Description
It would be interesting to have a statement on the precedence of readOnly rules vs required rules
given the specification here
small.json
the object contains Id , name , password , both are required ... in differents scenario
id is set to ReadOnly
password as WriteOnly
use case is legitimate, for instance you want to have a single model for an Object (here Pet) , and the id beeing mandatory in read , but not in write (ie POST)
should this schema be valid or not ?
it so it would be good to add a line when we set OAS is leveraging JSON schema for validation .
discussing with JSON schema team the readOnly / writeOnly flag are just meta data and are not taken into account in the validation, it is up to the upper layer to take those points in consideration
to me we have 2 ways of handling this ,
- Either we consider as invalid OAS , this would mean that a required field cannot be in a readOnly , writeOnly (in some circunstances cf sample)
- Either it is a valid use OAS and so this means that the readOnly , writeOnly , over defined (override by reducing ) the required field , more or less , depending the context
as this it is not the Json schema policy to defines this behaviour , would be good to have a precision in the OAS Spec
notice than looking on linter , most of them consider the spec as invalid ... my guess because leveraging raw json schema library without pre processing the schema with the context of usage