Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to remove additional properties #453

Open
ngouy opened this issue May 3, 2021 · 0 comments
Open

option to remove additional properties #453

ngouy opened this issue May 3, 2021 · 0 comments

Comments

@ngouy
Copy link

ngouy commented May 3, 2021
edited
Loading

It would be awesome to leverage this gem to skip altogether the params permissions in the controller

Today we can almost do so if our API doesn't allow additional properties. Indeed, if you use strict: true when validating incoming params against a schema, you can assume that you don't need to recheck (the real issue is more: re-write at a different place) your params when using them into your rails CRUD controller (permitted params)

The issue comes when you don't want to raise an error if extra params are given, but you still want to "extract" only the "permitted" (or in the JSON schema case the "described") params

I see here https://www.rubydoc.info/gems/json-schema/2.4.1#Validate_a_JSON_object_against_a_JSON_schema_object__while_inserting_default_values_from_the_schema
That some options are modifying the given data to check.

Could it be a good idea to provide a new option such as remove_additional_properties: true that would remove the non "described" properties (not present in the json schema) if the data end up being valid against the tested schema

This could solve the issue :

  • you don't raise error if extra params are given
  • you can use the validated params as is, because you removed extra non described (unwanted) properties
schema = {
  "type" => "object",
  "required" => ["a", "b"],
  "properties" => {
    "a" => {"type" => "integer"},
    "b" => {
      "type" => "object",
      "required" => ["d"],
      "properties": {
        "d" => {"type" => "integer"},
      },
      "additionalProperties": false,
  }
}


JSON::Validator.validate(schema, data)
# true # valid but no modification in data
# data = {
#  "a" => 5,
#   "b" => {
#     "d" => 2
#   },
#   "j" => "woops"
# }

JSON::Validator.validate(schema, data, :remove_additional_properties => true)
# true # valid and we removed "non described" additional param
# data = { 
#  "a" => 5,
#   "b" => {
#     "d" => 2
#   },
# }

# If additional params are given where additionalParams is explicitly to false, an finite enum, or :strict option is used, it fails

data = {
  "a" => 5,
  "b" => {
    "d" => 2,
    "e" => "nope"
  },
}

JSON::Validator.validate(schema, data, :remove_additional_properties => true)
# false
# data = {
#  "a" => 5,
#   "b" => {
#     "d" => 2,
#     "e" => "nope",
#   },
# }

additionalProperties: false => raises an error and doesn't modify the data
additionalProperties: true => doesn't raises error and doesn't modify the data
additionalProperties: nil => doesn't raises error and modify the data
additionalProperties: [enum] => TBD (raises an error and doesn't modify the data OR doesn't raises error and remove additional keys that are not present in the additionalProperties enum) // preference for the first one
@ngouy ngouy changed the title Remove additional properties option to remove additional properties May 3, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ngouy