fix: Ensure RequestValidator validates resource relationships

doublevoid · jkeen · commit ddb5ad2b6933 · 2026-03-18T12:31:59.000-05:00
* unknown_relationship -&gt; invalid_relationship
diff --git a/lib/graphiti/request_validators/validator.rb b/lib/graphiti/request_validators/validator.rb
@@ -49,6 +49,13 @@ def deserialized_payload
       private
 
       def process_relationships(resource, relationships, payload_path)
+        relationships.each_key do |name|
+          unless resource.class.sideload(name.to_sym)
+            full_key = fully_qualified_key(name, payload_path, :relationships)
+            @errors.add(full_key, :invalid_relationship, message: "is not a valid relationship")
+          end
+        end
+
         opts = {
           resource: resource,
           relationships: relationships
diff --git a/spec/request_validator_spec.rb b/spec/request_validator_spec.rb
@@ -317,6 +317,76 @@ def self.name
           end
         end
       end
+
+      context "when the payload contains unknown relationships" do
+        let(:payload) do
+          {
+            data: {
+              type: "employees",
+              attributes: {first_name: "Jane"},
+              relationships: {
+                pets: {
+                  data: {type: "pets", id: "1", method: "update"}
+                }
+              }
+            },
+            included: [
+              {
+                type: "pets",
+                id: "1",
+                attributes: {name: "mel"}
+              }
+            ]
+          }
+        end
+
+        it "has an unknown relationship error" do
+          expect(validate).to eq false
+          expect(instance.errors).to be_added(:'data.relationships.pets', :invalid_relationship)
+        end
+
+        it "raises InvalidRequest when using validate!" do
+          expect {
+            instance.validate!
+          }.to raise_error(Graphiti::Errors::InvalidRequest)
+        end
+      end
+
+      context "when the payload contains a valid relationship" do
+        before do
+          root_resource_class.has_many :positions, resource: nested_resource_class
+        end
+
+        let(:payload) do
+          {
+            data: {
+              type: "employees",
+              attributes: {first_name: "Jane"},
+              relationships: {
+                positions: {
+                  data: [{
+                    'temp-id': "abc123",
+                    type: "positions",
+                    method: "create"
+                  }]
+                }
+              }
+            },
+            included: [
+              {
+                'temp-id': "abc123",
+                type: "positions",
+                attributes: {title: "foo"}
+              }
+            ]
+          }
+        end
+
+        it "validates correctly" do
+          expect(validate).to eq true
+          expect(instance.errors).to be_blank
+        end
+      end
     end
   end
 
