One of the problems with the relationship management approach in as described in Part II of my post earlier was that DELETE was very coarse grained. The following would delete all the relationships between the given permission (id:e62d2306-518b-414b-9591) and roles.
This might not be desirable. However, as I mentioned DELETE does not take any payload, so it is not possible to provide a list of relationships using DELETE. Here, the approach of tunneling DELETE over POST could be useful. The overloaded POST would look as follows:
Now we can send a payload for deleting specific relationships. Here, the ?_method=delete would indicate to the service that DELETE operation should be performed for the given payload which might look as follows :
This operation would delete a relationship between given permission (id:e62d2306-518b-414b-9591) and given role (id:814ed9d4-3315-44fc-993b) only.