Merge pull request #1329 from vgsantoniazzi/master

Use inclusive terminology

Author: lgebhardt

lib/jsonapi/acts_as_resource_controller.rb

@@ -273,7 +273,7 @@ def handle_exceptions(e)
         when ActionController::ParameterMissing
           errors = JSONAPI::Exceptions::ParameterMissing.new(e.param).errors
         else
-          if JSONAPI.configuration.exception_class_whitelisted?(e)
+          if JSONAPI.configuration.exception_class_allowed?(e)
             raise e
           else
             if self.class.server_error_callbacks
@@ -308,7 +308,7 @@ def safe_run_callback(callback, error)
     # caught that is not a JSONAPI::Exceptions::Error
     # Useful for additional logging or notification configuration that
     # would normally depend on rails catching and rendering an exception.
-    # Ignores whitelist exceptions from config
+    # Ignores allowlist exceptions from config
 
     module ClassMethods
 

lib/jsonapi/configuration.rb

@@ -28,8 +28,8 @@ class Configuration
                 :allow_transactions,
                 :include_backtraces_in_errors,
                 :include_application_backtraces_in_errors,
-                :exception_class_whitelist,
-                :whitelist_all_exceptions,
+                :exception_class_allowlist,
+                :allow_all_exceptions,
                 :always_include_to_one_linkage_data,
                 :always_include_to_many_linkage_data,
                 :cache_formatters,
@@ -95,12 +95,12 @@ def initialize
       # raise a Pundit::NotAuthorizedError at some point during operations
       # processing. If you want to use Rails' `rescue_from` macro to
       # catch this error and render a 403 status code, you should add
-      # the `Pundit::NotAuthorizedError` to the `exception_class_whitelist`.
-      self.exception_class_whitelist = []
+      # the `Pundit::NotAuthorizedError` to the `exception_class_allowlist`.
+      self.exception_class_allowlist = []
 
-      # If enabled, will override configuration option `exception_class_whitelist`
-      # and whitelist all exceptions.
-      self.whitelist_all_exceptions = false
+      # If enabled, will override configuration option `exception_class_allowlist`
+      # and allow all exceptions.
+      self.allow_all_exceptions = false
 
       # Resource Linkage
       # Controls the serialization of resource linkage for non compound documents
@@ -219,9 +219,9 @@ def route_formatter
       return formatter
     end
 
-    def exception_class_whitelisted?(e)
-      @whitelist_all_exceptions ||
-        @exception_class_whitelist.flatten.any? { |k| e.class.ancestors.map(&:to_s).include?(k.to_s) }
+    def exception_class_allowed?(e)
+      @allow_all_exceptions ||
+        @exception_class_allowlist.flatten.any? { |k| e.class.ancestors.map(&:to_s).include?(k.to_s) }
     end
 
     def default_processor_klass=(default_processor_klass)
@@ -244,6 +244,16 @@ def allow_include=(allow_include)
       @default_allow_include_to_many = allow_include
     end
 
+    def whitelist_all_exceptions=(allow_all_exceptions)
+      ActiveSupport::Deprecation.warn('`whitelist_all_exceptions` has been replaced by `allow_all_exceptions`')
+      @allow_all_exceptions = allow_all_exceptions
+    end
+
+    def exception_class_whitelist=(exception_class_allowlist)
+      ActiveSupport::Deprecation.warn('`exception_class_whitelist` has been replaced by `exception_class_allowlist`')
+      @exception_class_allowlist = exception_class_allowlist
+    end
+
     attr_writer :allow_sort, :allow_filter, :default_allow_include_to_one, :default_allow_include_to_many
 
     attr_writer :default_paginator
@@ -270,9 +280,9 @@ def allow_include=(allow_include)
 
     attr_writer :include_application_backtraces_in_errors
 
-    attr_writer :exception_class_whitelist
+    attr_writer :exception_class_allowlist
 
-    attr_writer :whitelist_all_exceptions
+    attr_writer :allow_all_exceptions
 
     attr_writer :always_include_to_one_linkage_data
 

test/controllers/controller_test.rb

@@ -81,26 +81,40 @@ def test_accept_header_not_jsonapi
     assert_equal "All requests must use the '#{JSONAPI::MEDIA_TYPE}' Accept without media type parameters. This request specified '#{@request.headers['Accept']}'.", json_response['errors'][0]['detail']
   end
 
-  def test_exception_class_whitelist
-    original_whitelist = JSONAPI.configuration.exception_class_whitelist.dup
+  def test_exception_class_allowlist
+    original_allowlist = JSONAPI.configuration.exception_class_allowlist.dup
     $PostProcessorRaisesErrors = true
     # test that the operations dispatcher rescues the error when it
-    # has not been added to the exception_class_whitelist
+    # has not been added to the exception_class_allowlist
     assert_cacheable_get :index
     assert_response 500
 
     # test that the operations dispatcher does not rescue the error when it
-    # has been added to the exception_class_whitelist
-    JSONAPI.configuration.exception_class_whitelist << PostsController::SpecialError
+    # has been added to the exception_class_allowlist
+    JSONAPI.configuration.exception_class_allowlist << PostsController::SpecialError
     assert_cacheable_get :index
     assert_response 403
   ensure
     $PostProcessorRaisesErrors = false
-    JSONAPI.configuration.exception_class_whitelist = original_whitelist
+    JSONAPI.configuration.exception_class_allowlist = original_allowlist
+  end
+
+  def test_allow_all_exceptions
+    original_config = JSONAPI.configuration.allow_all_exceptions
+    $PostProcessorRaisesErrors = true
+    assert_cacheable_get :index
+    assert_response 500
+
+    JSONAPI.configuration.allow_all_exceptions = true
+    assert_cacheable_get :index
+    assert_response 403
+  ensure
+    $PostProcessorRaisesErrors = false
+    JSONAPI.configuration.allow_all_exceptions = original_config
   end
 
   def test_whitelist_all_exceptions
-    original_config = JSONAPI.configuration.whitelist_all_exceptions
+    original_config = JSONAPI.configuration.allow_all_exceptions
     $PostProcessorRaisesErrors = true
     assert_cacheable_get :index
     assert_response 500
@@ -114,18 +128,18 @@ def test_whitelist_all_exceptions
   end
 
   def test_exception_added_to_request_env
-    original_config = JSONAPI.configuration.whitelist_all_exceptions
+    original_config = JSONAPI.configuration.allow_all_exceptions
     $PostProcessorRaisesErrors = true
     refute @request.env['action_dispatch.exception']
     assert_cacheable_get :index
     assert @request.env['action_dispatch.exception']
 
-    JSONAPI.configuration.whitelist_all_exceptions = true
+    JSONAPI.configuration.allow_all_exceptions = true
     assert_cacheable_get :index
     assert @request.env['action_dispatch.exception']
   ensure
     $PostProcessorRaisesErrors = false
-    JSONAPI.configuration.whitelist_all_exceptions = original_config
+    JSONAPI.configuration.allow_all_exceptions = original_config
   end
 
   def test_exception_includes_backtrace_when_enabled
@@ -168,7 +182,7 @@ def test_exception_includes_application_backtrace_when_enabled
 
   def test_on_server_error_block_callback_with_exception
     original_config = JSONAPI.configuration.dup
-    JSONAPI.configuration.exception_class_whitelist = []
+    JSONAPI.configuration.exception_class_allowlist = []
     $PostProcessorRaisesErrors = true
 
     @controller.class.instance_variable_set(:@callback_message, "none")
@@ -189,7 +203,7 @@ def test_on_server_error_block_callback_with_exception
 
   def test_on_server_error_method_callback_with_exception
     original_config = JSONAPI.configuration.dup
-    JSONAPI.configuration.exception_class_whitelist = []
+    JSONAPI.configuration.exception_class_allowlist = []
     $PostProcessorRaisesErrors = true
 
     #ignores methods that don't exist
@@ -208,7 +222,7 @@ def test_on_server_error_method_callback_with_exception
 
   def test_on_server_error_method_callback_with_exception_on_serialize
     original_config = JSONAPI.configuration.dup
-    JSONAPI.configuration.exception_class_whitelist = []
+    JSONAPI.configuration.exception_class_allowlist = []
     $PostSerializerRaisesErrors = true
 
     #ignores methods that don't exist
@@ -4000,6 +4014,16 @@ def test_uncaught_error_in_controller_translated_to_internal_server_error
     assert_match /Internal Server Error/, json_response['errors'][0]['detail']
   end
 
+  def test_not_allowed_error_in_controller
+    original_config = JSONAPI.configuration.dup
+    JSONAPI.configuration.exception_class_allowlist = []
+    get :show, params: {id: '1'}
+    assert_response 500
+    assert_match /Internal Server Error/, json_response['errors'][0]['detail']
+  ensure
+    JSONAPI.configuration = original_config
+  end
+
   def test_not_whitelisted_error_in_controller
     original_config = JSONAPI.configuration.dup
     JSONAPI.configuration.exception_class_whitelist = []
@@ -4010,6 +4034,18 @@ def test_not_whitelisted_error_in_controller
     JSONAPI.configuration = original_config
   end
 
+  def test_allowed_error_in_controller
+    original_config = JSONAPI.configuration.dup
+    $PostProcessorRaisesErrors = true
+    JSONAPI.configuration.exception_class_allowlist = [PostsController::SubSpecialError]
+    assert_raises PostsController::SubSpecialError do
+      assert_cacheable_get :show, params: {id: '1'}
+    end
+  ensure
+    JSONAPI.configuration = original_config
+    $PostProcessorRaisesErrors = false
+  end
+
   def test_whitelisted_error_in_controller
     original_config = JSONAPI.configuration.dup
     $PostProcessorRaisesErrors = true

test/fixtures/active_record.rb

@@ -917,7 +917,7 @@ class SpecialError < StandardError; end
   class SubSpecialError < PostsController::SpecialError; end
   class SerializeError < StandardError; end
 
-  # This is used to test that classes that are whitelisted are reraised by
+  # This is used to test that classes that are allowed are reraised by
   # the operations dispatcher.
   rescue_from PostsController::SpecialError do
     head :forbidden