Verify filters that are passed to show_related_resources (#971)

(cherry picked from commit 2480458)

Author: hidde-jan

lib/jsonapi/processor.rb

@@ -166,9 +166,10 @@ def show_related_resources
       include_directives = params[:include_directives]
 
       source_resource ||= source_klass.find_by_key(source_id, context: context, fields: fields)
+      verified_filters = resource_klass.verify_filters(filters, context)
 
       rel_opts = {
-        filters:  filters,
+        filters:  verified_filters,
         sort_criteria: sort_criteria,
         paginator: paginator,
         fields: fields,

lib/jsonapi/resource.rb

@@ -808,6 +808,9 @@ def records(_options = {})
 
       def verify_filters(filters, context = nil)
         verified_filters = {}
+
+        return verified_filters if filters.nil?
+
         filters.each do |filter, raw_value|
           verified_filter = verify_filter(filter, raw_value, context)
           verified_filters[verified_filter[0]] = verified_filter[1]

test/controllers/controller_test.rb

@@ -2438,6 +2438,17 @@ def test_invalid_filter_value
     assert_response :bad_request
   end
 
+  def test_invalid_filter_value_for_get_related_resources
+    assert_cacheable_get :get_related_resources, params: {
+          hair_cut_id: 1,
+          relationship: 'people',
+          source: 'hair_cuts',
+          filter: {name: 'L'}
+        }
+
+    assert_response :bad_request
+  end
+
   def test_valid_filter_value
     assert_cacheable_get :index, params: {filter: {name: 'Joe Author'}}
     assert_response :success

test/fixtures/active_record.rb

@@ -394,6 +394,7 @@ class Section < ActiveRecord::Base
 end
 
 class HairCut < ActiveRecord::Base
+  has_many :people
 end
 
 class Property < ActiveRecord::Base

test/test_helper.rb

@@ -229,6 +229,7 @@ class CatResource < JSONAPI::Resource
   jsonapi_resources :comments
   jsonapi_resources :firms
   jsonapi_resources :tags
+  jsonapi_resources :hair_cuts
   jsonapi_resources :posts do
     jsonapi_relationships
     jsonapi_links :special_tags