All input json api data are validated before proceeding

dynamiccast · Jul 11, 2016 · 2a06020 · 2a06020
1 parent f831dd7
commit 2a06020
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/lib/hook.js b/lib/hook.js
@@ -15,6 +15,7 @@ var BlueprintController = {
   , populate: require('./api/blueprints/populate')
 };
 var JsonApiService = require('./api/services/JsonApiService');
+var jsonApiValidator = require('./context-aware-jsonapi-validator/validator');
 var responseOk = require('./api/responses/ok');
 var responseCreated = require('./api/responses/created');
 var responseNotFound = require('./api/responses/notFound');
@@ -137,9 +138,12 @@ module.exports = function(sails) {
           if (strncmp(controller[name]._middlewareType, "BLUEPRINT: ", "BLUEPRINT: ".length) === true) {
             controller[name] = function(req, res) {
 
-              if (req.method !== 'GET' && req.method !== 'DELETE' &&
-                  JsonApiService.validate(req.body) === false) {
-                return res.invalidJsonApi();
+              if (req.method === 'POST' || req.method === 'PATCH') {
+
+                var context = (req.method === 'POST') ? jsonApiValidator.CONTEXT_CREATE : jsonApiValidator.CONTEXT_UPDATE;
+
+                if (JsonApiService.validate(req.body, context) === false)
+                  return res.invalidJsonApi();
               }
 
               req.body = JsonApiService.deserialize(req.body);