You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: usage/common-pitfalls.html
+4-1Lines changed: 4 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -129,7 +129,7 @@ <h4 id="jsonapi-resources-are-not-dtos-or-viewmodels">JSON:API resources are not
129
129
This is only one of the issues you'll run into. Just don't go there.</p>
130
130
<p>The right way to model this is by having only <code>Customer</code> instead of <code>WebCustomer</code> and <code>AdminCustomer</code>. And then:</p>
131
131
<ul>
132
-
<li>Hide the <code>CreditRating</code> property for web users using <ahref="https://www.jsonapi.net/usage/extensibility/resource-definitions.html#excluding-fields">this</a> approach.</li>
132
+
<li>Hide the <code>CreditRating</code> property for web users using <ahref="extensibility/resource-definitions.html#excluding-fields">this</a> approach.</li>
133
133
<li>Block web users from setting the <code>CreditRating</code> property from POST/PATCH resource endpoints by either:
134
134
<ul>
135
135
<li>Detecting if the <code>CreditRating</code> property has changed, such as done <ahref="https://github.com/json-api-dotnet/JsonApiDotNetCore/blob/master/test/JsonApiDotNetCoreTests/IntegrationTests/InputValidation/RequestBody/WorkflowDefinition.cs">here</a>.</li>
@@ -162,6 +162,9 @@ <h4 id="stay-away-from-stored-procedures">Stay away from stored procedures</h4>
162
162
<h4id="do-not-use-apicontroller-on-jsonapi-controllers">Do not use <code>[ApiController]</code> on JSON:API controllers</h4>
163
163
<p>Although recommended by Microsoft for hard-written controllers, the opinionated behavior of <ahref="https://learn.microsoft.com/en-us/aspnet/core/web-api/?view=aspnetcore-7.0#apicontroller-attribute"><code>[ApiController]</code></a> violates the JSON:API specification.
164
164
Despite JsonApiDotNetCore trying its best to deal with it, the experience won't be as good as leaving it out.</p>
165
+
<h4id="dont-use-auto-generated-controllers-with-shared-models">Don't use auto-generated controllers with shared models</h4>
166
+
<p>When model classes are defined in a separate project, the controllers are generated in that project as well, which is probably not what you want.
167
+
For details, see <ahref="extensibility/controllers.html#auto-generated-controllers">here</a>.</p>
<p>Register your JSON:API resource services, resource definitions and repositories with <code>services.AddResourceService/AddResourceDefinition/AddResourceRepository()</code> instead of <code>services.AddScoped()</code>.
167
170
When using <ahref="resource-graph.html#auto-discovery">Auto-discovery</a>, you don't need to register these at all.</p>
0 commit comments