fix: validate type matches resource type for sparse fieldsets (#1461)

adamkiczula · web-flow · commit d3c094b46a38 · 2024-11-20T21:09:06.000-06:00
diff --git a/lib/jsonapi/request.rb b/lib/jsonapi/request.rb
@@ -309,6 +309,7 @@ def parse_fields(resource_klass, fields)
         if type_resource.nil?
           fail JSONAPI::Exceptions::InvalidResource.new(type, error_object_overrides)
         else
+          verify_type(type, type_resource)
           unless values.nil?
             valid_fields = type_resource.fields.collect { |key| format_key(key) }
             values.each do |field|
diff --git a/test/unit/jsonapi_request/jsonapi_request_test.rb b/test/unit/jsonapi_request/jsonapi_request_test.rb
@@ -171,6 +171,30 @@ def test_parse_dasherized_with_underscored_include
     assert_equal 'iso_currency is not a valid includable relationship of expense-entries', request.errors[0].detail
   end
 
+  def test_parse_fields_singular
+    params = ActionController::Parameters.new(
+      {
+        controller: 'expense_entries',
+        action: 'index',
+        fields: {expense_entry: 'iso_currency'}
+      }
+    )
+
+    request = JSONAPI::Request.new(
+      params,
+      {
+        context: nil,
+        key_formatter: JSONAPI::Formatter.formatter_for(:underscored_key)
+      }
+    )
+
+    e = assert_raises JSONAPI::Exceptions::InvalidResource do
+      request.parse_fields(ExpenseEntryResource, params[:fields])
+    end
+    refute e.errors.empty?
+    assert_equal 'expense_entry is not a valid resource.', e.errors[0].detail
+  end
+
   def test_parse_fields_underscored
     params = ActionController::Parameters.new(
       {
