@@ -30,6 +30,7 @@ for exchanging data.
3030 - [ Compound Documents] ( #document-structure-compound-documents )
3131 - [ Meta information] ( #document-structure-meta )
3232 - [ Top-level Links] ( #document-structure-top-level-links )
33+ - [ Read-only attributes and relationships] ( #document-structure-readonly )
3334- [ Fetching Data] ( #fetching )
3435 - [ Fetching Resources] ( #fetching-resources )
3536 - [ Fetching Relationships] ( #fetching-relationships )
@@ -170,6 +171,8 @@ A document's top level **MAY** also have the following members:
170171* ` "links" ` : URLs related to the primary data.
171172* ` "included" ` : a list of resource objects that are related to the primary data
172173 and/or each other ("included resources").
174+ * ` "readonly" ` : a list, per resource type, of lists of attributes or
175+ relationships of resources of a given type, which cannot be modified by client.
173176
174177If any of these members appears in the top-level of a response, their values
175178** MUST** comply with this specification.
@@ -192,6 +195,8 @@ In addition, a resource object **MAY** contain any of these top-level members:
192195 relationships (described below).
193196* ` "meta" ` : non-standard meta-information about a resource that can not be
194197 represented as an attribute or relationship.
198+ * ` "readonly" ` : a list of attributes or relationships of the given resource,
199+ which cannot be modified by client.
195200
196201Here's how an article (i.e. a resource of type "articles") might appear in a document:
197202
@@ -488,6 +493,112 @@ The top-level links object **MAY** contain the following members:
488493 data represents a resource relationship.
489494* Pagination links for the primary data (as described below).
490495
496+ ### Read-only attributes and relationships <a href =" #document-structure-readonly " id =" document-structure-readonly " class =" headerlink " ></a >
497+
498+ A server ** MAY** inform client which resource attributes or relationships
499+ cannot be modified by client by providing top-level or resource-level
500+ members ` "readonly" ` . If supplied, they ** MUST** be provided either on
501+ resource level or on top level of any given response document,
502+ and ** MUST** have the following values:
503+
504+ * at resource level, an array containing names of read-only attributes
505+ and relationships of that resource,
506+ * at top level, an object containing members keyed by resource type,
507+ each of which is an array containing names of read-only attributes
508+ and relationships of that resource type.
509+
510+ If ` "readonly" ` member is supplied for a given resource of resource type,
511+ and ` "id" ` of that resource or resource type cannot be modified by
512+ client, element ` "id" ` ** MUST** be included in the arrays defined above.
513+
514+ If ` "readonly" ` member is provided, it ** MUST** account for authentication
515+ and authorization status of the current client and for other pertinent
516+ circumstances, so that the returned information is accurate for the given
517+ client at the moment when the response is being built by the server.
518+ If ` "readonly" ` member is provided at resource level, it also ** MUST**
519+ be accourate for the given resource.
520+
521+ If the server provides facilities to inform the client about read-only
522+ attributes or relationships, it ** MUST** return ` 403 Forbidden `
523+ in response to attempt of a client to modify them and provide
524+ additional information on the cause of the error in the error object.
525+
526+ Example of top-level read-only object
527+ (it also illustrates that the server allows the client to modify IDs of countries):
528+
529+ ``` json
530+ {
531+ "data" : {
532+ "id" : " 12"
533+ "type" : " users"
534+ "username" : " jsmith"
535+ "email" : " jsmith@example.com"
536+ "updated_at" : " 2015-01-01"
537+ "name" : {
538+ "first" : " jane"
539+ "last" : " smith"
540+ },
541+ "links" : {
542+ "father" : { "linkage" : { "id" : " 34" "type" : " users"
543+ "mother" : { "linkage" : { "id" : " 56" "type" : " users"
544+ "spouse" : { "linkage" : { "id" : " 78" "type" : " users"
545+ "country" : { "linkage" : { "id" : " 90" "type" : " countries"
546+ }
547+ },
548+ "included" : [{
549+ "id" : " 90"
550+ "type" : " countries"
551+ "name" : " USA"
552+ "updated_at" : " 2015-01-01"
553+ }],
554+ "readonly" : {
555+ "users" : [ " id" " username" " name.first" " father" " mother" " updated_at"
556+ "countries" : [ " updated_at"
557+ }
558+ }
559+ ```
560+
561+ Example of resource-level read-only object:
562+
563+ ``` json
564+ {
565+ "data" : {
566+ "id" : " 12"
567+ "type" : " users"
568+ "username" : " jsmith"
569+ "email" : " jsmith@example.com"
570+ "updated_at" : " 2015-01-01"
571+ "name" : {
572+ "first" : " jane"
573+ "last" : " smith"
574+ },
575+ "links" : {
576+ "father" : { "linkage" : { "id" : " 34" "type" : " users"
577+ "mother" : { "linkage" : { "id" : " 56" "type" : " users"
578+ "spouse" : { "linkage" : { "id" : " 78" "type" : " users"
579+ },
580+ "readonly" : [
581+ " id" " username" " name.first" " father" " mother" " updated_at"
582+ ]
583+ }
584+ }
585+ ```
586+
587+ A server may provide an endpoint for fetching read-only attributes
588+ and relationships for all resources in the API. For example,
589+
590+ ```
591+ GET /readonly
592+
593+ {
594+ "data": null,
595+ "readonly": {
596+ "users": [ "id", "username", "name.first", "father", "mother", "updated_at" ],
597+ "countries": [ "updated_at" ]
598+ }
599+ }
600+ ```
601+
491602## Fetching Data <a href =" #fetching " id =" fetching " class =" headerlink " ></a >
492603
493604Data, including resources and relationships, can be fetched by sending a
0 commit comments