Hi Devs
We’d like to solicit more input around the REST API responses to requests that cannot be implemented because they have already been done. What should the response code be?
For example, consider POST/DELETE http://localhost:8080/geoserver/rest/security/usergroup/user/test_user_name/group/test_group_name which associates/disassociates a user with a usergroup.
If the association already exists a second POST responds with a 200 Success. Is that what we expect? One suggestion is that a 409 Conflict or 422 Unprocessable Content is more applicable. 404 Not Found has also been used in this scenario (because a disassociated test_user_name and test_group_name cannot be found).
Question 2: a PUT is probably more appropriate than the POST method, but is it worth changing/enhancing? If we kept both, it might be confusing?
The first question arises because of PR https://github.com/geoserver/geoserver/pull/7766 which tries to deal with a 500 SQL-Constraint-Violation-Exception that is thrown when a second POST is made and the user/group service is JDBC based. For XML user/group services, the second POST is essentially a no-op, and returns 200 Success.
If anyone has experience in such API standards, or has any input to make, please share your wisdom.
Thanks