[
Lists Home |
Date Index |
Thread Index
]
David Megginson <dmeggin@attglobal.net> writes:
> I'm not sure how well REST provides answers to the problem of moving
> resources around. Your problem is that the server, user A, and user B
> all have copies of the same information, and the server has to decide
> whether to accept or reject user B's version after user A has already
> done a checkin.
>
> One easy solution is to add a sequence number or checkout date to each
> XML document:
>
> <pilot-record seq="123">
This is not much different from adding transaction-id parameter to the
request as I suggested originally, is it? There is no intrinsic reason
to only support application/xml in PUT/POST; in this project, we need
to support multipart/form-data as well to accept input from
browsers. So your <pilot-record seq="123"> becomes
pilot-record/Ari%20Krupnikov?seq=123&...
> Of course, it is easy for the client to cheat by simply bumping up the
> sequence number and resubmitting, but then again, the client can
> arbitrarily change information anyway -- it's just a matter of letting
> people know when there might be a conflict.
Right. We all know this situation from CVS, either done it to someone
or had this done to us, a "hostile check-in", so to speak.
> As far as REST goes, the URL on the server always points to the
> server's current version of the information (the last checkin it
> accepted) -- that's about it.
Well, pilot-record/Ari%20Krupnikov points to the current
version. pilot-record/Ari%20Krupnikov?seq=123 may well point to an
archive version or to an uncommitted temporary version, possibly only
available to the user who created it.
Speaking of which, is it reasonable wrt REST to allow or deny access
to a resource based not simply on user+passwd but on
user+passwd+query-string?
Ari.
--
Elections only count as free and trials as fair if you can lose money
betting on the outcome.
|