Ensure delete_action_handler always raises a not found for single res…

…ources https://bugzilla.redhat.com/show_bug.cgi?id=1476869
ManageIQ · Nov 7, 2017 · 7d229d3 · 7d229d3
1 parent 73efb39
commit 7d229d3
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/app/controllers/api/base_controller/results.rb b/app/controllers/api/base_controller/results.rb
@@ -6,11 +6,15 @@ module Results
       def delete_action_handler
         yield
       rescue ActiveRecord::RecordNotFound => err
-        @req.method == :delete || @req.json_body.key?('resource') ? raise(err) : action_result(false, err.to_s)
+        single_resource? ? raise(err) : action_result(false, err.to_s)
       rescue => err
         action_result(false, err.to_s)
       end
 
+      def single_resource?
+        @req.method == :delete || !@req.json_body.key?('resources')
+      end
+
       def action_result(success, message = nil, options = {})
         res = {:success => success}
         res[:message] = message if message.present?

diff --git a/spec/requests/authentications_spec.rb b/spec/requests/authentications_spec.rb
@@ -79,6 +79,14 @@
       expect(response).to have_http_status(:ok)
     end
 
+    it 'raises a not found for nonexistent authentication' do
+      api_basic_authorize collection_action_identifier(:authentications, :delete, :post)
+
+      post(api_authentication_url(nil, 0), :params => { :action => 'delete' })
+
+      expect(response).to have_http_status(:not_found)
+    end
+
     it 'verifies that the type is supported' do
       api_basic_authorize collection_action_identifier(:authentications, :delete, :post)
       auth = FactoryGirl.create(:authentication)