Up until now we have been working with the Elide get() and post() methods, which allow us to read and create entities. The final two methods we need to support are patch() and delete(), which allow us to update and delete entities.

There is actually very little code to write to support these two new operations. We create two new methods in our REST API to respond to the PATCH and DELETE HTTP requests, and pipe those requests into Elide.

First, the delete method.

    @CrossOrigin(origins = "*")
    @RequestMapping(
            method = RequestMethod.DELETE,
            produces = MediaType.APPLICATION_JSON_VALUE,
            value={"/{entity}/{id}", "/{entity}/{id}/relationships/{entity2}"})
    @Transactional
    public String jsonApiDelete(
            @RequestBody final String body,
            final HttpServletRequest request,
            final Principal principal) {

        return elideRunner(
                request,
                (elide, path) -> elide.delete(path, body, principal, SecurityMode.SECURITY_ACTIVE).getBody());
    }

Sending a DELETE request to http://localhost:8080/child/1 will delete that child. You can also delete relationships by sending the following JSON:

{
  "data": [
      { "type": "child", "id": "1" }
  ]
}

to http://localhost:8080/parent/2/relationships/children, but in our case the database has been configured in a way that requires all children to have a parent, so attempting to do this will result in a constraint violation, and the request will be denied. Still, seeing that violation exception proves that Elide was trying to set the relationship to null as expected, even if we don’t allow it.

Then we have the update method.

    @CrossOrigin(origins = "*")
    @RequestMapping(
            method = RequestMethod.PATCH,
            produces = MediaType.APPLICATION_JSON_VALUE,
            value={"/{entity}/{id}", "/{entity}/{id}/relationships/{entity2}"})
    @Transactional
    public String jsonApiPatch(
            @RequestBody final String body,
            final HttpServletRequest request,
            final Principal principal) {
        /*
            Note that the patch operation here is the standard update, not the JSON Patch extension
            (http://jsonapi.org/extensions/jsonpatch/)
         */
        return elideRunner(
                request,
                (elide, path) -> elide.patch("application/vnd.api+json", "application/vnd.api+json", path, body, principal, SecurityMode.SECURITY_ACTIVE).getBody());
    }

The JSON API made the decision to use the HTTP PATCH verb instead of PUT because PATCH better expresses an update that only modifies a subset of fields. You can read more on the reasons for this decision in the JSON API FAQ.

Sending a PATCH request to http://localhost:8080/child/4 with the following JSON:

{
  "data": {
    "type": "child",
    "id": 4,
    "attributes": {
      "description": "Updated description"
    }
  }
}

will update the supplied attributes. You can also update a to-one relationship by sending a PATCH request to http://localhost:8080/child/4/relationships/parent with the JSON

{
  "data": {
    "type": "parent",
    "id": 2
  }
}

Keep in mind though that all updates and deletes will need to be done by the admin user, who is the only user to have permissions to apply these changes after we configured the authorization in this article.

Another thing to note is that we have only supported the standard PATCH request defined by the JSON API spec. There is a JSON Patch Extension that makes use of the JSON API extension functionality that you may like to take a look at, but we haven’t enabled it here.

Download the source code for this article from GitHub.