readOnly and writeOnly are not honored when used in an allOf #140
Description
readOnly & writeOnly are not honored when they are set in an allOf block to edit an objects properties.
E.g. we got these components:
openapi: 3.0.0
info:
title: Test
version: 0.1.0
paths:
/users:
get:
summary: Get Users
operationId: getAllAccounts
responses:
200:
description: Default
content:
application/json:
schema:
$ref: '#/components/schemas/User'
post:
summary: Create User
operationId: createUser
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/User'
responses:
201:
description: 'User created'
/users/{userId}:
patch:
summary: Update User
operationId: updateUser
parameters:
- in: path
name: userId
schema:
type: string
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/PatchUser'
responses:
200:
description: 'User updated'
components:
schemas:
User:
type: object
properties:
id:
type: integer
readOnly: true
tenant_id:
type: integer
username:
type: string
PatchUser:
allOf:
- $ref: '#/components/schemas/User'
- type: object
properties:
tenant_id:
readOnly: true
Assuming the id of a User will never change and User is used to create and read the user and PatchUser is used to update it.
This setup would disallow to patch the tenant_id of a user, but keeps it writable when the user is created. Exactly that is not shown correctly in the request samples tab. It keeps showing the tenant_id in the request sample which implies it is updatable when it is not. The request body schema omits the tenant_id correctly.
