Inclusion of JSONAPI::Utils in a specific controller obfuscates errors
averydev opened this issue · 3 comments
Hi there,
Just had a hard time tracking down an issue with an update I was doing on an a record.
I included JSONAPI::Utils in my controller, and implemented it in my index method.
The update method was failing in jsonapi-resources because an attribute was included in the request that wasn't supposed to be there, so it was failing. However as long as JSONAPI::Utils was included, the error that came back was that the key was not included {"errors":[{"title":"A key is required","detail":"...
This was extremely confusing and sent me down a bunch of rabbit holes.
Hi @averydev,
Could you please let me know the versions of jsonapi-resources and jsonapi-utis present in your Gemfile.lock. I would also appreciate to know more details about the error case, like an example of a URL + a resource class that would generate such an error.
It was possible to achieve this error case by letting my controller use the jsonapi-resources' default update action instead of writing my own. The error is due to a double call on JSONAPI::Request#setup_action that removes the id key from the params during its execution. Then when called twice it does not find the id within the request's params in the last call.
More details:
The first call happens in JSONAPI::Utils::Request#setup_request – at the controller's before action – and the second one in JSONAPI::ActsAsResourceController#process_request – which is called because of using the default update action of jsonapi-resources.
Solution:
If you really want to use the jsonapi-resources' default update action, you can use the skip_before_action :setup_request, :check_request, only: :update in order to avoid that duplicate call.
With PR #23 I will try to figure out a more elegant way to avoid developers achieving this error.