500 error when including relationship name in attributes hash

[arcreative]

Say I have a record post that has_one author... Including author in the attributes hash instead of the relationships hash causes jsonapi-resources to 500 with the following:

Internal Server Error: no implicit conversion of nil into Hash /Users/adam/.rvm/gems/ruby-2.2.3/gems/jsonapi-resources-0.7.0/lib/jsonapi/resource.rb:683:in `merge'

My guess is because this is a valid relationship name, but is not a valid attribute.

[mmartinson]

It sounds like you'd been trying to associate resources using attributes fields that you had listed as relationships but not explicitly as attributes in the resource? The preferred JSONAPI compliant way to do this is using the relationships data.

If you need to get around the spec for some atypical use case you can set the relationship name as an attribute and use a custom setter in the resource to assume control before JR tries to make the association. I would strongly recommend, however, not doing this unless you absolutely need to, because designing your app like this can be a slippery slope leading to pain.

Does that help? Anything missing?

[arcreative]

I'm not trying to do that, but pointing out that it shouldn't return a 500 and should probably return a 422 or 400. I found this when using a naïve serializer on my frontend that was adding scalar values to the attributes hash, (the original logic was that all scalars are attributes and all objects/arrays are relationships, but this doesn't hold true when you're removing/setting a relationship back to null).

While technically the frontend was serializing incorrectly, I feel like it should be handled as an illegal attribute instead of crashing with a 500 error, sans validation message. I haven't looked at the code since I posted this, but it appears that it allows relationship names as valid attribute names, and I feel this logic is incorrect. It should filter attributes on defined attributes, and relationships on defined relationships, and the two should be kept separate.

[mmartinson]

Ya I agree. That is worth cleaning up.

[lgebhardt]

I haven't tried to duplicate this, but it makes sense that you would get the error you are. I'm not sure it warrants custom code to prevent this scenario as it should be found in development. As @mmartinson mentions it is possible to have an attribute named after the model relationship if you use a custom getter/setter on the resource. For example you may not want to expose the AuthorResource and just display the Author's name as an Author attribute.

[arcreative]

I respectfully disagree... It's not a development issue, it's a gem issue. If you're trying to set an attribute with the same name as a relationship, it should give a 400 or 422, as it's not a valid attribute. It's a relationship, and cannot be handled as an attribute. jsonapi-resources doesn't recognize this properly, and tries to handle it improperly, resulting in a 500 error.

This is admittedly edge-casey, but I'm of the opinion that jsonapi-resources should never return a 500, especially if the mistake is a reasonable one.

[arcreative]

The getter/setter use-case makes sense, but in that case, I feel like JR would then know that they exist, and thus would accept them as valid attributes instead of relationships.