Feature request
When connecting an entity to Json:Api one does not always want to expose all relationships.
Would be nice to have a IncludeWhitlist(or a better name) attribute/header one can add on a controller endpoint to restrict the includes that are possible.
If a query has an include that is not in the whitelist a jsonapiforbidden exception should be thrown and the user should get an error response with why its not allowed and what includes that are allowed.
Use case
[HttpGet("cves")]
[IncludeWhitelist(["epss","vulncheckkevs"])]
public async Task<IActionResult> GetCvesAsync()
{
var queryString = Request.QueryString.Value;
var result = await vaspService.GetCvesAsync<object>(queryString);
return Ok(result);
}
If i ask "...include=cve,vulnerabilities": Throw forbidden
If i ask "...include=cve": allowed
Priority
High
Feature request
When connecting an entity to Json:Api one does not always want to expose all relationships.
Would be nice to have a
IncludeWhitlist(or a better name) attribute/header one can add on a controller endpoint to restrict the includes that are possible.If a query has an include that is not in the whitelist a jsonapiforbidden exception should be thrown and the user should get an error response with why its not allowed and what includes that are allowed.
Use case
If i ask "...include=cve,vulnerabilities": Throw forbidden
If i ask "...include=cve": allowed
Priority
High