readOnly: true forbid re-use of ref in valid context

[eLvErDe]

Hello again,

If I define a model for ObjectId which is marked as readOnly: true I can use it properly in GET and POST route (and thanks a lot for that !) sadly I cannot re-use this model in /get/{id} route (validation fails).

Here is a complete example showing the issue (actually most of the code is useless, all you need is to call /get/12345 and see the validation error:

import tempfile
from uuid import uuid4
from aiohttp import web

from aiohttp_swagger3 import SwaggerDocs, SwaggerUiSettings


data = {}

swagger_spec = """
components:
  schemas:
    ObjectId:
      type: string
      example: 123e4567-e89b-12d3-a456-426614174000
      readOnly: true
    SomeObject:
      type: object
      properties:
        id:
          $ref: '#/components/schemas/ObjectId'
        prop1:
          type: boolean
        prop2:
          type: string
      required:
      - id
      - prop1
      - prop2
"""


async def post(request, body):
    """
    Create a new object with readOnly id prop

    ---
    summary: Create a new object with id generated server side
    requestBody:
      required: true
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/SomeObject'
    responses:
      "200":
        description: Worked
    """

    uuid = str(uuid4())
    body["id"] = uuid
    data[uuid] = body
    return web.json_response(body)


async def get(request):
    """
    Get all objects stored in memory

    ---
    summary: Get all objects stored in memory
    responses:
      "200":
        description: Worked
    """

    return web.json_response(list(data.values()))


async def get_one(request, id):
    """
    Get object matching provided id

    ---
    summary: Get object matching provided id
    parameters:
    - name: id
      in: path
      required: true
      schema:
        $ref: '#/components/schemas/ObjectId'
    responses:
      "200":
        description: Worked
    """

    return web.json_response(data[id])


def main():
    app = web.Application()

    with tempfile.NamedTemporaryFile() as spec_fh:
        spec_fh.write(bytes(swagger_spec.strip(), "utf-8"))
        spec_fh.seek(0)
        swagger = SwaggerDocs(app, components=spec_fh.name, swagger_ui_settings=SwaggerUiSettings(path="/"))

    swagger.add_routes([web.post("/post", post), web.get("/get", get, allow_head=False), web.get("/get/{id}", get_one, allow_head=False)])

    web.run_app(app)


if __name__ == "__main__":
    main()

Regards, Adam.

[hh-h]

Hi, this is incorrect usage of readOnly, see docs

You can use the readOnly and writeOnly keywords to mark specific properties as read-only or write-only.

Relevant only for Schema "properties" definitions.

You can use it only in properties section.

[eLvErDe]

Fair enough, stack overflow then advices to combine with allOf which will lead to the other issue I reported earlier :D

https://stackoverflow.com/a/51402417

[eLvErDe]

Btw, found more information about his:
OAI/OpenAPI-Specification#1622

If I understand correctly it's kinda a grey area but it seems to be common to just ignore this property when seen outside applicable context.

[hh-h]

I thought it will be hard to implement, but with the addition of a pinch of crutches, it is actually possible :)

[eLvErDe]

Thanks :)