references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-13 19:20:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Catch malformed filter parameters

Browse Source
This commit is contained in:
Tobias Dillmann
2026-06-08 11:55:15 +02:00
committed by Tobias Dillmann
parent 61a078ad2a
commit b698ef9eb6
2 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/services/api/v3/parse_query_params_service.rb
+4
View File
@@ -135,6 +135,10 @@ module API
end
def filter_from_params(filter)
unless filter.is_a?(Hash)
raise JSON::ParserError, "Filter must be a JSON object, got #{filter.class}"
end
attribute = filter.keys.first # there should only be one attribute per filter
operator = filter[attribute]["operator"]
values = Array(filter[attribute]["values"])
spec/services/api/v3/parse_query_params_service_spec.rb
+18
View File
@@ -285,6 +285,24 @@ RSpec.describe API::V3::ParseQueryParamsService,
end
end
end
context "with a non-object filter element" do
let(:params) do
{ filters: JSON::dump([["status", "=", "not a hash"]]) }
end
it "is not success" do
expect(subject)
.not_to be_success
end
it "returns the error" do
expect(subject.errors.messages[:base].length)
.to be(1)
expect(subject.errors.messages[:base][0])
.to include("Filter must be a JSON object, got Array")
end
end
end
end