fun_with_json_api 0.0.10.2 → 0.0.10.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/config/locales/fun_with_json_api.en.yml +1 -0
- data/lib/fun_with_json_api/exceptions/unauthorized_attribute.rb +17 -0
- data/lib/fun_with_json_api/exceptions/unauthorized_relationship.rb +1 -1
- data/lib/fun_with_json_api/schema_validator.rb +1 -1
- data/lib/fun_with_json_api/schema_validators/{check_attributes.rb → check_attribute_names.rb} +22 -11
- data/lib/fun_with_json_api/version.rb +1 -1
- data/spec/dummy/log/test.log +8345 -0
- data/spec/fun_with_json_api/schema_validator_spec.rb +1 -1
- data/spec/fun_with_json_api/schema_validators/{check_attributes_spec.rb → check_attribute_names_spec.rb} +5 -5
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6cbd2e7cd7eb77ab42c01c61b7c0f9cc30d73e85
|
|
4
|
+
data.tar.gz: 4eb860a2624ff7a914b0551b2bdd4d93d2a075be
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d9a7000c4f77af589383b619af65b15a92e20955f2d8bec2faab500550fb25674f0b90db60b44401d807a9eaa731105ab8c106a4c2aa2d2fcf87e06d9f5b86af
|
|
7
|
+
data.tar.gz: 67cbade73e38c41c46f06918a0f42fdeae60e56452a266324e2fd0e31e8082037bfb7c23ec8fa8c8f8ed4a7b65296f60af48eb7a7178682ce305508f78623ba2
|
|
@@ -11,6 +11,7 @@ en:
|
|
|
11
11
|
unauthorized_resource: 'Unable to access the requested resource'
|
|
12
12
|
invalid_attribute: 'Request json_api attribute data is invalid'
|
|
13
13
|
unknown_attribute: 'Request json_api attribute is not recognised by the current endpoint'
|
|
14
|
+
unauthorized_attribute: Request json_api attribute can not be updated by the current endpoint
|
|
14
15
|
invalid_relationship: 'Request json_api relationship data is invalid'
|
|
15
16
|
missing_relationship: 'Unable to find the requested relationship'
|
|
16
17
|
unknown_relationship: 'Request json_api relationship is not recognised by the current endpoint'
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
module FunWithJsonApi
|
|
2
|
+
module Exceptions
|
|
3
|
+
# Indicates a supplied attribute value is known but unable to be changed by this endpoint
|
|
4
|
+
class UnauthorizedAttribute < FunWithJsonApi::Exception
|
|
5
|
+
def initialize(message, payload = ExceptionPayload.new)
|
|
6
|
+
payload = Array.wrap(payload).each do |unknown|
|
|
7
|
+
unknown.code ||= 'unauthorized_attribute'
|
|
8
|
+
unknown.title ||= I18n.t(
|
|
9
|
+
:unauthorized_attribute, scope: 'fun_with_json_api.exceptions'
|
|
10
|
+
)
|
|
11
|
+
unknown.status ||= '403'
|
|
12
|
+
end
|
|
13
|
+
super
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
end
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module FunWithJsonApi
|
|
2
2
|
module Exceptions
|
|
3
|
-
# Indicates a supplied relationship value is
|
|
3
|
+
# Indicates a supplied relationship value is known but unable to be changed by this endpoint
|
|
4
4
|
class UnauthorizedRelationship < FunWithJsonApi::Exception
|
|
5
5
|
def initialize(message, payload = ExceptionPayload.new)
|
|
6
6
|
payload = Array.wrap(payload).each do |unknown|
|
|
@@ -21,7 +21,7 @@ module FunWithJsonApi
|
|
|
21
21
|
def check
|
|
22
22
|
FunWithJsonApi::SchemaValidators::CheckDocumentTypeMatchesResource.call(self)
|
|
23
23
|
FunWithJsonApi::SchemaValidators::CheckDocumentIdMatchesResource.call(self)
|
|
24
|
-
FunWithJsonApi::SchemaValidators::
|
|
24
|
+
FunWithJsonApi::SchemaValidators::CheckAttributeNames.call(document, deserializer)
|
|
25
25
|
FunWithJsonApi::SchemaValidators::CheckRelationships.call(document, deserializer)
|
|
26
26
|
end
|
|
27
27
|
|
data/lib/fun_with_json_api/schema_validators/{check_attributes.rb → check_attribute_names.rb}
RENAMED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
module FunWithJsonApi
|
|
2
2
|
module SchemaValidators
|
|
3
|
-
class
|
|
3
|
+
class CheckAttributeNames
|
|
4
4
|
def self.call(document, deserializer)
|
|
5
5
|
new(document, deserializer).call
|
|
6
6
|
end
|
|
@@ -15,11 +15,11 @@ module FunWithJsonApi
|
|
|
15
15
|
|
|
16
16
|
def call
|
|
17
17
|
attributes = document['data'].fetch('attributes', {}).keys
|
|
18
|
-
unknown = attributes.reject { |attribute| resource_attributes.include?(attribute) }
|
|
19
18
|
|
|
20
|
-
|
|
19
|
+
unknown = attributes.reject { |attribute| resource_attributes.include?(attribute) }
|
|
20
|
+
check_attribute_names(attributes) if unknown.any?
|
|
21
21
|
|
|
22
|
-
|
|
22
|
+
true
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
def resource_attributes
|
|
@@ -32,14 +32,19 @@ module FunWithJsonApi
|
|
|
32
32
|
|
|
33
33
|
private
|
|
34
34
|
|
|
35
|
-
def
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
build_forbidden_attribute_payload(attribute)
|
|
39
|
-
else
|
|
40
|
-
build_unknown_attribute_payload(attribute)
|
|
41
|
-
end
|
|
35
|
+
def check_attribute_names(unknown)
|
|
36
|
+
unauthorised_attributes = unknown.select do |attribute|
|
|
37
|
+
known_attributes.include?(attribute)
|
|
42
38
|
end
|
|
39
|
+
if unauthorised_attributes.any?
|
|
40
|
+
raise build_forbidden_attribute_error(unauthorised_attributes)
|
|
41
|
+
else
|
|
42
|
+
raise build_unknown_attributes_error(unknown)
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
46
|
+
def build_unknown_attributes_error(attributes)
|
|
47
|
+
payload = attributes.map { |attribute| build_unknown_attribute_payload(attribute) }
|
|
43
48
|
message = 'Unknown attributes were provided by endpoint'
|
|
44
49
|
FunWithJsonApi::Exceptions::UnknownAttribute.new(message, payload)
|
|
45
50
|
end
|
|
@@ -51,6 +56,12 @@ module FunWithJsonApi
|
|
|
51
56
|
)
|
|
52
57
|
end
|
|
53
58
|
|
|
59
|
+
def build_forbidden_attribute_error(attributes)
|
|
60
|
+
payload = attributes.map { |attribute| build_forbidden_attribute_payload(attribute) }
|
|
61
|
+
message = 'Forbidden attributes were provided by endpoint'
|
|
62
|
+
FunWithJsonApi::Exceptions::UnauthorizedAttribute.new(message, payload)
|
|
63
|
+
end
|
|
64
|
+
|
|
54
65
|
def build_forbidden_attribute_payload(attribute)
|
|
55
66
|
ExceptionPayload.new(
|
|
56
67
|
detail: forbidden_attribute_error(attribute),
|