Hi, everyone,

I'm a newbie here (though not to REST in general), and the list archives have
been a great help in clarifying my understanding of a lot of REST concepts and
suggesting good design elements. I have one part of my design right now where
I'm unsure what a good RESTful approach would be.

I have resources that support GET and PUT, but contain some parts that clients
are not allowed to modify. (This doesn't seem like an uncommon case; I would
think that navigation links, for example, would typically not be modifiable in a
PUT.) So is it better to:

1. Require clients to submit all the read-only parts unmodified in a PUT, and
respond with an error code if they are absent or altered?
2. Take advantage of the leniency allowed in a server's implementation of PUT to
ignore the read-only elements (or their absence)?
3. Separate read-only elements into a sub-resource that only supports GET? (This
may not be feasible for resources which must be created as a whole.)

or something else?

Second, there are some elements that are modifiable or not depending on the
privileges held by the (authenticated) user. I would think this would be
expressed by a difference in the representation returned to the client, but what
should that difference be? (My representations are XML documents, if there isn't
a more general solution.)

And in a broader sense, I'd like the client to know which elements of the
resource the user can modify, for presentation purposes. Is there a generally
accepted way to do this, perhaps with form templates or XForms?

I'd be interested in any comments or alternative approaches, if I'm just looking
at it from the wrong angle.

Thanks,

-- Jim