fix: validate tuples for non-nil subject

ory · Sep 14, 2022 · a22dd19 · a22dd19
1 parent 96ff767
commit a22dd19
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/internal/relationtuple/transact_server.go b/internal/relationtuple/transact_server.go
@@ -111,6 +111,11 @@ func (h *handler) createRelation(w http.ResponseWriter, r *http.Request, _ httpr
 		return
 	}
 
+	if err := rt.Validate(); err != nil {
+		h.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithError(err.Error())))
+		return
+	}
+
 	h.d.Logger().WithFields(rt.ToLoggerFields()).Debug("creating relation tuple")
 
 	it, err := h.d.Mapper().FromTuple(ctx, &rt)
@@ -221,6 +226,11 @@ func (h *handler) patchRelationTuples(w http.ResponseWriter, r *http.Request, _
 			h.d.Writer().WriteError(w, r, herodot.ErrBadRequest.WithError("relation_tuple is missing"))
 			return
 		}
+		if err := d.RelationTuple.Validate(); err != nil {
+			h.d.Writer().WriteError(w, r, errors.WithStack(herodot.ErrBadRequest.WithError(err.Error())))
+			return
+		}
+
 		switch d.Action {
 		case ketoapi.ActionInsert, ketoapi.ActionDelete:
 		default:

diff --git a/ketoapi/public_api_definitions.go b/ketoapi/public_api_definitions.go
@@ -129,6 +129,13 @@ func (r *RelationTuple) ToLoggerFields() logrus.Fields {
 	return fields
 }
 
+func (r *RelationTuple) Validate() error {
+	if r.SubjectSet == nil && r.SubjectID == nil {
+		return ErrNilSubject
+	}
+	return nil
+}
+
 // swagger:enum ExpandNodeType
 type ExpandNodeType TreeNodeType