fun_with_json_api 0.0.10.2 → 0.0.10.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/config/locales/fun_with_json_api.en.yml +1 -0
- data/lib/fun_with_json_api/exceptions/unauthorized_attribute.rb +17 -0
- data/lib/fun_with_json_api/exceptions/unauthorized_relationship.rb +1 -1
- data/lib/fun_with_json_api/schema_validator.rb +1 -1
- data/lib/fun_with_json_api/schema_validators/{check_attributes.rb → check_attribute_names.rb} +22 -11
- data/lib/fun_with_json_api/version.rb +1 -1
- data/spec/dummy/log/test.log +8345 -0
- data/spec/fun_with_json_api/schema_validator_spec.rb +1 -1
- data/spec/fun_with_json_api/schema_validators/{check_attributes_spec.rb → check_attribute_names_spec.rb} +5 -5
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6cbd2e7cd7eb77ab42c01c61b7c0f9cc30d73e85
|
|
4
|
+
data.tar.gz: 4eb860a2624ff7a914b0551b2bdd4d93d2a075be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d9a7000c4f77af589383b619af65b15a92e20955f2d8bec2faab500550fb25674f0b90db60b44401d807a9eaa731105ab8c106a4c2aa2d2fcf87e06d9f5b86af
|
|
7
|
+
data.tar.gz: 67cbade73e38c41c46f06918a0f42fdeae60e56452a266324e2fd0e31e8082037bfb7c23ec8fa8c8f8ed4a7b65296f60af48eb7a7178682ce305508f78623ba2
|
|
@@ -11,6 +11,7 @@ en:
|
|
|
11
11
|
unauthorized_resource: 'Unable to access the requested resource'
|
|
12
12
|
invalid_attribute: 'Request json_api attribute data is invalid'
|
|
13
13
|
unknown_attribute: 'Request json_api attribute is not recognised by the current endpoint'
|
|
14
|
+
unauthorized_attribute: Request json_api attribute can not be updated by the current endpoint
|
|
14
15
|
invalid_relationship: 'Request json_api relationship data is invalid'
|
|
15
16
|
missing_relationship: 'Unable to find the requested relationship'
|
|
16
17
|
unknown_relationship: 'Request json_api relationship is not recognised by the current endpoint'
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module FunWithJsonApi
|
|
2
|
+
module Exceptions
|
|
3
|
+
# Indicates a supplied attribute value is known but unable to be changed by this endpoint
|
|
4
|
+
class UnauthorizedAttribute < FunWithJsonApi::Exception
|
|
5
|
+
def initialize(message, payload = ExceptionPayload.new)
|
|
6
|
+
payload = Array.wrap(payload).each do |unknown|
|
|
7
|
+
unknown.code ||= 'unauthorized_attribute'
|
|
8
|
+
unknown.title ||= I18n.t(
|
|
9
|
+
:unauthorized_attribute, scope: 'fun_with_json_api.exceptions'
|
|
10
|
+
)
|
|
11
|
+
unknown.status ||= '403'
|
|
12
|
+
end
|
|
13
|
+
super
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module FunWithJsonApi
|
|
2
2
|
module Exceptions
|
|
3
|
-
# Indicates a supplied relationship value is
|
|
3
|
+
# Indicates a supplied relationship value is known but unable to be changed by this endpoint
|
|
4
4
|
class UnauthorizedRelationship < FunWithJsonApi::Exception
|
|
5
5
|
def initialize(message, payload = ExceptionPayload.new)
|
|
6
6
|
payload = Array.wrap(payload).each do |unknown|
|
|
@@ -21,7 +21,7 @@ module FunWithJsonApi
|
|
|
21
21
|
def check
|
|
22
22
|
FunWithJsonApi::SchemaValidators::CheckDocumentTypeMatchesResource.call(self)
|
|
23
23
|
FunWithJsonApi::SchemaValidators::CheckDocumentIdMatchesResource.call(self)
|
|
24
|
-
FunWithJsonApi::SchemaValidators::
|
|
24
|
+
FunWithJsonApi::SchemaValidators::CheckAttributeNames.call(document, deserializer)
|
|
25
25
|
FunWithJsonApi::SchemaValidators::CheckRelationships.call(document, deserializer)
|
|
26
26
|
end
|
|
27
27
|
|
data/lib/fun_with_json_api/schema_validators/{check_attributes.rb → check_attribute_names.rb}
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module FunWithJsonApi
|
|
2
2
|
module SchemaValidators
|
|
3
|
-
class
|
|
3
|
+
class CheckAttributeNames
|
|
4
4
|
def self.call(document, deserializer)
|
|
5
5
|
new(document, deserializer).call
|
|
6
6
|
end
|
|
@@ -15,11 +15,11 @@ module FunWithJsonApi
|
|
|
15
15
|
|
|
16
16
|
def call
|
|
17
17
|
attributes = document['data'].fetch('attributes', {}).keys
|
|
18
|
-
unknown = attributes.reject { |attribute| resource_attributes.include?(attribute) }
|
|
19
18
|
|
|
20
|
-
|
|
19
|
+
unknown = attributes.reject { |attribute| resource_attributes.include?(attribute) }
|
|
20
|
+
check_attribute_names(attributes) if unknown.any?
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
true
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def resource_attributes
|
|
@@ -32,14 +32,19 @@ module FunWithJsonApi
|
|
|
32
32
|
|
|
33
33
|
private
|
|
34
34
|
|
|
35
|
-
def
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
build_forbidden_attribute_payload(attribute)
|
|
39
|
-
else
|
|
40
|
-
build_unknown_attribute_payload(attribute)
|
|
41
|
-
end
|
|
35
|
+
def check_attribute_names(unknown)
|
|
36
|
+
unauthorised_attributes = unknown.select do |attribute|
|
|
37
|
+
known_attributes.include?(attribute)
|
|
42
38
|
end
|
|
39
|
+
if unauthorised_attributes.any?
|
|
40
|
+
raise build_forbidden_attribute_error(unauthorised_attributes)
|
|
41
|
+
else
|
|
42
|
+
raise build_unknown_attributes_error(unknown)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def build_unknown_attributes_error(attributes)
|
|
47
|
+
payload = attributes.map { |attribute| build_unknown_attribute_payload(attribute) }
|
|
43
48
|
message = 'Unknown attributes were provided by endpoint'
|
|
44
49
|
FunWithJsonApi::Exceptions::UnknownAttribute.new(message, payload)
|
|
45
50
|
end
|
|
@@ -51,6 +56,12 @@ module FunWithJsonApi
|
|
|
51
56
|
)
|
|
52
57
|
end
|
|
53
58
|
|
|
59
|
+
def build_forbidden_attribute_error(attributes)
|
|
60
|
+
payload = attributes.map { |attribute| build_forbidden_attribute_payload(attribute) }
|
|
61
|
+
message = 'Forbidden attributes were provided by endpoint'
|
|
62
|
+
FunWithJsonApi::Exceptions::UnauthorizedAttribute.new(message, payload)
|
|
63
|
+
end
|
|
64
|
+
|
|
54
65
|
def build_forbidden_attribute_payload(attribute)
|
|
55
66
|
ExceptionPayload.new(
|
|
56
67
|
detail: forbidden_attribute_error(attribute),
|