Don't include REST methods and schemas in OpenAPI when corresponding actions are not available according to the dab config

[Benjiiim]

Today, the OpenAPI generated by DAB is including actions that are not supported by the API.
Why not filtering out these methods?

For example, when using the following entity configuration:

"permissions": [
        {
          "role": "anonymous",
          "actions": [
            {
              "action": "read"
            }
          ]
        }
      ]

We can expect not to see the PUT, PATCH, DELETE or POST verbs in the OpenAPI document.

Corresponding schemas (I'm thinking about NoAutoPK and NoPK for example) might be filtering out as well.

That would make the OpenAPI more production-ready, which can be useful to generate a better Swagger documentation or to more easily import the API in Azure API Management for example.

[thinh-ngu]

Upvote all of this!
Totally agree, had someone try to use APIM solution on DAB, and they were confused by the other methods that weren't being used.

[Benjiiim]

Related to #1771. Respecting rest.methods from tables and views when generating the OpenAPI document might help here.