y

maurei · maurei · commit 0f385f149570 · 2019-06-04T15:33:28.000+02:00
Merge branch 'feat/#477' of https://github.com/wisepotato/JsonApiDotNetCore into feat/#477
diff --git a/docs/usage/resources/hooks.md b/docs/usage/resources/hooks.md
@@ -1,5 +1,6 @@
+
 # Resource Hooks
-This section covers the usage of **Resource Hooks**, which is a feature of`ResourceDefinition<T>`. See the [ResourceDefinition usage guide](resource-definitions.md) for a general explanation on how to set up a `ResourceDefinition<T>`.
+This section covers the usage of **Resource Hooks**, which is a feature of`ResourceDefinition<T>`. See the [ResourceDefinition usage guide](resource-definitions.md) for a general explanation on how to set up a `ResourceDefinition<T>`. For a quick start, jump right to the [Getting started: most minimal example](#getting-started-most-minimal-example) section.
 
 By implementing resource hooks on a `ResourceDefintion<T>`, it is possible to intercept the execution of the **Resource Service Layer** (RSL) in various ways. This enables the developer to conveniently define business logic without having to override the RSL. It can be used to implement e.g.
 * Authorization
@@ -8,20 +9,20 @@ By implementing resource hooks on a `ResourceDefintion<T>`, it is possible to in
 * Transformation of the served data
 
 This usage guide covers the following sections
-1.  [**Semantics: pipelines, actions and hooks**](#semantics-pipelines-actions-and-hooks).
+1.  [**Semantics: pipelines, actions and hooks**](#semantics-pipelines-actions-and-hooks)
 Understanding the semantics will be helpful in identifying which hooks on `ResourceDefinition<T>` you need to implement for your use-case.
-2.  [**Hook execution overview**](#hook-execution-overview)
-A table overview of all pipelines and involved hooks
-3.  [**Examples: basic usage**](#examples-basic-usage)
-	 * [**Most minimal example**](#most-minimal-example)
-	 * [**Logging**](#logging)
-	 * [**Transforming data with OnReturn**](#transforming-data-with-onreturn)
-5.  [**Examples: advanced usage**](#examples-advanced-usage)
-	 * [**Simple authorization: explicitly affected resources**](#simple-authorization-explicitly-affected-resources)
-	 * [**Advanced authorization: implicitly affected resources**](#advanced-authorization-implicitly-affected-resources)
-	 * [**Synchronizing data across microservices**](#synchronizing-data-across-microservices)
-	 * [**Hooks for many-to-many join tables**](#hooks-for-many-to-many-join-tables)
-
+2.  [**Basic usage**](#basic-usage)
+      * [**Getting started: most minimal example**](#getting-started-most-minimal-example)
+      * [**Logging**](#logging)
+      * [**Transforming data with OnReturn**](#transforming-data-with-onreturn)
+      * [**Loading database values**](#loading-database-values)
+3.  [**Advanced usage**](#advanced-usage)
+      * [**Simple authorization: explicitly affected resources**](#simple-authorization-explicitly-affected-resources)
+      * [**Advanced authorization: implicitly affected resources**](#advanced-authorization-implicitly-affected-resources)
+      * [**Synchronizing data across microservices**](#synchronizing-data-across-microservices)
+      * [**Hooks for many-to-many join tables**](#hooks-for-many-to-many-join-tables)
+4.  [**Hook execution overview**](#hook-execution-overview)
+  A table overview of all pipelines and involved hooks
 
 # 1. Semantics: pipelines, actions and hooks
 
@@ -89,87 +90,28 @@ Any return content can be intercepted and transformed as desired by implementing
 <br><br>
 For an overview of all pipelines, hooks and actions, see the table below, and for more detailed information about the available hooks, see the [IResourceHookContainer<T>](https://github.com/json-api-dotnet/JsonApiDotNetCore/blob/ab1f96d8255532461da47d290c5440b9e7e6a4a5/src/JsonApiDotNetCore/Hooks/IResourceHookContainer.cs) interface.
 
-# 2. Hook execution overview
+# 2. Basic usage
 
+## Getting started: most minimal example
+To use resource hooks, you are required to turn them on in your `startup.cs` configuration
 
-This table below shows the involved hooks per pipeline. 
-<table>
-  <tr>
-    <th rowspan="2">Pipeline</th>
-    <th colspan="5"><span style="font-style:italic">Execution Flow</span></th>
-  </tr>
-  <tr>
-    <td align="center"><b>Before Hooks</b></td>
-    <td align="center" colspan="2"><b>Repository Actions</td>
-    <td align="center"><b>After Hooks</td>
-    <td align="center"><b>OnReturn</td>
-  </tr>
-  <tr>
-    <td>Get</td>
-    <td align="center">BeforeRead</td>
-    <td align="center" colspan="2" rowspan="3">read</td>
-    <td align="center">AfterRead</td>
-    <td align="center">✅</td>
-  </tr>
-  <tr>
-    <td>GetSingle</td>
-    <td align="center">BeforeRead</td>
-    <td align="center">AfterRead</td>
-    <td align="center">✅</td>
-  </tr>
-  <tr>
-    <td>GetRelationship</td>
-    <td align="center">BeforeRead</td>
-    <td align="center">AfterRead</td>
-    <td align="center">✅</td>
-  </tr>
-  <tr>
-    <td>Post</td>
-    <td align="center">BeforeCreate</td>
-    <td align="center" colspan="2">create<br>update relationship</td>
-    <td align="center">AfterCreate</td>
-    <td align="center">✅</td>
-  </tr>
-  <tr>
-    <td>Patch</td>
-    <td align="center">BeforeUpdate<br>BeforeUpdateRelationship<br>BeforeImplicitUpdateRelationship</td>
-    <td align="center" colspan="2">update<br>update relationship<br>implicit update relationship</td>
-    <td align="center">AfterUpdate<br>AfterUpdateRelationship</td>
-    <td align="center">✅</td>
-  </tr>
-  <tr>
-    <td>PatchRelationship</td>
-    <td align="center">BeforeUpdate<br>BeforeUpdateRelationship</td>
-    <td align="center" colspan="2">update<br>update relationship<br>implicit update relationship</td>
-    <td align="center">AfterUpdate<br>AfterUpdateRelationship</td>
-    <td align="center">❌</td>
-  </tr>
-  <tr>
-    <td>Delete</td>
-    <td align="center">BeforeDelete</td>
-    <td align="center" colspan="2">delete<br>implicit update relationship</td>
-    <td align="center">AfterDelete</td>
-    <td align="center">❌</td>
-  </tr>
-  <tr>
-    <td>BulkPost</td>
-    <td colspan="5" align="center"><i>Not yet supported</i></td>
-  </tr>
-  <tr>
-    <td>BulkPatch</td>
-    <td colspan="5" align="center"><i>Not yet supported</i></td>
-  </tr>
-  <tr>
-    <td>BulkDelete</td>
-    <td colspan="5" align="center"><i>Not yet supported</i></td>
-  </tr>
-</table>
-
-
-# 3. Examples: basic usage
+```c#
+public void ConfigureServices(IServiceCollection services)
+{
+    ...
+    services.AddJsonApi<ApiDbContext>(
+        options =>
+        {
+            options.EnableResourceHooks = true; // default is false
+            options.LoadDatabaseValues = false; // default is false
+        }
+    );
+    ...
+}
+```
+For this example, we may set `LoadDatabaseValues` to `false`. See the [Loading database values](#loading-database-values) example for more information about this option.
 
-## Most minimal example
-The simplest example does not require much explanation. This hook would triggered by any default JsonApiDotNetCore API route for `Article`.
+The simplest case of resource hooks we can then implement should not require a lot of explanation.  This hook would triggered by any default JsonApiDotNetCore API route for `Article`.
 ```c#
 public class ArticleResource : ResourceDefinition<Article>
 {
@@ -294,7 +236,95 @@ public class PersonResource : ResourceDefinition<Person>
 ```
 Note that not only anonymous people will be excluded when directly performing a `GET /people`, but also when included through relationships, like `GET /articles?include=author,reviewers`. Simultaneously, `if` condition that checks for `ResourcePipeline.Get` in the `PersonResource` ensures we still get expected responses from the API when eg. creating a person with `WantsPrivacy` set to true.
 
-# 3. Examples: advanced usage
+## Loading database values
+When a hook is executed for a particular resource, JsonApiDotNetCore can load the corresponding database values and provide them in the hooks. This can be useful for eg. 
+ * having a diff between a previous and new state of a resource (for example when updating a resource)
+ * performing authorization rules based on the property of a resource.
+ 
+For example, consider a scenario in with the following two requirements: 
+* We need to log all updates on resources revealing their old and new value.
+* We need to check if the property `IsLocked` is set is `true`, and if so, cancel the operation.
+  
+ Consider an `Article` with title *Hello there* and API user trying to update the the title of this article to *Bye bye*.  The above requirements could be implemented as follows
+```c#
+public class ArticleResource : ResourceDefinition<Article>
+{
+    private readonly ILogger _logger;
+    private readonly IJsonApiContext _context;
+    public constructor ArticleResource(ILogger logger, IJsonApiContext context)
+    {
+        _logger = logger;
+        _context = context;  
+    } 
+
+    public override IEnumerable<Article> BeforeUpdate(EntityDiff<Article> entityDiff, ResourcePipeline pipeline)
+    {
+        // PropertyGetter is a helper class that takes care of accessing the values on an instance of Article using reflection.
+        var getter = new PropertyGetter<Article>();
+
+        entityDiff.RequestEntities.ForEach( requestEntity => 
+        {
+
+            var databaseEntity = entityDiff.DatabaseEntities.Single( e => e.Id == a.Id);
+
+            if (databaseEntity.IsLocked) throw new JsonApiException(403, "Forbidden: this article is locked!")
+
+            foreach (var attr in _context.AttributesToUpdate)
+            {
+                var oldValue = getter(databaseEntity, attr);
+                var newValue = getter(requestEntity, attr);
+
+                _logger.LogAttributeUpdate(oldValue, newValue)
+            }
+        });
+        return entityDiff.RequestEntities;
+    }
+}
+```
+
+Note that database values are turned on by default. They can be turned of globally by configuring the startup as follows:
+```c#
+public void ConfigureServices(IServiceCollection services)
+{
+    ...
+    services.AddJsonApi<ApiDbContext>(
+        options =>
+        {
+            options.LoadDatabaseValues = false; // default is false
+        }
+    );
+    ...
+}
+```
+
+The global setting can be used together with toggling the option on and off on the level of individual hooks using the `LoadDatabaseValues` attribute:
+```c#
+public class ArticleResource : ResourceDefinition<Article>
+{
+  [LoadDatabaseValues(true)]
+    public override IEnumerable<Article> BeforeUpdate(EntityDiff<Article> entityDiff, ResourcePipeline pipeline)
+    {
+      ....
+  }
+  
+  [LoadDatabaseValues(false)] 
+    public override IEnumerable<string> BeforeUpdateRelationships(HashSet<string>  ids,  IAffectedRelationships<Article>  resourcesByRelationship,  ResourcePipeline  pipeline)
+    {
+      // the entities stored in the IAffectedRelationships<Article> instance 
+      // are plain resource identifier objects when LoadDatabaseValues is turned off,
+      // or objects loaded from the database when LoadDatabaseValues is turned on.
+     ....
+  }
+}
+```
+
+Note that there are some hooks that the  `LoadDatabaseValues` option and attribute does not affect. The only hooks that are affected are:
+* `BeforeUpdate`
+* `BeforeUpdateRelationship`
+
+
+
+# 3. Advanced usage
 
 ## Simple authorization: explicitly affected resources
 Resource hooks can be used to easily implement authorization in your application.  As an example, consider the case in which an API user is not allowed to see anonymous people, which is reflected by the `Anonymous` property on `Person`  being set to true`true`.  The API should handle this as follows:
@@ -511,3 +541,79 @@ Then, for the same request `GET /articles?include=tags`, the order of execution
 And the included collection of tags per article will only contain tags that were added less than two weeks ago.
 
 Note that the introduced inheritance and added relationship attributes does not further affect the many-to-many relationship internally.
+
+# 4. Hook execution overview
+
+
+This table below shows the involved hooks per pipeline. 
+<table>
+  <tr>
+    <th rowspan="2">Pipeline</th>
+    <th colspan="5"><span style="font-style:italic">Execution Flow</span></th>
+  </tr>
+  <tr>
+    <td align="center"><b>Before Hooks</b></td>
+    <td align="center" colspan="2"><b>Repository Actions</td>
+    <td align="center"><b>After Hooks</td>
+    <td align="center"><b>OnReturn</td>
+  </tr>
+  <tr>
+    <td>Get</td>
+    <td align="center">BeforeRead</td>
+    <td align="center" colspan="2" rowspan="3">read</td>
+    <td align="center">AfterRead</td>
+    <td align="center">✅</td>
+  </tr>
+  <tr>
+    <td>GetSingle</td>
+    <td align="center">BeforeRead</td>
+    <td align="center">AfterRead</td>
+    <td align="center">✅</td>
+  </tr>
+  <tr>
+    <td>GetRelationship</td>
+    <td align="center">BeforeRead</td>
+    <td align="center">AfterRead</td>
+    <td align="center">✅</td>
+  </tr>
+  <tr>
+    <td>Post</td>
+    <td align="center">BeforeCreate</td>
+    <td align="center" colspan="2">create<br>update relationship</td>
+    <td align="center">AfterCreate</td>
+    <td align="center">✅</td>
+  </tr>
+  <tr>
+    <td>Patch</td>
+    <td align="center">BeforeUpdate<br>BeforeUpdateRelationship<br>BeforeImplicitUpdateRelationship</td>
+    <td align="center" colspan="2">update<br>update relationship<br>implicit update relationship</td>
+    <td align="center">AfterUpdate<br>AfterUpdateRelationship</td>
+    <td align="center">✅</td>
+  </tr>
+  <tr>
+    <td>PatchRelationship</td>
+    <td align="center">BeforeUpdate<br>BeforeUpdateRelationship</td>
+    <td align="center" colspan="2">update<br>update relationship<br>implicit update relationship</td>
+    <td align="center">AfterUpdate<br>AfterUpdateRelationship</td>
+    <td align="center">❌</td>
+  </tr>
+  <tr>
+    <td>Delete</td>
+    <td align="center">BeforeDelete</td>
+    <td align="center" colspan="2">delete<br>implicit update relationship</td>
+    <td align="center">AfterDelete</td>
+    <td align="center">❌</td>
+  </tr>
+  <tr>
+    <td>BulkPost</td>
+    <td colspan="5" align="center"><i>Not yet supported</i></td>
+  </tr>
+  <tr>
+    <td>BulkPatch</td>
+    <td colspan="5" align="center"><i>Not yet supported</i></td>
+  </tr>
+  <tr>
+    <td>BulkDelete</td>
+    <td colspan="5" align="center"><i>Not yet supported</i></td>
+  </tr>
+</table>
