Entity not included in Elide json api but still needed for security checks

[thaingo]

There any many use-cases in which internal models are merely used for security checks. Is there any option of hiding them from Elide json api but the security checks still works as expected?

I did some experiments and found that if I exclude them from parent models or not include them in Elide json api then the security checks don't work any more due to invalid path error.

Did I miss something?

[aklish]

To walk a filter expression path, all of the referenced models in the path have to be bound in the EntityDictionary.

The entity dictionary doesn't bind models which are excluded or not exposed in the API. However, I can understand the use case here - in that filter expression paths for security checks may want to traverse JPA models that are not exposed.

Elide doesn't support this, but it seems like a good feature to add.