resource through both /game/<game_id>/site and through /sites/<side_id>. But REST encourages you to link data through hypermedia.
Exposing the site in two different places could complicate things, since you'd then expect to be able to interact with site objects through both of those URLs.
My recommendation to keep your structure explicit and simple would be:
Have a collection of site resources at /sites
Expose site resources at /site/<site_id>
Use a link object from a game to a site. See Thoughts on RESTful API design by Geert Jansen.
Following the link object design, your game resource representation would include something like this:
{
"game_id": 10,
...,
"link": {
rel: resource/site
href: /api/sites/14
}
}
Without more design work, this would mean you'll make a second call to get the site's information. Every design has its compromises :)
I have a question regarding some action accessing, i'm not talking here about authorization etc, but more about the direct access to actions.
Basically i have 2 question, 1 general and 1 more contextual:
Situation imaging i have an action : MyArticles/DeleteArticle/id
1) How can i prevent that if someone will just put this url with a proper id remove article? How can i say that it can only be used with a button on my website? And should this action be a get or post?
At this moment i use $.ajax and GET method ....
2) Now imagine i have many people, and if all th ppl are registered, they can delete each others article, what if i want to avoid that and let users only delete their own articles, because at this moment for example if they can guess the id they can directly access the action with id and delete it.
Can anyone provide explanation and some tips about that?
i'm not talking here about authorization etc
Yes, you are. The authorization to delete the article should take place within the action itself, it's not the responsibility of the calling code or of any UI which displays a link to the action.
How can i say that it can only be used with a button on my website?
I imagine any approach to that is going to complicate the issue tremendously. Understand how HTTP requests work... Your application isn't making the request to the action, the user is. They're doing so (in the general case) by clicking a link on an interface provided by your application, but the request itself is coming from the user. (Well, from the user's web browser, which is in their control and not yours.)
The most straightforward approach to this is to encapsulate authorization in the action itself (or, better still, in the model functionality being invoked by the action... but logically that's still part of the "request" being performed).
When you expose a piece of functionality which not everybody should be able to invoke, put the authorization on the functionality itself instead of on the UI which invokes it. That way no matter how it's invoked it always maintains the authorization, instead of just assuming that some other component maintained it.
You have a lot of control in MVC with respect to the USER. To allow a user to delete only his own work, you must remember in the database who wrote what. If this is the case - and you know it, a simple if statement in the beginning of the action will do the trick.
For school we are creating a roulette webapplication in Clojure with the webnoir framework. Everything seems realizable in Clojure, but the problem is: how do we define the board in our domain in Clojure? It must be possible to place corner bets etc.
And if we modelled this in our domain how do we send the information of the view to our domain/board?
Does anyone has ideas or suggestions?
Since there are infinite ways to define a board, many of them good, I'll avoid that question and primarily address the second: communicating between your board view and model.
One solution using webnoir is to have your board view contain form[s] to perform actions. Submitting that form updates your board model and redirects to the same route, resulting in an updated view. I'm sure you've been leafing through Chris Granger's excellent documentation.
Another route, albeit one that might be outside the scope of your project, is to have client side code dynamically communicate with the model and update your view, the end result being a single page webapp. This could be done with ClojureScript. If you are considering this, take a look at Chris Granger's libraries formerly known as pinot. They provide a wonderful complement to webnoir.
I want to make an interface that looks like this
So here is what the user can do
1- Connect people to each other
2- See some information about each person (the balloon)
3- Move these objects around without them loosing their connections
Then I want to save these connection information using ajax, so that I can see who is connected to who, I also need to redraw these diagrams next time the user sees the page.
It seems like jsPlumb, paperjs, and raphael can all do this and a lot more, my question is which one is suitable for this need.
inspect graphiti which is based on raphael.
http://www.draw2d.org/graphiti/jsdoc/#!/example
Greetings
Andreas