JKHeadley · thiagoarioli · Sep 3, 2017 · Sep 3, 2017 · Sep 3, 2017
diff --git a/README.md b/README.md
@@ -270,6 +270,39 @@ Swagger documentation is automatically generated for all endpoints and can be vi
 at the server URL.  By default this will be [http://localhost:8124/](http://localhost:8124/).  The swagger docs provide quick 
 access to testing your endpoints along with model schema descriptions and query options.
 
+You can prevent Swagger documentation on CRUD endpoints by setting the correct property to ``false`` within the ``routeOptions`` object. Below is a list of properties and their effect:
+
+Property | Effect when false
+--- | --- 
+enableReadSwagger    |      omits ``GET /path`` and ``GET /path/{_id}`` endpoints
+enableCreateSwagger  |      omits ``POST /path`` endpoint
+enableUpdateSwagger  |      omits ``PUT /path/{_id}`` endpoint
+enableDeleteSwagger  |      omits ``DELETE /path`` and ``DELETE /path/{_id}`` endpoints
+
+Similarly, you can prevent association endpoints from generating through the following properties within each association object:
+
+Property | Effect when false
+--- | --- 
+enableAddSwagger     |      omits ``POST /owner/{ownerId}/child`` and ``PUT /owner/{ownerId}/child/{childId}`` endpoints
+enableRemoveSwagger  |      omits ``DELETE /owner/{ownerId}/child`` and ``ELETE /owner/{ownerId}/child/{childId}`` endpoints
+enableReadSwagger    |      omits ``GET /owner/{ownerId}/child`` endpoint
+
+For example, a routeOption object that omits endpoints for creating objects and removing a specific association could look like this:
+
+```javascript
+routeOptions: {
+    enableReadSwagger: false,
+    associations: {
+        users: {
+            type: "MANY_ONE",
+            alias: "user",
+            model: "user",
+            enableReadSwagger: false
+        }
+    }
+}
+```
+
 [Back to top](#readme-contents)
 
 ## Creating endpoints

diff --git a/tests/rest-helper-factory.tests.js b/tests/rest-helper-factory.tests.js
@@ -195,7 +195,11 @@ test('rest-helper-factory.generateRoutes', function (t) {
         allowRead: false,
         allowCreate: false,
         allowUpdate: false,
-        allowDelete: false
+        allowDelete: false,
+        enableReadSwagger: false,
+        enableCreateSwagger: false,
+        enableUpdateSwagger: false,
+        enableDeleteSwagger: false
       }
     };
     var userModel = mongoose.model("user", userSchema);
@@ -340,7 +344,10 @@ test('rest-helper-factory.generateRoutes', function (t) {
             type: "MANY_MANY",
             allowAdd: false,
             allowRemove: false,
-            allowRead: false
+            allowRead: false,
+            enableAddSwagger: false,
+            enableRemoveSwagger: false,
+            enableReadSwagger: false
           }
         }
       }

diff --git a/utilities/rest-helper-factory.js b/utilities/rest-helper-factory.js
@@ -200,6 +200,10 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (model.routeOptions.enableReadSwagger !== false) {
+          tags = ['api', collectionName];
+      }
 
       server.route({
         method: 'GET',
@@ -208,7 +212,7 @@ module.exports = function (logger, mongoose, server) {
           handler: handler,
           auth: auth,
           description: 'Get a list of ' + collectionName + 's',
-          tags: ['api', collectionName],
+          tags: tags,
           cors: config.cors,
           validate: {
             query: config.enableQueryValidation ? queryValidation : Joi.any(),
@@ -299,14 +303,19 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (model.routeOptions.enableReadSwagger !== false) {
+          tags = ['api', collectionName];
+      }
+
       server.route({
         method: 'GET',
         path: '/' + resourceAliasForRoute + '/{_id}',
         config: {
           handler: handler,
           auth: auth,
           description: 'Get a specific ' + collectionName,
-          tags: ['api', collectionName],
+          tags: tags,
           cors: config.cors,
           validate: {
             query: config.enableQueryValidation ? queryValidation : Joi.any(),
@@ -391,6 +400,11 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (model.routeOptions.enableCreateSwagger !== false) {
+          tags = ['api', collectionName];
+      }
+
       server.route({
         method: 'POST',
         path: '/' + resourceAliasForRoute,
@@ -399,7 +413,7 @@ module.exports = function (logger, mongoose, server) {
           auth: auth,
           cors: config.cors,
           description: 'Create one or more new ' + collectionName + 's',
-          tags: ['api', collectionName],
+          tags: tags,
           validate: {
             payload: config.enablePayloadValidation ? createModel : Joi.any(),
             headers: headersValidation
@@ -475,15 +489,20 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
-      server.route({
+      let tags = [];
+      if (model.routeOptions.enableDeleteSwagger !== false) {
+          tags = ['api', collectionName];
+      }
+
+        server.route({
         method: 'DELETE',
         path: '/' + resourceAliasForRoute + "/{_id}",
         config: {
           handler: handler,
           auth: auth,
           cors: config.cors,
           description: 'Delete a ' + collectionName,
-          tags: ['api', collectionName],
+          tags: tags,
           validate: {
             params: {
               _id: Joi.objectId().required()
@@ -568,15 +587,20 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
-      server.route({
+      let tags = [];
+      if (model.routeOptions.enableDeleteSwagger !== false) {
+          tags = ['api', collectionName];
+      }
+
+        server.route({
         method: 'DELETE',
         path: '/' + resourceAliasForRoute,
         config: {
           handler: handler,
           auth: auth,
           cors: config.cors,
           description: 'Delete multiple ' + collectionName + 's',
-          tags: ['api', collectionName],
+          tags: tags,
           validate: {
             payload: config.enablePayloadValidation ? payloadModel : Joi.any(),
             headers: headersValidation
@@ -653,15 +677,21 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
-      server.route({
+      let tags = [];
+      if (model.routeOptions.enableUpdateSwagger !== false) {
+          tags = ['api', collectionName];
+      }
+
+
+        server.route({
         method: 'PUT',
         path: '/' + resourceAliasForRoute + '/{_id}',
         config: {
           handler: handler,
           auth: auth,
           cors: config.cors,
           description: 'Update a ' + collectionName,
-          tags: ['api', collectionName],
+          tags: tags,
           validate: {
             params: {
               _id: Joi.objectId().required()
@@ -748,15 +778,20 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
-      server.route({
+      let tags = [];
+      if (association.enableAddSwagger !== false) {
+          tags = ['api', associationName, ownerModelName];
+      }
+
+        server.route({
         method: 'PUT',
         path: '/' + ownerAlias + '/{ownerId}/' + childAlias + "/{childId}",
         config: {
           handler: handler,
           auth: auth,
           cors: config.cors,
           description: 'Add a single ' + childModelName + ' to a ' + ownerModelName + '\'s list of ' + associationName,
-          tags: ['api', associationName, ownerModelName],
+          tags: tags,
           validate: {
             params: {
               ownerId: Joi.objectId().required(),
@@ -835,6 +870,11 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (association.enableRemoveSwagger !== false) {
+          tags = ['api', associationName, ownerModelName];
+      }
+
       server.route({
         method: 'DELETE',
         path: '/' + ownerAlias + '/{ownerId}/' + childAlias + "/{childId}",
@@ -843,7 +883,7 @@ module.exports = function (logger, mongoose, server) {
           auth: auth,
           cors: config.cors,
           description: 'Remove a single ' + childModelName + ' from a ' + ownerModelName + '\'s list of ' + associationName,
-          tags: ['api', associationName, ownerModelName],
+          tags: tags,
           validate: {
             params: {
               ownerId: Joi.objectId().required(),
@@ -932,6 +972,11 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (association.enableAddSwagger !== false) {
+          tags = ['api', associationName, ownerModelName];
+      }
+
       server.route({
         method: 'POST',
         path: '/' + ownerAlias + '/{ownerId}/' + childAlias,
@@ -940,7 +985,7 @@ module.exports = function (logger, mongoose, server) {
           auth: auth,
           cors: config.cors,
           description: 'Add multiple ' + childModelName + 's to a ' + ownerModelName + '\'s list of ' + associationName,
-          tags: ['api', associationName, ownerModelName],
+          tags: tags,
           validate: {
             params: {
               ownerId: Joi.objectId().required()
@@ -1017,6 +1062,11 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (association.enableRemoveSwagger !== false) {
+          tags = ['api', associationName, ownerModelName];
+      }
+
       server.route({
         method: 'DELETE',
         path: '/' + ownerAlias + '/{ownerId}/' + childAlias,
@@ -1025,7 +1075,7 @@ module.exports = function (logger, mongoose, server) {
           auth: auth,
           cors: config.cors,
           description: 'Remove multiple ' + childModelName + 's from a ' + ownerModelName + '\'s list of ' + associationName,
-          tags: ['api', associationName, ownerModelName],
+          tags: tags,
           validate: {
             params: {
               ownerId: Joi.objectId().required()
@@ -1155,6 +1205,11 @@ module.exports = function (logger, mongoose, server) {
         headersValidation = null;
       }
 
+      let tags = [];
+      if (association.enableReadSwagger !== false) {
+          tags = ['api', associationName, ownerModelName];
+      }
+
       server.route({
         method: 'GET',
         path: '/' + ownerAlias + '/{ownerId}/' + childAlias,
@@ -1163,7 +1218,7 @@ module.exports = function (logger, mongoose, server) {
           auth: auth,
           cors: config.cors,
           description: 'Get all of the ' + associationName + ' for a ' + ownerModelName,
-          tags: ['api', associationName, ownerModelName],
+          tags: tags,
           validate: {
             query: config.enableQueryValidation ? queryValidation : Joi.any(),
             params: {