I want to create an API with Strapi that heavily relies on nested resources. For example, the following endpoints are created:
- /groups/:groupId/boards
- /groups/:groupId/items
- /groups/:groupId/todos
For this, there are dozens of additional endpoints. I am aware I can set the routes like this in the controllers:
"path": "/group/:groupId/items"
However, there is more to it than just setting the path. In the controllers, I have to ensure only the resources with the respective group IDs are selected (and the users are authorized etc.). I want to prevent having to modify all handlers of each controller, rather I prefer a more generic way to handle this.
Possible rewriting a url in such a way could work:
/groups/:groupId/boards -> /boards?group.id=X
In this case, also policies can be applied to validate whether the group.id from the query string should be accessible. For creating and updating the nested resources, additional data has to be added to set the correct group id, which implies that some more logic is needed…
Is this the right way to go? And how can I implement this method? (I am thinking along the lines of implementing middleware to change the request, but not sure if this does even work)
(the reason to go for nested resources is that the availability of the resources relies on the group. If a group is blocked, or the user doesn’t have the right permission, the resources cannot be accessed. Semantically, nested routes are most suitable in this case)