Bug #13672
openPUTing protected attributes to /api/v2/hosts/:id results in 500 ISE
Description
JSON provided to API (a subset of what was given by a GET to /api/v2/hosts/:id):
{ "created_at": "2016-01-29 23:27:58 UTC", "updated_at": "2016-02-11 13:55:34 UTC", "id": 1, "interfaces": [{ "id": 1 }] }
The error:
{ "error": { "message": "Can't mass-assign protected attributes for Host::Managed: id, updated_at, created_at, interface_ids" } }
These protected attributes should be ignored rather than the API complaining about them being provided.
Ultimately, one should be able to provide the exact same JSON received from a GET on /api/v2/hosts/:id back as a PUT without errors.
Updated by Dominic Cleal over 8 years ago
Protected attributes are ignored in the prod environment, but raise errors in dev/test to pick up mistakes, so this seems to be working as intended.
The GET output from the API is not even close to be being compatible for use in a PUT - see #13527 etc.
Updated by Walden Raines over 8 years ago
Dominic Cleal wrote:
Protected attributes are ignored in the prod environment, but raise errors in dev/test to pick up mistakes, so this seems to be working as intended.
I'd argue that this is not working as intended. Protected attributes should be protected (i.e. ignored) and not rejected in both dev an prod.
Dominic Cleal wrote:
The GET output from the API is not even close to be being compatible for use in a PUT - see #13527 etc.
I believe this to be a reasonable expectation and the fact that this API rejects my request because I included attributes that were provided to me via a GET is a bug.
Updated by Dominic Cleal about 8 years ago
- Related to Bug #13759: 500 when attempting to update a host added