Currently we either create a custom API endpoint or hook into an existing one and manipulate the result to contain results from multiple tables.
But in essence a complex request normally involves multiple calls to the db.
There is currently no protection and it is actually quite simple to completely mess up a collection by e.g. mixing up endpoints
You can create a function that hooks into the “before-collection-delete/change” hook so that some additional confirmation is done before a change is made.
But then again: what are you trying to protect from? Mistakes in DEV? A “delete this collection”-button being pressed by the wrong user / by accident?
You should not change core files.
You should create all custom functionality in either config/bootstrap.php or as a plugin or module.
The easiest way (because of the lack of documentation) is to have a look at existing plugins and modules, reverse engineer them and create your functionality.
Depends. As some stated there are some shortcomings, general ones like the missing doc (makes it complicated to get a while team started on it) or functional ones like not granualar permission options.
I’d say it is a perfect solution for midsized projects.
What do you consider to be a “large complex job”?
I’d say: performance vs ease of setup/use
SQLite: fast, simple setup, lower write performance
Mongodb: slightly more complex setup, faster DB performance over all