I spent last week triaging the REST module issue queue, to identify the top priorities for REST to support all use cases, and to be less painful to use. This is what I came up with.
Any use case (fully decoupled, progressively decoupled, content sync)
Impossible to update Comment entity with REST: #2631774: Impossible to update Comment entity with REST (HTTP PATCH): bundle field not allowed to be updated, but EntityNormalizer::denormalize() requires itBasic config entity support: #2724823: EntityResource: read-only (GET) support for configuration entities- EntityResource: translations support: #2135829: EntityResource: translations support
- File uploads: #1927648: Serialize file content (base64) to support REST GET/POST/PATCH on file entity
- Full config entity support: #2300677: [PP-1] Create/Update/Delete (POST/PATCH/DELETE) ConfigEntity via REST
REST export entity views supporting translations: #2664880: DataEntityRow doesn't respect translations- Pagination support: #2100637: Add special handling for collections in REST
- REST export views supporting pagination: #2099281: [PP-1] REST views: pagination link relations
- REST export views break the HTML view if they're on the same path: #2730497: REST Views override existing REST routes + #2449143: REST views specify HTML as a possible request format, so if there is a "regular" HTML view on the same path, it will serve JSON
- REST export views: row-level caching: #2648268: REST views: row-level caching doesn't exist, unlike for other types of views
REST export views: authentication support: #2228141: Add authentication support to REST views- HEAD requests do not work: #2752325: Automatically provide HEAD support when a REST resource supports GET`
Fully decoupled
- Logging in: #2403307: RPC endpoints for user authentication: log in, check login status, log out
- Registering: #2291055: REST resources for anonymous users: register
- CORS (to put D8 on different domain): #1869548: Opt-in CORS support
DX
- Content-Type request header missing: #2659070: REST requests without Content-Type header: unhelpful response significantly hinders DX, should receive a 415 response
- X-CSRF-Token request header missing: #2681911: REST requests without X-CSRF-Token header: unhelpful response significantly hinders DX, should receive a 401 response
- GET/PATCH/DELETE to /node, but POST to /entity/node: #2293697: EntityResource: Use /{entity_type} for all REST routes
Configuring REST is a PITA: #2308745: Remove rest.settings.yml, use rest_resource config entities- Configuring REST permissions is a PITA: #2664780: [PP-2] Remove REST's resource-and-verb-specific permissions for EntityResource, but provide BC, document why it's necessary for other resources
- Simplify REST configuration: #2721595: Simplify REST configuration
General reliability, maintainability & DX
#2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method — this actually relates to many of the above issues, and would provide much, much stronger assurances that REST works as expected & intended.
Comments
Comment #2
Wim Leers CreditAttribution: Wim Leers at Acquia commentedOne down :)
Comment #3
dawehner CreditAttribution: dawehner at Chapter Three commentedAdded another issue which could be interesting: #2721595: Simplify REST configuration
Comment #4
aneek CreditAttribution: aneek as a volunteer commentedHello can this be added to this list #2653318: While in maintenance mode, REST routes respond with HTML instead of XML/JSON/…?
Comment #5
Wim Leers CreditAttribution: Wim Leers at Acquia commented#4I don't consider that a top priority: it's an edge case. Everything listed in the top priorities is a huge problem/gap. Don't worry, it will get fixed. I moved it to the
rest.modulecomponent for better visibility, so we don't forget about it.Comment #6
marthinal CreditAttribution: marthinal commented@Wim IMHO #2310307: File needs CRUD permissions to make REST work on entity/file/{id} would be a critical issue here if we want to upload files. AFAIK we want to create 2 entities in the same request and avoid to create the File and then the node(or the custom entity). @alexpott told me that we want to avoid the current solution("everybody can upload files").
And #1927648: Serialize file content (base64) to support REST GET/POST/PATCH on file entity uses this patch...
Comment #7
dawehner CreditAttribution: dawehner at Chapter Three commentedComment #8
dawehner CreditAttribution: dawehner at Chapter Three commentedAdding another issue to it: #2228141: Add authentication support to REST views
Comment #9
Wim Leers CreditAttribution: Wim Leers at Acquia commentedComment #10
Wim Leers CreditAttribution: Wim Leers at Acquia commentedOops, pasted the wrong issue ID.
Comment #11
Wim Leers CreditAttribution: Wim Leers at Acquia commentedOne down: #2730497: REST Views override existing REST routes.
Comment #12
Wim Leers CreditAttribution: Wim Leers at Acquia commentedYay, #2631774: Impossible to update Comment entity with REST (HTTP PATCH): bundle field not allowed to be updated, but EntityNormalizer::denormalize() requires it landed! The highest priority issue, because it literally made REST broken/impossible to use for many use cases!
Comment #13
Wim Leers CreditAttribution: Wim Leers at Acquia commentedClarify the different levels of config entity support.
Comment #14
Wim Leers CreditAttribution: Wim Leers at Acquia commentedComment #15
Wim Leers CreditAttribution: Wim Leers at Acquia commentedYay, #2724823: EntityResource: read-only (GET) support for configuration entities landed!
Comment #16
Wim Leers CreditAttribution: Wim Leers at Acquia commentedYay, #2308745: Remove rest.settings.yml, use rest_resource config entities landed! That unblocked #2721595: Simplify REST configuration.
Comment #17
Wim Leers CreditAttribution: Wim Leers at Acquia commented#2752325: Automatically provide HEAD support when a REST resource supports GET` was just reported, this is another significant bug.
Comment #19
Wim Leers CreditAttribution: Wim Leers at Acquia commentedYay, #2228141: Add authentication support to REST views landed!
Comment #20
larowlan CreditAttribution: larowlan at PreviousNext commentedOne more for consideration #2758897: Consider moving rest link manager services into serialization module
Comment #21
tedbow CreditAttribution: tedbow at Acquia commentedI just wanted to try highlight a list of issue that would be great to get done before the Feature freeze for 8.2.0-beta1. I think this is Week of August 3, 2016.
Issues that are new Features or tasks, not listing but because I don't think they are affected by the freeze.
Very Close - could be done by deadline
#2403307: RPC endpoints for user authentication: log in, check login status, log out with related #2753681: Move CSRF header token out of REST module so that user module can use it, as well as any contrib module
#2291055: REST resources for anonymous users: register
Not as close
#1927648: Serialize file content (base64) to support REST GET/POST/PATCH on file entity
#1869548: Opt-in CORS support
#2664780: [PP-2] Remove REST's resource-and-verb-specific permissions for EntityResource, but provide BC, document why it's necessary for other resources
Seems unlikely
#2099281: [PP-1] REST views: pagination link relations
#2300677: [PP-1] Create/Update/Delete (POST/PATCH/DELETE) ConfigEntity via REST
#2135829: EntityResource: translations support
Not started but does is this test so is it affected by feature freeze? #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method
BTW: I could be totally wrong about above. Let me know. I was partly doing it for my own benefit to figure out what is the most important to work on.
Comment #22
dawehner CreditAttribution: dawehner at Chapter Three commented#2113345: Define a mechanism for custom link relationships is an issue someone could review. If someone needs something special: #1928868: Typed config incorrectly implements Typed Data interfaces is up there for review. This will enable POST/PATCH of config entities.
Especially the later would be nice because we need probably a full release to add the required constrains so we can start supporting updates.
Comment #23
Wim Leers CreditAttribution: Wim Leers at Acquia commented#21: thanks for that! I mostly agree. There are two things where I disagree:
So: +1 for attempting to land the following in the next few weeks:
You're right that #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method can happen after feature freeze. But, of course, it'll mean less clean tests in the ones above. Then again, most of those already have their tests written already anyway. So I think it's fine. #2737719: EntityResource: Provide comprehensive test coverage: for every entity type, every format, every method will put us in a great position to make D8 REST "best-in-class" in 8.3, per #2757967: API-first initiative.
#22: I reviewed #2113345: Define a mechanism for custom link relationships. I can't review #1928868: Typed config incorrectly implements Typed Data interfaces — that needs review from a Typed Data maintainer.
Comment #24
Wim Leers CreditAttribution: Wim Leers at Acquia commentedComment #25
dawehner CreditAttribution: dawehner at Chapter Three commentedIt almost feels as if noone could review it :)
Comment #26
Wim Leers CreditAttribution: Wim Leers at Acquia commentedYou'll need to bribe a Typed Data maintainer :P