Limit API methods

Sometimes you won’t need all the CRUD methods. For example, you want to create only GET, POST and GET LIST methods, so user can’t update or delete any items.

Set operations on Routers registration:

builder = ApplicationBuilder(app)
builder.add_resource(
    router=router,
    path="/users",
    tags=["User"],
    view=UserView,
    schema=UserSchema,
    model=User,
    resource_type="user",
    operations=[
        Operation.GET_LIST,
        Operation.POST,
        Operation.GET,
    ],
)

This will limit generated views to:

URL

method

endpoint

Usage

/users

GET

user_list

Get a collection of users

/users

POST

user_list

Create a user

/users/{user_id}

GET

user_detail

Get user details

Full code example (should run “as is”):