Verify filters that are passed to show_related_resources (#971)

Author: hidde-jan

lib/jsonapi/processor.rb

@@ -160,9 +160,10 @@ def show_related_resources
       include_directives = params[:include_directives]
 
       source_resource ||= source_klass.find_by_key(source_id, context: context, fields: fields)
+      verified_filters = resource_klass.verify_filters(filters, context)
 
       rel_opts = {
-        filters:  filters,
+        filters:  verified_filters,
         sort_criteria: sort_criteria,
         paginator: paginator,
         fields: fields,

lib/jsonapi/request_parser.rb

@@ -119,7 +119,7 @@ def setup_get_related_resources_action(params, resource_klass)
           relationship_type: relationship_type,
           source_klass: source_klass,
           source_id: source_id,
-          filters: source_klass.verify_filters(filters, @context),
+          filters: filters,
           sort_criteria: sort_criteria,
           paginator: paginator,
           fields: fields,

test/controllers/controller_test.rb

@@ -2390,6 +2390,17 @@ def test_invalid_filter_value
     assert_response :bad_request
   end
 
+  def test_invalid_filter_value_for_get_related_resources
+    assert_cacheable_get :get_related_resources, params: {
+          hair_cut_id: 1,
+          relationship: 'people',
+          source: 'hair_cuts',
+          filter: {name: 'L'}
+        }
+
+    assert_response :bad_request
+  end
+
   def test_valid_filter_value
     assert_cacheable_get :index, params: {filter: {name: 'Joe Author'}}
     assert_response :success

test/fixtures/active_record.rb

@@ -394,6 +394,7 @@ class Section < ActiveRecord::Base
 end
 
 class HairCut < ActiveRecord::Base
+  has_many :people
 end
 
 class Property < ActiveRecord::Base

test/test_helper.rb

@@ -229,6 +229,7 @@ class CatResource < JSONAPI::Resource
   jsonapi_resources :comments
   jsonapi_resources :firms
   jsonapi_resources :tags
+  jsonapi_resources :hair_cuts
   jsonapi_resources :posts do
     jsonapi_relationships
     jsonapi_links :special_tags