From 0a9d1701a5c3532c83233317ea9471d8ee71c63c Mon Sep 17 00:00:00 2001 From: Adam Kiczula Date: Thu, 14 Nov 2024 18:33:22 -0600 Subject: [PATCH] fix: validate type matches resource type for sparse fieldsets --- lib/jsonapi/request.rb | 1 + .../jsonapi_request/jsonapi_request_test.rb | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/lib/jsonapi/request.rb b/lib/jsonapi/request.rb index 5e80ff96a..1653835f0 100644 --- a/lib/jsonapi/request.rb +++ b/lib/jsonapi/request.rb @@ -309,6 +309,7 @@ def parse_fields(resource_klass, fields) if type_resource.nil? fail JSONAPI::Exceptions::InvalidResource.new(type, error_object_overrides) else + verify_type(type, type_resource) unless values.nil? valid_fields = type_resource.fields.collect { |key| format_key(key) } values.each do |field| diff --git a/test/unit/jsonapi_request/jsonapi_request_test.rb b/test/unit/jsonapi_request/jsonapi_request_test.rb index dc467a728..bbad9e46f 100644 --- a/test/unit/jsonapi_request/jsonapi_request_test.rb +++ b/test/unit/jsonapi_request/jsonapi_request_test.rb @@ -171,6 +171,30 @@ def test_parse_dasherized_with_underscored_include assert_equal 'iso_currency is not a valid includable relationship of expense-entries', request.errors[0].detail end + def test_parse_fields_singular + params = ActionController::Parameters.new( + { + controller: 'expense_entries', + action: 'index', + fields: {expense_entry: 'iso_currency'} + } + ) + + request = JSONAPI::Request.new( + params, + { + context: nil, + key_formatter: JSONAPI::Formatter.formatter_for(:underscored_key) + } + ) + + e = assert_raises JSONAPI::Exceptions::InvalidResource do + request.parse_fields(ExpenseEntryResource, params[:fields]) + end + refute e.errors.empty? + assert_equal 'expense_entry is not a valid resource.', e.errors[0].detail + end + def test_parse_fields_underscored params = ActionController::Parameters.new( {