- Tests pass with latest
moog-require
. No code changes.
- Adds ability to pass cors config to the module.
- Added an
apostrophe-headless:beforeLogin
promise event. Thanks to Jose García of swiss4ward for the contribution. - Eslint settings updated.
- Fixes a typo in the README. Thanks to Adrien Delannoy for the contribution. Updates
mocha
for a vulnerability warning, as well as ESLint.
- Fixes minor ESLint errors.
- Fixed bug in PATCH feature when using dot paths.
- Allows requests for pages to include
children=false
andancestors=false
query parameters that disable those respective properties on the response. Thanks to Paul Grieselhuber for the suggestion and original work on this feature.
- Updates the ESLint configuration to
[email protected]
and fixes linter errors.
- Make sure the slug follows the title when inserting a piece even if the slug is not explicitly POSTed.
- Fix issue introduced in apostrophe 2.102.0 where newly inserted pieces are unpublished, etc. You must update both this module and
apostrophe
to get the benefit of this fix.
- Fetches of a single piece (
GET /pieces/ID
) now respect excluded fields andeditPermissionRequired
in the same way thatGET /pieces
already did.
- The
csrf: exceptions
option toapostrophe-express
now works properly in the presence of this module.
- Basic support for combining apostrophe-workflow with this module. GET requests now succeed as expected when the
_workflowLocale
query parameter is used to specify the desired locale. Otherwise, as before, you receive content for the default locale only. Note that you can only obtain live content, not draft content. POST, PUT and PATCH requests currently are not fully supported with workflow. Note that there is no issue if the doc type in question is excluded from workflow viaexcludeTypes
. It is our intention to provide more complete support for headless workflow over time.
- Various tickets have been opened due to confusion around what happens if you use
includeFields
orexcludeFields
and, as a result, you do not include the following fields:type
,_id
,tags
,slug
anddocPermissions
. This can lead to the unexpected failure of joins, the unexpected absence of the_url
property (or a bad value for that property), and the unexpected absence of the_edit: true
property. This release fixes this issue by always including these fields in the MongoDB query, but excluding them after the fact in the returned array of results if they are present inexcludeFields
. - The current
page
property is always included in the response when fetching pieces. - eslint added to the tests, passes the apostrophe eslint config.
- The
PATCH
method works properly withjoinByOne
andjoinByArray
. You should send the appropriateidField
oridsField
. If these are not explicitly configured, the names map as follows:_joinName
maps tojoinNameIdField
orjoinNameIdsField
(note there is no_
), depending on whether it is ajoinByOne
orjoinByArray
field. Thanks to Giuseppe Monteleone for flagging the issue. - In certain cases, a crash occurred when attempting to report a 500 error to the browser. Thanks to Giuseppe Monteleone for fixing the issue.
distinct
anddistinct-counts
query parameters added. You must also configuresafeDistinct
.
Thanks to Michelin for making this work possible via Apostrophe Enterprise Support.
includeFields
andexcludeFields
now work properly for joins. Thanks to Anthony Tarlao.
- You may now specify just certain fields to be fetched with
includeFields
in your query string, or exclude certain fields withexcludeFields
. Thanks tofalkodev
.
- You may now exclude a field from the GET method of the API entirely by setting
api: false
in its schema field definition. You may also setapi: 'editPermissionRequired'
to restrict access to that field to those who can edit the doc in question. Thanks to Anthony Tarlao. - If you would like to restrict GET access completely to those with edit permissions for the doc in question, you may now set the
getRequiresEditPermission
sub-option ofrestApi
totrue
. Thanks again to Anthony Tarlao.
- Support for the
PATCH
method, which allows you to send just the fields you want to change, with support for simple array operators as well. Thanks to Paul Grieselhuber for his support.
- New
restApi.safeFilters
option (thanks to Marjan Georgiev), and documentation of therestApi.maxPerPage
option.
- Documentation changes only. Clarified that areas must be present in the schema to be inserted or updated via the API.
- Fixed bug impacting the data provided by the
GET
route for pages whenall=1
is present. The data was incomplete due to missing query criteria.
- Support for API keys, as a lightweight alternative to bearer tokens for server-to-server communication. These should not be compiled into mobile apps, i.e. anywhere users might be able to obtain them by decompiling, etc.
- Support for pages, both reading and writing.
- Support for fragment rendering, and documentation on how to get fully rendered versions.
Documentation changes only. Gave some simple examples of query parameters that can be used to filter the results.
apostrophe-headless
no longer has to be configured before modules it adds APIs to, and it is possible to add APIs to apostrophe-images
or apostrophe-files
if desired. Thanks to Stephen Walsh for pointing out the issue.
Documentation improvements. No code changes.
Added CORS headers. This resolves any issues you may be having accessing the APIs from webpages served from a different host or port number. All modern and even not-so-modern browsers back to IE8 support this solution.
Initial release.