Skip to content

In case of request validation readOnly should disable required check #7263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mathis-m opened this issue May 13, 2021 · 1 comment · May be fixed by #7264
Open

In case of request validation readOnly should disable required check #7263

mathis-m opened this issue May 13, 2021 · 1 comment · May be fixed by #7264

Comments

@mathis-m
Copy link
Contributor

mathis-m commented May 13, 2021
edited
Loading

Origin

@mathis-m, is this why its not working in swagger-ui? the id field is marked as readOnly which makes it implicitly non-required on request. this is from the 3.0.3 spec:

If the property is marked as readOnly being true and is in the required list, the required will take effect on the response only.

also the json path correctly fills the the request body textfield from the template with description and without id. so the schema interpretation is correct there.

apart from that, user feedback should happen if the request cannot be sent and why. imho at least

Originally posted by @tfranzel in #7242 (comment)

Context

validateParam is used for validation Request Inputs, this creates the need for checking readonly property.
I do not see this implemented till now. OAS:

Relevant only for Schema "properties" definitions. Declares the property as "read only". This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request. If the property is marked as readOnly being true and is in the required list, the required will take effect on the response only. A property MUST NOT be marked as both readOnly and writeOnly being true. Default value is false.

Requirements

  • SHOULD NOT be sent as part of the request (it could be sent in request in given cases) -> do not validate for non existence

    This phrase, or the phrase "NOT RECOMMENDED" mean that
    there may exist valid reasons in particular circumstances when the
    particular behavior is acceptable or even useful, but the full
    implications should be understood and the case carefully weighed
    before implementing any behavior described with this label.

  • readOnly being true and is in the required list, the required will take effect on the response only -> required check should be bypassed if property is readOnly: true
    • required: true: consider bypass for schema itself at

      swagger-ui/src/core/utils.js

      Line 432 in 53829f1

      const schemaRequiresValue = requiredByParam || requiredBySchema === true
    • required: <List> & properies.readonly: consider bypass for child property level by adding filter at

      swagger-ui/src/core/utils.js

      Line 494 in 53829f1

      if(objectVal[key] === undefined) {
@mathis-m mathis-m linked a pull request May 13, 2021 that will close this issue
Draft
17 tasks
@tim-lai
Copy link
Contributor

tim-lai commented Jun 8, 2021

For non-application/json cases, this function is a good starting point to consider:

swagger-ui/src/core/plugins/oas3/selectors.js

Line 196 in a7e902e

export const validateShallowRequired = (state, { oas3RequiredRequestBodyContentType, oas3RequestContentType, oas3RequestBodyValue} ) => {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(try-it-out): validation should consider readOnly mathis-m/swagger-ui
2 participants
@mathis-m @tim-lai