Merge branch 'feature/bad-request-exception'

guillaumebriday · guillaumebriday · commit b36a49ad0b2c · 2019-09-16T20:33:37.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## v0.3.0 - 2019-09-16
+### Changed
+- Raise `Jsonapi::InvalidAttributeError` when attribute is invalid.
+
 ## v0.2.0 - 2019-08-01
 ### Fixed
 - Adding condition when spliting filter_params to prevent issue.
diff --git a/README.md b/README.md
@@ -95,6 +95,25 @@ Or use negative sort `/contacts?sort=-firstname` to sort by firstname in `desc`
 
 You can even combine multiple sort `/contacts?sort=lastname,-firstname`
 
+
+### Rescuing a Bad Request in Rails
+
+Jsonapi::scope raises a `Jsonapi::InvalidAttributeError` you can [rescue_from](https://guides.rubyonrails.org/action_controller_overview.html#rescue-from) in your `ApplicationController`.
+
+If you want to follow the specification, you **must** respond with a `400 Bad Request`.
+
+```ruby
+class ApplicationController < ActionController::Base
+ rescue_from Jsonapi::InvalidAttributeError, with: :json_api_bad_request
+
+ private
+
+  def json_api_bad_request(exception)
+    render json: { error: exception.message }, status: :bad_request
+  end
+end
+```
+
 ## Contributing
 Do not hesitate to contribute to the project by adapting or adding features ! Bug reports or pull requests are welcome.
 
diff --git a/lib/jsonapi/exceptions.rb b/lib/jsonapi/exceptions.rb
@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module Jsonapi
+  class Error < StandardError; end
+
+  class InvalidAttributeError < Error
+    def initialize(message)
+      super(message)
+    end
+  end
+end
diff --git a/lib/jsonapi/scopes.rb b/lib/jsonapi/scopes.rb
@@ -1,4 +1,5 @@
 # frozen_string_literal: true
 
+require 'jsonapi/exceptions'
 require 'jsonapi/scopes/filters'
 require 'jsonapi/scopes/sorts'
diff --git a/lib/jsonapi/scopes/filters.rb b/lib/jsonapi/scopes/filters.rb
@@ -21,7 +21,9 @@ def apply_filter(params)
         filtering_params.each do |key, value|
           value = value.to_s.split(',').reject(&:blank?) if value.include?(',')
 
-          records = records.public_send(key, value) if @filters.include?(key.to_sym)
+          raise InvalidAttributeError, "#{key} is not valid as filter attribute." unless @filters.include?(key.to_sym)
+
+          records = records.public_send(key, value)
         end
 
         records
diff --git a/lib/jsonapi/scopes/sorts.rb b/lib/jsonapi/scopes/sorts.rb
@@ -28,9 +28,12 @@ def apply_sort(params = {}, options = { allowed: [], default: {} })
         default_order = default_order.transform_keys(&:to_sym)
 
         ordered_fields = convert_to_ordered_hash(fields)
-        filtered_fields = ordered_fields.select { |key, _| allowed_fields.include?(key) }
 
-        order = filtered_fields.presence || default_order
+        ordered_fields.each do |field, _|
+          raise InvalidAttributeError, "#{field} is not valid as sort attribute." unless allowed_fields.include?(field)
+        end
+
+        order = ordered_fields.presence || default_order
 
         self.order(order)
       end
diff --git a/test/dummy/spec/models/contact_spec.rb b/test/dummy/spec/models/contact_spec.rb
@@ -63,8 +63,8 @@
         }
       end
 
-      it 'does not filter by last_name' do
-        expect(Contact.apply_filter(invalid_params)).to include(anakin, harry)
+      it 'raises an exception' do
+        expect { Contact.apply_filter(invalid_params) }.to raise_exception(Jsonapi::InvalidAttributeError, 'last_name is not valid as filter attribute.')
       end
     end
   end
@@ -91,28 +91,16 @@
         expect(Contact.apply_sort(valid_params).pluck(:id)).to eq(expected_ids)
         expect(Contact.apply_sort(valid_params).pluck(:id)).to_not eq(not_expected_ids)
       end
-
-      it 'sorts by allowed fields only' do
-        valid_params = { sort: 'last_name' } # must be ignored
-        expected_ids = Contact.order(last_name: :desc).pluck(:id) # default sort
-        not_expected_ids = Contact.order(:last_name).pluck(:id) # params sort
-
-        expect(Contact.apply_sort(valid_params, allowed: [:first_name, :age]).pluck(:id)).to eq(expected_ids)
-        expect(Contact.apply_sort(valid_params, allowed: [:first_name, :age]).pluck(:id)).to_not eq(not_expected_ids)
-      end
     end
 
     context 'with invalid params' do
       let(:anakin) { create(:contact, first_name: 'Anakin', last_name: 'Skywalker', age: 19) }
       let(:harry) { create(:contact, first_name: 'Harry', last_name: 'Potter', age: 13) }
 
-      it 'does not sort by age' do
+      it 'raises an exception' do
         invalid_params = { sort: 'age' }
-        expected_ids = Contact.pluck(:id)
-        not_expected_ids = Contact.order(:age).pluck(:id)
 
-        expect(Contact.apply_sort(invalid_params).pluck(:id)).to eq(expected_ids)
-        expect(Contact.apply_sort(invalid_params).pluck(:id)).to_not eq(not_expected_ids)
+        expect { Contact.apply_sort(invalid_params) }.to raise_exception(Jsonapi::InvalidAttributeError, 'age is not valid as sort attribute.')
       end
     end
   end
