Merge pull request #124 from holidayextras/disable-unwanted-actions

Prevent crash when requesting unavailable functionality
holidayextras · May 16, 2016 · 9af79cb · 9af79cb
2 parents 67a311c + 21dc309
commit 9af79cb
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 0 deletions.
diff --git a/example/handlers/photoHandler.js b/example/handlers/photoHandler.js
@@ -2,3 +2,4 @@
 var jsonApi = require("../..");
 
 module.exports = new jsonApi.MemoryHandler();
+module.exports.delete = null;
diff --git a/lib/handlerEnforcer.js b/lib/handlerEnforcer.js
@@ -18,6 +18,7 @@ handlerEnforcer._wrapHandler = function(handlers, operation, outCount) {
   }
 
   var original = handlers[operation];
+  if (!original) return null;
   return function() {
     var argsIn = Array.prototype.slice.call(arguments);
     var requestParams = argsIn[0].params;

diff --git a/test/unavailableFunctions.js b/test/unavailableFunctions.js
@@ -0,0 +1,32 @@
+"use strict";
+var request = require("request");
+var assert = require("assert");
+var helpers = require("./helpers.js");
+var jsonApiTestServer = require("../example/server.js");
+
+
+describe("Testing jsonapi-server", function() {
+  describe("unavailable functions", function() {
+    it("responds with a clear error", function(done) {
+      var data = {
+        method: "delete",
+        url: "http://localhost:16006/rest/photos/14"
+      };
+      request(data, function(err, res, json) {
+        assert.equal(err, null);
+        json = helpers.validateError(json);
+        assert.equal(res.statusCode, "403", "Expecting 403");
+        assert.equal(json.errors[0].detail, "The requested resource 'photos' does not support 'delete'");
+
+        done();
+      });
+    });
+  });
+
+  before(function() {
+    jsonApiTestServer.start();
+  });
+  after(function() {
+    jsonApiTestServer.close();
+  });
+});