REST HTTP状态代码(如果无法删除) [英] REST HTTP status code if DELETE impossible

问题描述

我的问题是关于HTTP状态代码的一个相当普通的问题，当在资源上无法进行 DELETE 删除时(而不是关于用户权限).

My question is quite a generic one about HTTP status code when a DELETE is impossible on the resource (but not regarding user's rights).

我们在一种资源上有一个RESTful API.

We have a RESTful API on a type of resource.

已对资源授权 DELETE 方法，但是在某些情况下无法删除资源(如果有数据绑定到该资源).

The DELETE method is authorized on the resource however under some conditions a resource cannot be deleted (if there are data binded to this resource).

在这种情况下返回给客户端的正确的HTTP状态代码是什么?

What is the correct HTTP status code to return to the client in this situation?

以下是我收集的一些可能性以及为什么对我而言不合适:

Here are some of the possibilities I gathered and why it seems inappropriate in my case :

• 403 (禁止):似乎与用户权利主要相关.
• 405 (不允许使用方法):似乎API并非旨在针对这种类型的资源来对此方法做出响应.
• 409 ( Conflict ):似乎合适，但是客户端应该可以解决与API的冲突，但这不是这种情况.

• 403 (Forbidden) : Seems mostly related with user's rights.
• 405 (Method Not Allowed) : Seems like the API is not designed to respond to this method for this type of resource.
• 409 (Conflict) : Seems appropriate but the client should have the possibility to resolve the conflict with the API but that's not the case here.

更新:不能通过REST API更改阻止删除资源的数据绑定.但是，可以通过其他方式释放"资源，因为其他来源可能会更改资源状态的应用程序也访问了数据来源的数据库(数据库中的SQL DELETE总是可以做到这一点).

Update : The data binding that prevents the resource to be deleted cannot be changed via the REST API. However the resource can be "freed" via other way as the database from which the data comes from is also accessed by other apps that may change the state of a resource (an SQL DELETE in the DB can always do that).

推荐答案

鉴于RFC中的措辞，我想说409是最合适的:

I'd say 409 is the most appropriate, given it's wording in the RFC:

409(冲突)状态代码表示请求无法 由于与目标的当前状态冲突而完成 资源.此代码用于可能可能 能够解决冲突并重新提交请求.服务器 应该生成一个有效载荷，该有效载荷应为用户提供足够的信息 识别冲突的根源.

The 409 (Conflict) status code indicates that the request could not be completed due to a conflict with the current state of the target resource. This code is used in situations where the user might be able to resolve the conflict and resubmit the request. The server SHOULD generate a payload that includes enough information for a user to recognize the source of the conflict.

(重点是我的)

根据我对问题描述的理解，不允许DELETE的原因恰恰是与目标资源的当前状态冲突.如RFC所示，响应有效载荷可以给出原因的指示，并且，可能(可选)，用户可能能够解决该问题.在规范中，我没有看到任何使409不合适的东西，仅仅是因为API没有提供解决冲突的可能性.

Based on my understanding of the description in the question, the reason for DELETE not being allowed is exactly a conflict with the current state of the target resource. As indicated in the RFC, the response payload can give an indication of the reason and, optionally, the user might be able to resolve it. I don't see anything in the spec that makes 409 inappropriate just because the API doesn't offer a conflict resolution possibility.

这篇关于REST HTTP状态代码(如果无法删除)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！