Could someone please help me to understand how actions like Post/Patch defined in the schema?
Q1:If an object in schema isn't set to readonly, does that mean it is patchable automatically?
Q2:Is all actions defined in schema below to POST?
Following is a excerpt from Redfish spec
"Submitting a POST request to a resource collection is equivalent to submitting the same request to the Members property of that resource collection. Services that support the addition of Members to a resource collection shall support both forms. For example, if a client adds a member to the resource collection at /redfish/v1/EventService/Subscriptions, it can send a POST request to either /redfish/v1/EventService/Subscriptions or /redfish/v1/EventService/Subscriptions/Members."
But when I look at schema of EventService, I don't see any action defined for creating a subscription. I wonder how could an user find out what to from schema definition?
For Q1, this is a bit ambiguous since the permissions term doesn't appear to have a default value. When we publish schema definitions, we explicitly call out their permissions to ensure the intent is clear. One thing to be cautious of though is we omit the permissions term on objects containing sets of properties and put the permissions on the properties within an object. The reason for this is within an object, you can have a mix of read-only and writable properties, so an object-level permission definition doesn't make that apparent.
For Q2, POST has two usages: creating a new resource and performing an action. POST from a create perspective does not require additional schema definitions since the client is creating a new instance of a resource that is backed by schema. For example, if you're creating a new EventDestination resource, the client builds the new EventDestination resource (based off the EventDestination schema) and performs a POST on the EventDestinationCollection resource. Actions require their own schema definitions since the client is not inserting a new resource, but rather performing an operation that does not map to CRUD semantics. The request and response payloads in these cases don't match resource definitions.
One other thing to note with permissions is even if we publish schema that marks a property writable, it's not necessary that all implementations allow the given property to be writable; some may make properties defined by the DMTF as read-only regardless of the permissions in the schema we publish.