Restrict resource update and throw error

AFAIK restricting the update of a model attribute in a POST request is done by just not marking the attribute as safe for that particular "update" scenario.

Given a model:

Orders {

    id (integer, unique),

    status (string)

    customer_id (integer),


I think i can restrict ‘customer_id’ from updating, as I stated above. But in case someones tries to POST an update to it, no “fobidden” error is thrown, but rather its value just “stays”.

AFAIK mysql does not have an option for this kind of restiction that i try to impose in PHP. And I dont really know whether this conforms to the RESTful philosophy.

Any insights?

Add a method to your model like getDisallowedOnUpdate() returning an array of attributes to skip. Then use the method with scenarios and with your api response as a part of that response, for example an attribute fieldsToSkipOnUpdate => $model->getDisallowedOnUpdate()

Just an idea :)