Merge pull request #888 from Petesta/whitelist-all-exceptions

Add configuration option to whitelist all exceptions.

Author: lgebhardt

.gitignore

@@ -1,5 +1,6 @@
 *.gem
 *.rbc
+*.sw*
 .bundle
 .config
 .yardoc
@@ -19,4 +20,4 @@ tmp
 coverage
 test/log
 test_db
-test_db-journal
+test_db-journal

README.md

@@ -2099,6 +2099,10 @@ JSONAPI.configure do |config|
   # Subclasses of the whitelisted classes will also be whitelisted.
   config.exception_class_whitelist = []
 
+  # If enabled, will override configuration option `exception_class_whitelist`
+  # and whitelist all exceptions.
+  config.whitelist_all_exceptions = false
+
   # Resource Linkage
   # Controls the serialization of resource linkage for non compound documents
   # NOTE: always_include_to_many_linkage_data is not currently implemented

lib/jsonapi/configuration.rb

@@ -24,6 +24,7 @@ class Configuration
                 :allow_transactions,
                 :include_backtraces_in_errors,
                 :exception_class_whitelist,
+                :whitelist_all_exceptions,
                 :always_include_to_one_linkage_data,
                 :always_include_to_many_linkage_data,
                 :cache_formatters,
@@ -81,6 +82,10 @@ def initialize
       # the `Pundit::NotAuthorizedError` to the `exception_class_whitelist`.
       self.exception_class_whitelist = []
 
+      # If enabled, will override configuration option `exception_class_whitelist`
+      # and whitelist all exceptions.
+      self.whitelist_all_exceptions = false
+
       # Resource Linkage
       # Controls the serialization of resource linkage for non compound documents
       # NOTE: always_include_to_many_linkage_data is not currently implemented
@@ -188,7 +193,8 @@ def route_formatter
     end
 
     def exception_class_whitelisted?(e)
-      @exception_class_whitelist.flatten.any? { |k| e.class.ancestors.map(&:to_s).include?(k.to_s) }
+      @whitelist_all_exceptions ||
+        @exception_class_whitelist.flatten.any? { |k| e.class.ancestors.map(&:to_s).include?(k.to_s) }
     end
 
     def default_processor_klass=(default_processor_klass)
@@ -221,6 +227,8 @@ def default_processor_klass=(default_processor_klass)
 
     attr_writer :exception_class_whitelist
 
+    attr_writer :whitelist_all_exceptions
+
     attr_writer :always_include_to_one_linkage_data
 
     attr_writer :always_include_to_many_linkage_data

test/controllers/controller_test.rb

@@ -90,6 +90,20 @@ def test_exception_class_whitelist
     JSONAPI.configuration.exception_class_whitelist = original_whitelist
   end
 
+  def test_whitelist_all_exceptions
+    original_config = JSONAPI.configuration.whitelist_all_exceptions
+    $PostProcessorRaisesErrors = true
+    assert_cacheable_get :index
+    assert_response 500
+
+    JSONAPI.configuration.whitelist_all_exceptions = true
+    assert_cacheable_get :index
+    assert_response 403
+  ensure
+    $PostProcessorRaisesErrors = false
+    JSONAPI.configuration.whitelist_all_exceptions = original_config
+  end
+
   def test_exception_includes_backtrace_when_enabled
     original_config = JSONAPI.configuration.include_backtraces_in_errors
     $PostProcessorRaisesErrors = true