tag readOnly:"true" does not seem to work on object types

[bshtmichielsen]

I have defined 2 structs, named Notice, and User. The Notice struct has a field of type User with json:"user" readOnly:"true" but it ends up in the Body for a post request anyway. Primitive fields, like string and int and such, with readOnly:"true" seem to exhibit the expected behaviour.

[danielgtaylor]

@bshtmichielsen nice catch! I suspect this is similar to nullability, see the documentation at https://huma.rocks/features/request-validation/#nullable and the discussion we had in #351. Basically, the readOnly property is an instance property rather than a property of the object whose field you want to be read-only. I'm not sure how best to support this, but I'm open to ideas. Again allOf would be useful but results in pretty terrible SDKs being generated.

[BasMichielsen]

@danielgtaylor Thanks for your reply. I must say I am a little unsure about what you are saying. It is the first time I am using Huma so maybe it is just me not understanding all features yet, however, to me the nullable issue regards something at the structural level of the model that is underlying. Whether or not a certain field should be able to accept a "nil"-like value. To me the "readOnly" tag does that actually regard the structure at all, it is merely a hint to the user that a certain field should not be sent on Post/Put and if sent anyway it will be ignored. Adding the "readOnly" tag should probably only affect the API-endpoint and its doc and not the way the underlying struct functions. If that brings to technical issues down the road, probably a default instance of the readOnly struct is not an issue. For example in my case:
I would expect that the API endpoint does not show the user field in the Body of the Post request. Then, when the end-user makes a post request I expect to receive an instance of Notice in the handler (created by Huma from the post body). I realize that the Notice has a field named User, but whatever value is in there is irrelevant to me because I marked the field "readOnly" and thus expect nothing from that field on Post/Put. Therefore the default value User{} is probably fine. I gather from your response that you think the whole field should not be there, or should be nil, which are both hard or impossible, but I think that is not necessary. To me "readOnly" means "It should not appear in the doc, and whatever value the end-user posts is ignored, the handler always receives the default value User{}". Which I reckon is easier to implement, is it not?

BTW I am the OP of this issue, I just made it from another computer, apparently with a different account.