REST风格的HTTP:显示不同的重新presentations两个用户在同一个URI [英] RESTful HTTP: Showing different representations to two users on the same URI
问题描述
我设计一个超媒体API,是的,一个RESTful API,与超文本的约束。
I'm designing a hypermedia API, yes, a RESTful API, with the hypertext constraint.
系统的每个用户都会使用自己的凭据访问该系统,所以每次我们处理请求身份验证和授权。每个用户通常具有特定的凭证,以便它们可以具有不同的permissione(例如无,读,读/写)上每个集合
Each user of the system will access the system using their own credentials, so every request we process is authenticated and authorized. Each user will typically have specific credentials so that they may have different permissione (e.g. none, read, read/write) on each collection.
我们希望客户端与一个URI催芽,它开始于,这将可能是一个原子服务文档,或原子集合的层次结构(原子草案层次扩展)。
We want the client to be primed with the one URI that it starts with, which would be perhaps an atom services document, or a hierarchy (draft atom hierarchy extensions) of atom collections.
我的问题基本上是应用户看到了相同的URI不同的再presentations,或应用户被定向到根据他们的权限不同的URI?
My question is basically should users see different representations for the same URI, or should users be directed to different URIs based on their permissions?
例如:用户A和用户B在系统不同的权限。他们登录不同的凭据,以相同的起始URI。一个成功的反应可能是一个下列2:
For example: User A and User B have different permissions in the system. They log in with different credentials, to the same start URI. A successful response may be one of the following 2:
- 200 OK,和用户A看到在同一个URI 不是用户B的不同的东西
- 302(或其它重新导向)的每个用户到例如/端点/用户A(这是他们自己的)
- 200 OK, and User A sees something different than user B on the same URI
- 302 (or other redirect) each user to e.g. /endpoint/userA (which they own)
缓存性之间的权衡是当然的最小的,因为资源是由客户端,而不是由中介人仅缓存,但有一个为能见度太折衷(URI包含(aythenticated)用户ID)。最后,还有是未来允许用户A(或超级用户),看看用户B看到的可能性。
The tradeoff between cacheability is of course minimal, since resources are cached only by the client and not by intermediaries, but there's a tradeoff for visibility too (URI contains (aythenticated) user ID). Finally there's the future possibility of allowing User A (or a super user) to see what User B sees.
我不要求什么Twitter或Facebook这样做,我更感兴趣的是REST practicioners不得不说这件事。
I'm not asking what Twitter or Facebook do, I'm more interested in what REST practicioners have to say about this.
推荐答案
我个人觉得这个一个非常艰难的征召令,我认为这取决于很多很多内容将如何改变。如果差异的一些额外的细节遗漏那么我很可能把它当作了变化基于用户一个单一的资源。
Personally I find this a really tough call to make and I think it depends a lot how much content would change. If the difference is the omission of a few extra details then I would probably treat it as a single resource that varies based on the user.
然而,一旦开始分歧,以获得更多显著然后我会看看如何创建不同的资源。我仍然设法避免创建特定于特定用户的资源。也许对于一个特定的资源,你可以创建一组子资源,与内容不同的水平。例如。
However, once the differences start to get more significant then I would look at creating different resources. I would still try and avoid creating resources that are specific to a particular user. Maybe for a particular resource you could create a set of subresources, with differing levels of content. e.g.
/Customer/123?accesslevel=low
/Customer/123?accesslevel=medium
/Customer/123?accesslevel=high
这个方法结合了302可以是在一些情况下就足够了。对于更复杂的情况下,你可以使用多个查询字符串参数。
This method in combination with the 302 may be sufficient in some cases. For more complex cases you could use multiple query string parameters.
/Employee/123?SocialSecurityNo=yes&SalaryInfo=yes
我不相信有一个简单的回答这个问题。我认为答案是类似于大多数棘手的REST场景:你的解决方案可以,只要你想,只要你不违反约束的创意: - )
I do not believe there is an easy answer to this question. I think the answer is similar to most tricky REST scenarios: your solution can be as creative as you want as long as you don't violate the constraints :-)
这篇关于REST风格的HTTP:显示不同的重新presentations两个用户在同一个URI的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
