Pier-Luc Gendreau

What I've done for full-text search is implement a separate endpoint such as `/search/v1`. That said, I agree that it would be incredibly convenient to be able to do it...

This was done to prevent anyone from overwriting private/protected nested fields. Let's say we have, `private: ['info.weight']` Then, someone with `public` access does, ``` js PATCH /Model/some-id { info: {...

So you are suggesting, - Send `401 Unauthorized` when fields you're not allowed to access are present - Drop support for nested fields and overwrite the entire field This is...

Yes, it could be behind a flag.

This is pretty simple actually. [This code](https://github.com/florianholzapfel/express-restify-mongoose/blob/master/src/operations.js#L204), becomes: ``` js const cleanBody = depopulate(req.body) if (options.updateDeep) { cleanBody = moredots(cleanBody) } ``` Where `updateDeep` defaults to true. The work here...

Actually, rather than implementing yet another flag, I think we should perhaps be stricter and more "correct" in our use of HTTP verbs. #### `PATCH` - Partially update a resource,...

Right, thanks for bringing that up. I see a couple options, but I'm open to hearing your suggestions. - Leave the nested private fields as is (which kind of defeats...

Due to some (of my own!) earlier development decisions, it's a simple issue with complicated ramifications 😞 Removing support for private/protected nested fields would make this issue a lot easier...

Good point. I can probably roll out this change in #358

When working through an API, you usually know if an object exists or not. Do you have a particular use-case for upsert? Indeed, we are a bit lacking in examples,...