So I am trying to secure an API endpoint so only the user who owns an object can fetch details about that object.
The API is returning a 403 response, as well as a JSONAPI compliant json payload of:
{
"errors": [
{ "status": "403", "title": "Forbidden", "detail": "You are not authorized to access this resource" }
]
}
Great! So at this point I am trying to hook into the route's lifecycle to transition the user to the home page should they try and look at a resource that belongs to someone else.
https://www.emberjs.com/api/ember-data/release/classes/DS.AdapterError implies this is as simple as adding an error action to the route and doing whatever to handle it.
//routes/my-resource.js
export default Route.extend({
model(params) {
this.store.findRecord('my-resource', params.id)
}
});
//routes/application.js
export default Route.extend(ApplicationRouteMixin, {
actions: {
error(error, transition) {
debugger
}
}
});
I never hit this debugger, because the error action is never called. I have tried it at the application route level and the specific route level. Instead the route loads as normal, but there is a generic Ember Error (pasted below) in the console, and obviously the resource is not in the store.
I'm somewhat at a loss of what to try. I hooked into handleResponse at the adapter level and tried manually emitting the DS.ForbiddenError, but the route still does not call the error hook.
Uncaught ErrorClass {isAdapterError: true, stack: "Error: Ember Data Request GET /api/my-resource… (http://localhost:4200/assets/vendor.js:3609:31)", description: undefined, fileName: undefined, lineNumber: undefined, …}code: undefineddescription: undefinederrors: [{…}]fileName: undefinedisAdapterError: truelineNumber: undefinedmessage: "Ember Data Request GET /api/my-resource/2 returned a 403↵Payload (Empty Content-Type)↵[object Object]"name: "Error"number: undefinedstack: "Error: Ember Data Request GET /api/my-resource/2 returned a 403↵Payload (Empty Content-Type)↵[object Object]↵ at ErrorClass.EmberError (http://localhost:4200/assets/vendor.js:13638:31)↵ at ErrorClass.AdapterError (http://localhost:4200/assets/vendor.js:90664:17)↵ at new ErrorClass (http://localhost:4200/assets/vendor.js:90682:24)↵ at Class.handleResponse (http://localhost:4200/assets/vendor.js:103063:18)↵ at Class.handleResponse (http://localhost:4200/assets/vendor.js:110305:19)↵ at Class.superWrapper [as handleResponse] (http://localhost:4200/assets/vendor.js:53436:28)↵ at ajaxError (http://localhost:4200/assets/vendor.js:103345:25)↵ at ajaxErrorHandler (http://localhost:4200/assets/vendor.js:103372:12)↵ at Class.hash.error (http://localhost:4200/assets/vendor.js:103140:23)↵ at fire (http://localhost:4200/assets/vendor.js:3609:31)"__proto__: EmberError
onerrorDefault @ rsvp.js:24
trigger @ rsvp.js:66
(anonymous) @ rsvp.js:886
invoke @ backburner.js:247
flush @ backburner.js:167
flush @ backburner.js:326
_end @ backburner.js:748
end @ backburner.js:513
_run @ backburner.js:793
_join @ backburner.js:769
join @ backburner.js:567
join @ index.js:164
hash.error @ rest.js:880
fire @ jquery.js:3268
fireWith @ jquery.js:3398
done @ jquery.js:9307
(anonymous) @ jquery.js:9548
load (async)
send @ jquery.js:9567
ajax @ jquery.js:9206
_ajaxRequest @ rest.js:893
_ajax @ rest.js:913
(anonymous) @ rest.js:883
initializePromise @ rsvp.js:397
Promise @ rsvp.js:877
ajax @ rest.js:873
findRecord @ rest.js:436
Ember.RSVP.Promise.resolve.then @ -private.js:9195
tryCatcher @ rsvp.js:200
invokeCallback @ rsvp.js:372
(anonymous) @ rsvp.js:436
(anonymous) @ rsvp.js:14
invoke @ backburner.js:247
flush @ backburner.js:167
flush @ backburner.js:326
_end @ backburner.js:748
end @ backburner.js:513
_run @ backburner.js:793
_join @ backburner.js:769
join @ backburner.js:567
join @ index.js:164
(anonymous) @ index.js:265
mightThrow @ jquery.js:3534
process @ jquery.js:3602
setTimeout (async)
(anonymous) @ jquery.js:3640
fire @ jquery.js:3268
fireWith @ jquery.js:3398
fire @ jquery.js:3406
fire @ jquery.js:3268
fireWith @ jquery.js:3398
ready @ jquery.js:3878
completed @ jquery.js:3888
Aucun commentaire:
Enregistrer un commentaire