You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be awesome to leverage this gem to skip altogether the params permissions in the controller
Today we can almost do so if our API doesn't allow additional properties. Indeed, if you use strict: true when validating incoming params against a schema, you can assume that you don't need to recheck (the real issue is more: re-write at a different place) your params when using them into your rails CRUD controller (permitted params)
The issue comes when you don't want to raise an error if extra params are given, but you still want to "extract" only the "permitted" (or in the JSON schema case the "described") params
Could it be a good idea to provide a new option such as remove_additional_properties: true that would remove the non "described" properties (not present in the json schema) if the data end up being valid against the tested schema
This could solve the issue :
you don't raise error if extra params are given
you can use the validated params as is, because you removed extra non described (unwanted) properties
schema={"type"=>"object","required"=>["a","b"],"properties"=>{"a"=>{"type"=>"integer"},"b"=>{"type"=>"object","required"=>["d"],"properties": {"d"=>{"type"=>"integer"},},"additionalProperties": false,}}JSON::Validator.validate(schema,data)# true # valid but no modification in data# data = {# "a" => 5,# "b" => {# "d" => 2# },# "j" => "woops"# }JSON::Validator.validate(schema,data,:remove_additional_properties=>true)# true # valid and we removed "non described" additional param# data = { # "a" => 5,# "b" => {# "d" => 2# },# }# If additional params are given where additionalParams is explicitly to false, an finite enum, or :strict option is used, it failsdata={"a"=>5,
"b"=>{"d"=>2,
"e"=>"nope"},}JSON::Validator.validate(schema,data,:remove_additional_properties=>true)# false# data = {# "a" => 5,# "b" => {# "d" => 2,# "e" => "nope",# },# }
additionalProperties: false => raises an error and doesn't modify the data additionalProperties: true => doesn't raises error and doesn't modify the data additionalProperties: nil => doesn't raises error and modify the data additionalProperties: [enum] => TBD (raises an error and doesn't modify the data OR doesn't raises error and remove additional keys that are not present in the additionalProperties enum) // preference for the first one
The text was updated successfully, but these errors were encountered:
ngouy
changed the title
Remove additional properties
option to remove additional properties
May 3, 2021
It would be awesome to leverage this gem to skip altogether the params permissions in the controller
Today we can almost do so if our API doesn't allow additional properties. Indeed, if you use
strict: true
when validating incoming params against a schema, you can assume that you don't need to recheck (the real issue is more: re-write at a different place) your params when using them into your rails CRUD controller (permitted params)The issue comes when you don't want to raise an error if extra params are given, but you still want to "extract" only the "permitted" (or in the JSON schema case the "described") params
I see here https://www.rubydoc.info/gems/json-schema/2.4.1#Validate_a_JSON_object_against_a_JSON_schema_object__while_inserting_default_values_from_the_schema
That some options are modifying the given data to check.
Could it be a good idea to provide a new option such as
remove_additional_properties: true
that would remove the non "described" properties (not present in the json schema) if the data end up being valid against the tested schemaThis could solve the issue :
additionalProperties: false
=> raises an error and doesn't modify the dataadditionalProperties: true
=> doesn't raises error and doesn't modify the dataadditionalProperties: nil
=> doesn't raises error and modify the dataadditionalProperties: [enum]
=> TBD (raises an error and doesn't modify the data OR doesn't raises error and remove additional keys that are not present in the additionalProperties enum) // preference for the first oneThe text was updated successfully, but these errors were encountered: