Hey there,

I'm new to MongoDB and I would like to know how I can access an embedded document using flask-mongorest. I know how to do it in the cli, but I can't seem to find documentation here.

Example

Given an output of...

    "data": [
        {
            "adducts": {
                "Anion": {
                    "[M-H]1-": [
                        [
                            349.2093240735, 
                            100.0
                        ], 
                        [
                            350.2126789113, 
                            21.631456585464488
                        ]
                    ]
                }, 
                "Canion": {}, 
                "Nominal": [
                    [
                        350.2093240735, 
                        100.0
                    ], 
                    [
                        351.2126789113, 
                        21.631456585464488
                    ]
                ]
            }, 
            "id": "586bf20b9f0029837dfc9d39", 
            "molecular_formula": "C20H30O5", 
            "name": "Oryzalic acid B", 
            "origins": [
                "Endogenous", 
                "Food"
            ]
        }...

I'd like to filter out anything that has an "anion" from "adducts" from a given value compared to the first element the first list in that given key.

Is this possible in flask-mongorest?

Thanks,

Keiron.

Maybe I'm missing something, but I think there is a fundamental issue in MongoRest.

I created a super simple example to demonstrate the issue here: https://gist.github.com/mtiller/4961630

If I run this application and then create an author as follows:

% curl -H "Content-Type: application/json" -X POST -d '{"name": "Douglas Adams"}' http://localhost:5000/authors/

It creates an author, but the response looks like this:

{"name": "Douglas Adams", "id": "511e66731d41c8718c196708"}

The problem I see here is that this is not returning a URI. The "Uniform Interface" constraint for REST says that resources should be named. In this case, the resources name is, in fact, /authors/511e66731d41c8718c196708/ (which I figured out by trial and error). But a POST should return to the URI (resource), not the representation. If I had done this:

% curl http://localhost:5000/authors/511e66731d41c8718c196708/

THEN, I get:

{"name": "Douglas Adams", "id": "511e66731d41c8718c196708"}

...which is correct since this is a JSON representation.

But the problem goes deeper than just POST responses. If I then want to create a Book object I should be using the RESOURCE not the representation, e.g.

curl -H "Content-Type: application/json" -X POST -d '{"title": "Hitchhikers Guide to the Galaxy", "author": "/authors/511e66731d41c8718c196708/"}' http://localhost:5000/books/

However, this fails with:

{"field-errors": {"name": "Field is required"}}

It turns out what is required is this:

% curl -H "Content-Type: application/json" -X POST -d '{"title": "Hitchhikers Guide to the Galaxy", "author": {"name": "Douglas Adams", "id": "511e66731d41c8718c196708"}}' http://localhost:5000/books/

Note that I had to put the REPRESENTATION in for the author, not the resource.

Am I missing something here? This seems like a significantly violation of REST principles. If I remove the 'related_resources' setting, it gets slightly better because then it requires this:

% curl -H "Content-Type: application/json" -X POST -d '{"title": "Hitchhikers Guide to the Galaxy", "author": "511e66731d41c8718c196708"}' http://localhost:5000/books/

...and you get back...

{"title": "Hitchhikers Guide to the Galaxy", "id": "511e6bb61d41c8723fba687c", "author": "511e66731d41c8718c196708"}

So at least now we are giving and getting a resource identifier (although it isn't technically a URI). But it is still inconsistent with what is returned by the POST method used to create the author. In other words, as a developer using such an API I have to understand how to turn the representation (from POST) into a resource identifier which I should not have to do.

Or am I missing something?

Primarily to minimize the effects of a poorly constructed request.

After this change, flask-mongorest will by default limit bulk updates to 1k documents. If more than that would be affected, a 400 response is returned.

This PR also introduces a method which you can use to validate the request before processing of a bulk update starts.

Following up from https://github.com/closeio/flask-mongorest/issues/103, I am experiencing an issue involving the use of an EmbeddedDocument.

My MongoDB collection currently resembles the following:

[
    {
        "accurate_mass": 350.45000749099137, 
        "smiles": "CC(C)(C1CCC23CC(CCC2C1(C)CC(O)=O)C(=C)C3O)C(O)=O", 
        "isotopic_distributions": [
            [
                0.0, 
                100.0
            ], 
            [
                1.003354837799975, 
                21.631456585464488
            ]
        ], 
        "name": "Oryzalic acid B", 
        "origins": [
            "Endogenous", 
            "Food"
        ], 
        "molecular_formula": "C20H30O5", 
        "adduct_weights": {
            "positive": {
                "count": 0, 
                "peaks": []
            }, 
            "neutral": 350.2093240735, 
            "negative": {
                "count": 1, 
                "peaks": [
                    [
                        "[M-H]1-", 
                        349.2093240735
                    ]
                ]
            }
        }
    },...
]

If you look at the adduct_weights key, it holds a collection resembling:

"adduct_weights": {
            "positive": {
                "count": 0, 
                "peaks": []
            }, 
            "neutral": 350.2093240735, 
            "negative": {
                "count": 1, 
                "peaks": [
                    [
                        "[M-H]1-", 
                        349.2093240735
                    ]
                ]
            }

Following the example provided within this repository, I have written the following Documents and Resources.

class NegativeAdduct(db.EmbeddedDocument):
    count = db.IntField()
    peaks = db.ListField(db.ListField(db.DynamicField()))

class PositiveAdduct(db.EmbeddedDocument):
    count = db.IntField()
    peaks = db.ListField(db.ListField(db.DynamicField()))

class AdductWeights(db.EmbeddedDocument):
    neutral = db.FloatField()
    negative = db.EmbeddedDocumentField(NegativeAdduct)
    positive = db.EmbeddedDocumentField(PositiveAdduct)

class AdductWeightsResource(Resource):
    document = AdductWeights

class MetaboliteAdduct(db.DynamicDocument):
    meta = {"collection": "metabolites"}
    name = db.StringField()
    accurate_mass = db.FloatField()
    smiles = db.StringField()
    isotopic_distributions = db.StringField()
    molecular_formula = db.StringField()
    origins = db.ListField(db.StringField())
    adduct_weights = db.EmbeddedDocumentField(AdductWeights)

class MetaboliteAdductResource(Resource):
    document = MetaboliteAdduct
    filters = {
        "name" : [ops.Contains, ops.Startswith, ops.Exact],
    }

    related_resources = {
        "adduct_weights" : AdductWeightsResource
    }

@api.register(name="adductsapi", url="/api/adducts/")
class MetaboliteAdductView(ResourceView):
    resource =  MetaboliteAdductResource
    methods = [methods.List, methods.Fetch]

No error is being thrown when I query MetaboliteAdductView's url, however no data is being returned either.

{
    "data": [], 
    "has_more": true
}

Where have I gone wrong here?

• Introduces two helper methods (update_objects and update_object) that can be overridden in subclasses
• Makes sure view_method is propagated to subresources
• Fixes an issue where has_change_permission is called after the object is updated in bulk updates
• Fixes an issue where obj.save() is unnecessarily called after update_object() (which already saves) in bulk updates

These changes allow a developer to define additional custom validation criteria for a Resource by overriding the default custom_validation method on Resource and throwing a ValidationError.

In addition to adding the feature, I also added test cases to exercise this validation in the context of either a PUT or POST request.

If we don't have an active request context, evaluating params doesn't make sense and is analogous to the attribute not existing at all, so we raise an AttributeError to make hasattr return False.

There are a couple of except Exception, e: in views.py and that syntax is incompatible with python 3. A simple change to except Exception as e: should solve the issue.

It's not the prettiest solution but without fixing mongoengine's email validation, this will have to do

If you setup the following resource form:

class SomeDocument(Document):
     email = EmailField(required=False)
     name = StringField()

ResourceFormBase = model_form(SomeDocument, exclude=['email'])
class ResourceForm(ResourceFormBase):
    email = fields.TextField(validators=[validators.optional(), validators.email()])

A POST with the following json: {'name':'John Doe'} fails without these changes.

Because form.data returns: {'name':'John Doe', 'email':''} instead of {'name':'John Doe'} which causes a validation error. There might be other consequences of this behavior.

This is tested on:

• Python 2.7 and our own MongoEngine fork
• Python 3.5 and upstream MongoEngine

Note that I skipped two tests since upstream MongoEngine doesn't have certain features like SafeReferenceField.

By default, don't inherit child_document_resources. This lets us have multiple resources for a child document without having to reset the child_document_resources property in the subclass.

Consider the following example:

class ParentResource(Resource):
    child_document_resources = { Child: 'ChildResource' }

class ChildResource(ParentResource):
    document = Child
    fields = ['id']

class VerboseChildResource(ChildResource):
    fields = ['id', 'foo', 'bar']

If we call VerboseChildResource().serialize(obj), before this PR it would delegate the call to ChildResource since VerboseChildResource would inherit child_document_resources from ParentResource. This is usually not expected behavior, so I'm changing get_child_document_resources to only return the current class' child_document_resources. In the rare case where this isn't desirable, a parent can always explicitly change the behavior by overriding get_child_document_resources.

This PR is a fresh start of #124. It includes:

• A separate register_class function to use with Flask Blueprints (see e.g. here). This should supersede #85 and #115.
• The register_class function also defines endpoints for each URL to enable integration with Flasgger (see this commit).
• Implementation of BulkCreate and BulkDelete methods.
• A typ property for operators to enable easier integration with Swagger definitions (see here).
• Automatically trying to convert values to floats for numeric operators.
• Static get_optional_fields method to allow retrieving optional fields from the class (see here)
• Ensuring that order is maintained in get_requested_fields().
• Forwarding the view_method when serializing.
• Support for Decimal128 in MongoEncoder.
• Improved error handling and kwargs forwarding.
• Bugfix for #129.
• mimerender dependency updated to include martinblech/mimerender#36

@wojcikstefan @thomasst I'm working on getting the tests to pass and implement new ones for BulkCreate/Delete. Would you mind starting the review of this PR in the meantime? Thanks! I will base new PRs for additional functionality currently included in #124 off this PR.

On views.py:162, object is created without save=True, so it's saved in database before has_add_permission is called, 5 lines below.

I tried to create a PR with a fix, by first calling create_object(save=False), then self._resource.save_object(obj). But on tests/init.py:304 there's an explicit expectation that the unauthorized object have been saved.

Is this really the expected behavior?

I would like to save the reference field along with object in post request. Is there any way to do this?

For eg.

class User(db.Document):
    name = db.StringField(required=True, unique=True)

class Post(db.Document):
    # Some fields
    # ...
   author = db.ReferenceField(User)

Now, I want to create author while making a POST request: /post/ => { "author": { "name": "Test" }, ..other fields }

Package requirements aren't recognized when installing from PyPI. Also, it could be helpful to move nose to something like

    extras_require={
        'test': ['nose'],
    },

After that, it will be possible to setup test environment like that

python setup.py develop
pip install Flask-MongoRest[test]