Move checks for blocked fields into parsers: this simplifies the API shape of parsers, making it easier to use them directly from external code

bkoelman · bkoelman · commit cb5bf11cd2ad · 2023-06-16T11:01:01.000+02:00
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/FilterParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/FilterParser.cs
@@ -15,18 +15,15 @@ public class FilterParser : QueryExpressionParser
 {
     private readonly IResourceFactory _resourceFactory;
     private readonly IEnumerable<IFilterValueConverter> _filterValueConverters;
-    private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;
     private ResourceType? _resourceTypeInScope;
 
-    public FilterParser(IResourceFactory resourceFactory, IEnumerable<IFilterValueConverter> filterValueConverters,
-        Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)
+    public FilterParser(IResourceFactory resourceFactory, IEnumerable<IFilterValueConverter> filterValueConverters)
     {
         ArgumentGuard.NotNull(resourceFactory);
         ArgumentGuard.NotNull(filterValueConverters);
 
         _resourceFactory = resourceFactory;
         _filterValueConverters = filterValueConverters;
-        _validateSingleFieldCallback = validateSingleFieldCallback;
     }
 
     public FilterExpression Parse(string source, ResourceType resourceTypeInScope)
@@ -519,29 +516,37 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st
     {
         if (chainRequirements == FieldChainRequirements.EndsInToMany)
         {
-            return ChainResolver.ResolveToOneChainEndingInToMany(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled,
-                _validateSingleFieldCallback);
+            return ChainResolver.ResolveToOneChainEndingInToMany(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled, ValidateSingleField);
         }
 
         if (chainRequirements == FieldChainRequirements.EndsInAttribute)
         {
             return ChainResolver.ResolveToOneChainEndingInAttribute(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled,
-                _validateSingleFieldCallback);
+                ValidateSingleField);
         }
 
         if (chainRequirements == FieldChainRequirements.EndsInToOne)
         {
-            return ChainResolver.ResolveToOneChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);
+            return ChainResolver.ResolveToOneChain(_resourceTypeInScope!, path, ValidateSingleField);
         }
 
         if (chainRequirements.HasFlag(FieldChainRequirements.EndsInAttribute) && chainRequirements.HasFlag(FieldChainRequirements.EndsInToOne))
         {
-            return ChainResolver.ResolveToOneChainEndingInAttributeOrToOne(_resourceTypeInScope!, path, _validateSingleFieldCallback);
+            return ChainResolver.ResolveToOneChainEndingInAttributeOrToOne(_resourceTypeInScope!, path, ValidateSingleField);
         }
 
         throw new InvalidOperationException($"Unexpected combination of chain requirement flags '{chainRequirements}'.");
     }
 
+    protected override void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
+    {
+        if (field.IsFilterBlocked())
+        {
+            string kind = field is AttrAttribute ? "attribute" : "relationship";
+            throw new QueryParseException($"Filtering on {kind} '{field.PublicName}' is not allowed.");
+        }
+    }
+
     private TResult InScopeOfResourceType<TResult>(ResourceType resourceType, Func<TResult> action)
     {
         ResourceType? backupType = _resourceTypeInScope;
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/PaginationParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/PaginationParser.cs
@@ -9,14 +9,8 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;
 [PublicAPI]
 public class PaginationParser : QueryExpressionParser
 {
-    private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;
     private ResourceType? _resourceTypeInScope;
 
-    public PaginationParser(Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)
-    {
-        _validateSingleFieldCallback = validateSingleFieldCallback;
-    }
-
     public PaginationQueryStringValueExpression Parse(string source, ResourceType resourceTypeInScope)
     {
         ArgumentGuard.NotNull(resourceTypeInScope);
@@ -104,6 +98,6 @@ protected PaginationElementQueryStringValueExpression ParsePaginationElement()
 
     protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(string path, FieldChainRequirements chainRequirements)
     {
-        return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);
+        return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path);
     }
 }
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/QueryExpressionParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/QueryExpressionParser.cs
@@ -1,6 +1,7 @@
 using System.Collections.Immutable;
 using System.Text;
 using JetBrains.Annotations;
+using JsonApiDotNetCore.Configuration;
 using JsonApiDotNetCore.Queries.Expressions;
 using JsonApiDotNetCore.Resources.Annotations;
 
@@ -24,6 +25,10 @@ public abstract class QueryExpressionParser
     /// </summary>
     protected abstract IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(string path, FieldChainRequirements chainRequirements);
 
+    protected virtual void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
+    {
+    }
+
     protected virtual void Tokenize(string source)
     {
         var tokenizer = new QueryTokenizer(source);
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/QueryStringParameterScopeParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/QueryStringParameterScopeParser.cs
@@ -10,14 +10,11 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;
 public class QueryStringParameterScopeParser : QueryExpressionParser
 {
     private readonly FieldChainRequirements _chainRequirements;
-    private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;
     private ResourceType? _resourceTypeInScope;
 
-    public QueryStringParameterScopeParser(FieldChainRequirements chainRequirements,
-        Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)
+    public QueryStringParameterScopeParser(FieldChainRequirements chainRequirements)
     {
         _chainRequirements = chainRequirements;
-        _validateSingleFieldCallback = validateSingleFieldCallback;
     }
 
     public QueryStringParameterScopeExpression Parse(string source, ResourceType resourceTypeInScope)
@@ -63,12 +60,12 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st
         if (chainRequirements == FieldChainRequirements.EndsInToMany)
         {
             // The mismatch here (ends-in-to-many being interpreted as entire-chain-must-be-to-many) is intentional.
-            return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);
+            return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path);
         }
 
         if (chainRequirements == FieldChainRequirements.IsRelationship)
         {
-            return ChainResolver.ResolveRelationshipChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);
+            return ChainResolver.ResolveRelationshipChain(_resourceTypeInScope!, path);
         }
 
         throw new InvalidOperationException($"Unexpected combination of chain requirement flags '{chainRequirements}'.");
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/SortParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/SortParser.cs
@@ -9,14 +9,8 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;
 [PublicAPI]
 public class SortParser : QueryExpressionParser
 {
-    private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;
     private ResourceType? _resourceTypeInScope;
 
-    public SortParser(Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)
-    {
-        _validateSingleFieldCallback = validateSingleFieldCallback;
-    }
-
     public SortExpression Parse(string source, ResourceType resourceTypeInScope)
     {
         ArgumentGuard.NotNull(resourceTypeInScope);
@@ -107,9 +101,17 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st
         if (chainRequirements == FieldChainRequirements.EndsInAttribute)
         {
             return ChainResolver.ResolveToOneChainEndingInAttribute(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.RequireSingleMatch,
-                _validateSingleFieldCallback);
+                ValidateSingleField);
         }
 
         throw new InvalidOperationException($"Unexpected combination of chain requirement flags '{chainRequirements}'.");
     }
+
+    protected override void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
+    {
+        if (field is AttrAttribute attribute && !attribute.Capabilities.HasFlag(AttrCapabilities.AllowSort))
+        {
+            throw new QueryParseException($"Sorting on attribute '{attribute.PublicName}' is not allowed.");
+        }
+    }
 }
diff --git a/src/JsonApiDotNetCore/Queries/Internal/Parsing/SparseFieldSetParser.cs b/src/JsonApiDotNetCore/Queries/Internal/Parsing/SparseFieldSetParser.cs
@@ -9,14 +9,8 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;
 [PublicAPI]
 public class SparseFieldSetParser : QueryExpressionParser
 {
-    private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;
     private ResourceType? _resourceType;
 
-    public SparseFieldSetParser(Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)
-    {
-        _validateSingleFieldCallback = validateSingleFieldCallback;
-    }
-
     public SparseFieldSetExpression? Parse(string source, ResourceType resourceType)
     {
         ArgumentGuard.NotNull(resourceType);
@@ -55,8 +49,17 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st
     {
         ResourceFieldAttribute field = ChainResolver.GetField(path, _resourceType!, path);
 
-        _validateSingleFieldCallback?.Invoke(field, _resourceType!, path);
+        ValidateSingleField(field, _resourceType!, path);
 
         return ImmutableArray.Create(field);
     }
+
+    protected override void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
+    {
+        if (field.IsViewBlocked())
+        {
+            string kind = field is AttrAttribute ? "attribute" : "relationship";
+            throw new QueryParseException($"Retrieving the {kind} '{field.PublicName}' is not allowed.");
+        }
+    }
 }
diff --git a/src/JsonApiDotNetCore/QueryStrings/Internal/FilterQueryStringParameterReader.cs b/src/JsonApiDotNetCore/QueryStrings/Internal/FilterQueryStringParameterReader.cs
@@ -8,7 +8,6 @@
 using JsonApiDotNetCore.Queries.Expressions;
 using JsonApiDotNetCore.Queries.Internal.Parsing;
 using JsonApiDotNetCore.Resources;
-using JsonApiDotNetCore.Resources.Annotations;
 using Microsoft.Extensions.Primitives;
 
 namespace JsonApiDotNetCore.QueryStrings.Internal;
@@ -24,8 +23,6 @@ public class FilterQueryStringParameterReader : QueryStringParameterReader, IFil
     private readonly ImmutableArray<FilterExpression>.Builder _filtersInGlobalScope = ImmutableArray.CreateBuilder<FilterExpression>();
     private readonly Dictionary<ResourceFieldChainExpression, ImmutableArray<FilterExpression>.Builder> _filtersPerScope = new();
 
-    private string? _lastParameterName;
-
     public bool AllowEmptyValue => false;
 
     public FilterQueryStringParameterReader(IJsonApiRequest request, IResourceGraph resourceGraph, IResourceFactory resourceFactory, IJsonApiOptions options,
@@ -37,18 +34,7 @@ public FilterQueryStringParameterReader(IJsonApiRequest request, IResourceGraph
 
         _options = options;
         _scopeParser = new QueryStringParameterScopeParser(FieldChainRequirements.EndsInToMany);
-        _filterParser = new FilterParser(resourceFactory, filterValueConverters, ValidateSingleField);
-    }
-
-    protected void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
-    {
-        if (field.IsFilterBlocked())
-        {
-            string kind = field is AttrAttribute ? "attribute" : "relationship";
-
-            throw new InvalidQueryStringParameterException(_lastParameterName!, $"Filtering on the requested {kind} is not allowed.",
-                $"Filtering on {kind} '{field.PublicName}' is not allowed.");
-        }
+        _filterParser = new FilterParser(resourceFactory, filterValueConverters);
     }
 
     /// <inheritdoc />
@@ -71,8 +57,6 @@ public virtual bool CanRead(string parameterName)
     /// <inheritdoc />
     public virtual void Read(string parameterName, StringValues parameterValue)
     {
-        _lastParameterName = parameterName;
-
         foreach (string value in parameterValue.SelectMany(ExtractParameterValue))
         {
             ReadSingleValue(parameterName, value);
@@ -116,7 +100,7 @@ private void ReadSingleValue(string parameterName, string parameterValue)
         }
         catch (QueryParseException exception)
         {
-            throw new InvalidQueryStringParameterException(_lastParameterName!, "The specified filter is invalid.", exception.Message, exception);
+            throw new InvalidQueryStringParameterException(parameterName, "The specified filter is invalid.", exception.Message, exception);
         }
     }
 
diff --git a/src/JsonApiDotNetCore/QueryStrings/Internal/SortQueryStringParameterReader.cs b/src/JsonApiDotNetCore/QueryStrings/Internal/SortQueryStringParameterReader.cs
@@ -6,7 +6,6 @@
 using JsonApiDotNetCore.Queries;
 using JsonApiDotNetCore.Queries.Expressions;
 using JsonApiDotNetCore.Queries.Internal.Parsing;
-using JsonApiDotNetCore.Resources.Annotations;
 using Microsoft.Extensions.Primitives;
 
 namespace JsonApiDotNetCore.QueryStrings.Internal;
@@ -17,24 +16,14 @@ public class SortQueryStringParameterReader : QueryStringParameterReader, ISortQ
     private readonly QueryStringParameterScopeParser _scopeParser;
     private readonly SortParser _sortParser;
     private readonly List<ExpressionInScope> _constraints = new();
-    private string? _lastParameterName;
 
     public bool AllowEmptyValue => false;
 
     public SortQueryStringParameterReader(IJsonApiRequest request, IResourceGraph resourceGraph)
         : base(request, resourceGraph)
     {
         _scopeParser = new QueryStringParameterScopeParser(FieldChainRequirements.EndsInToMany);
-        _sortParser = new SortParser(ValidateSingleField);
-    }
-
-    protected void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
-    {
-        if (field is AttrAttribute attribute && !attribute.Capabilities.HasFlag(AttrCapabilities.AllowSort))
-        {
-            throw new InvalidQueryStringParameterException(_lastParameterName!, "Sorting on the requested attribute is not allowed.",
-                $"Sorting on attribute '{attribute.PublicName}' is not allowed.");
-        }
+        _sortParser = new SortParser();
     }
 
     /// <inheritdoc />
@@ -57,8 +46,6 @@ public virtual bool CanRead(string parameterName)
     /// <inheritdoc />
     public virtual void Read(string parameterName, StringValues parameterValue)
     {
-        _lastParameterName = parameterName;
-
         try
         {
             ResourceFieldChainExpression? scope = GetScope(parameterName);
diff --git a/src/JsonApiDotNetCore/QueryStrings/Internal/SparseFieldSetQueryStringParameterReader.cs b/src/JsonApiDotNetCore/QueryStrings/Internal/SparseFieldSetQueryStringParameterReader.cs
@@ -22,27 +22,14 @@ public class SparseFieldSetQueryStringParameterReader : QueryStringParameterRead
     private readonly ImmutableDictionary<ResourceType, SparseFieldSetExpression>.Builder _sparseFieldTableBuilder =
         ImmutableDictionary.CreateBuilder<ResourceType, SparseFieldSetExpression>();
 
-    private string? _lastParameterName;
-
     /// <inheritdoc />
     bool IQueryStringParameterReader.AllowEmptyValue => true;
 
     public SparseFieldSetQueryStringParameterReader(IJsonApiRequest request, IResourceGraph resourceGraph)
         : base(request, resourceGraph)
     {
         _sparseFieldTypeParser = new SparseFieldTypeParser(resourceGraph);
-        _sparseFieldSetParser = new SparseFieldSetParser(ValidateSingleField);
-    }
-
-    protected void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)
-    {
-        if (field.IsViewBlocked())
-        {
-            string kind = field is AttrAttribute ? "attribute" : "relationship";
-
-            throw new InvalidQueryStringParameterException(_lastParameterName!, $"Retrieving the requested {kind} is not allowed.",
-                $"Retrieving the {kind} '{field.PublicName}' is not allowed.");
-        }
+        _sparseFieldSetParser = new SparseFieldSetParser();
     }
 
     /// <inheritdoc />
@@ -64,8 +51,6 @@ public virtual bool CanRead(string parameterName)
     /// <inheritdoc />
     public virtual void Read(string parameterName, StringValues parameterValue)
     {
-        _lastParameterName = parameterName;
-
         try
         {
             ResourceType targetResourceType = GetSparseFieldType(parameterName);
diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/Filtering/FilterTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/Filtering/FilterTests.cs
@@ -84,7 +84,7 @@ public async Task Cannot_filter_on_attribute_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Filtering on the requested attribute is not allowed.");
+        error.Title.Should().Be("The specified filter is invalid.");
         error.Detail.Should().Be("Filtering on attribute 'dateOfBirth' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("filter");
@@ -106,7 +106,7 @@ public async Task Cannot_filter_on_ToMany_relationship_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Filtering on the requested relationship is not allowed.");
+        error.Title.Should().Be("The specified filter is invalid.");
         error.Detail.Should().Be("Filtering on relationship 'appointments' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("filter");
diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/Sorting/SortTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/Sorting/SortTests.cs
@@ -508,7 +508,7 @@ public async Task Cannot_sort_on_attribute_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Sorting on the requested attribute is not allowed.");
+        error.Title.Should().Be("The specified sort is invalid.");
         error.Detail.Should().Be("Sorting on attribute 'dateOfBirth' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("sort");
diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/SparseFieldSets/SparseFieldSetTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/QueryStrings/SparseFieldSets/SparseFieldSetTests.cs
@@ -736,7 +736,7 @@ public async Task Cannot_select_attribute_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Retrieving the requested attribute is not allowed.");
+        error.Title.Should().Be("The specified fieldset is invalid.");
         error.Detail.Should().Be("Retrieving the attribute 'password' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("fields[webAccounts]");
@@ -760,7 +760,7 @@ public async Task Cannot_select_ToOne_relationship_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Retrieving the requested relationship is not allowed.");
+        error.Title.Should().Be("The specified fieldset is invalid.");
         error.Detail.Should().Be("Retrieving the relationship 'person' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("fields[webAccounts]");
@@ -784,7 +784,7 @@ public async Task Cannot_select_ToMany_relationship_with_blocked_capability()
 
         ErrorObject error = responseDocument.Errors[0];
         error.StatusCode.Should().Be(HttpStatusCode.BadRequest);
-        error.Title.Should().Be("Retrieving the requested relationship is not allowed.");
+        error.Title.Should().Be("The specified fieldset is invalid.");
         error.Detail.Should().Be("Retrieving the relationship 'appointments' is not allowed.");
         error.Source.ShouldNotBeNull();
         error.Source.Parameter.Should().Be("fields[calendars]");

Original file line number	Diff line number	Diff line change
`@@ -15,18 +15,15 @@ public class FilterParser : QueryExpressionParser`
`15`	`15`	`{`
`16`	`16`	`private readonly IResourceFactory _resourceFactory;`
`17`	`17`	`private readonly IEnumerable<IFilterValueConverter> _filterValueConverters;`
`18`		`- private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;`
`19`	`18`	`private ResourceType? _resourceTypeInScope;`
`20`	`19`
`21`		`- public FilterParser(IResourceFactory resourceFactory, IEnumerable<IFilterValueConverter> filterValueConverters,`
`22`		`- Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)`
	`20`	`+ public FilterParser(IResourceFactory resourceFactory, IEnumerable<IFilterValueConverter> filterValueConverters)`
`23`	`21`	`{`
`24`	`22`	`ArgumentGuard.NotNull(resourceFactory);`
`25`	`23`	`ArgumentGuard.NotNull(filterValueConverters);`
`26`	`24`
`27`	`25`	`_resourceFactory = resourceFactory;`
`28`	`26`	`_filterValueConverters = filterValueConverters;`
`29`		`- _validateSingleFieldCallback = validateSingleFieldCallback;`
`30`	`27`	`}`
`31`	`28`
`32`	`29`	`public FilterExpression Parse(string source, ResourceType resourceTypeInScope)`
`@@ -519,29 +516,37 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st`
`519`	`516`	`{`
`520`	`517`	`if (chainRequirements == FieldChainRequirements.EndsInToMany)`
`521`	`518`	`{`
`522`		`- return ChainResolver.ResolveToOneChainEndingInToMany(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled,`
`523`		`- _validateSingleFieldCallback);`
	`519`	`+ return ChainResolver.ResolveToOneChainEndingInToMany(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled, ValidateSingleField);`
`524`	`520`	`}`
`525`	`521`
`526`	`522`	`if (chainRequirements == FieldChainRequirements.EndsInAttribute)`
`527`	`523`	`{`
`528`	`524`	`return ChainResolver.ResolveToOneChainEndingInAttribute(_resourceTypeInScope!, path, FieldChainInheritanceRequirement.Disabled,`
`529`		`- _validateSingleFieldCallback);`
	`525`	`+ ValidateSingleField);`
`530`	`526`	`}`
`531`	`527`
`532`	`528`	`if (chainRequirements == FieldChainRequirements.EndsInToOne)`
`533`	`529`	`{`
`534`		`- return ChainResolver.ResolveToOneChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);`
	`530`	`+ return ChainResolver.ResolveToOneChain(_resourceTypeInScope!, path, ValidateSingleField);`
`535`	`531`	`}`
`536`	`532`
`537`	`533`	`if (chainRequirements.HasFlag(FieldChainRequirements.EndsInAttribute) && chainRequirements.HasFlag(FieldChainRequirements.EndsInToOne))`
`538`	`534`	`{`
`539`		`- return ChainResolver.ResolveToOneChainEndingInAttributeOrToOne(_resourceTypeInScope!, path, _validateSingleFieldCallback);`
	`535`	`+ return ChainResolver.ResolveToOneChainEndingInAttributeOrToOne(_resourceTypeInScope!, path, ValidateSingleField);`
`540`	`536`	`}`
`541`	`537`
`542`	`538`	`throw new InvalidOperationException($"Unexpected combination of chain requirement flags '{chainRequirements}'.");`
`543`	`539`	`}`
`544`	`540`
	`541`	`+ protected override void ValidateSingleField(ResourceFieldAttribute field, ResourceType resourceType, string path)`
	`542`	`+ {`
	`543`	`+ if (field.IsFilterBlocked())`
	`544`	`+ {`
	`545`	`+ string kind = field is AttrAttribute ? "attribute" : "relationship";`
	`546`	`+ throw new QueryParseException($"Filtering on {kind} '{field.PublicName}' is not allowed.");`
	`547`	`+ }`
	`548`	`+ }`
	`549`	`+`
`545`	`550`	`private TResult InScopeOfResourceType<TResult>(ResourceType resourceType, Func<TResult> action)`
`546`	`551`	`{`
`547`	`552`	`ResourceType? backupType = _resourceTypeInScope;`
Original file line number	Diff line number	Diff line change
`@@ -9,14 +9,8 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;`
`9`	`9`	`[PublicAPI]`
`10`	`10`	`public class PaginationParser : QueryExpressionParser`
`11`	`11`	`{`
`12`		`- private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;`
`13`	`12`	`private ResourceType? _resourceTypeInScope;`
`14`	`13`
`15`		`- public PaginationParser(Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)`
`16`		`- {`
`17`		`- _validateSingleFieldCallback = validateSingleFieldCallback;`
`18`		`- }`
`19`		`-`
`20`	`14`	`public PaginationQueryStringValueExpression Parse(string source, ResourceType resourceTypeInScope)`
`21`	`15`	`{`
`22`	`16`	`ArgumentGuard.NotNull(resourceTypeInScope);`
`@@ -104,6 +98,6 @@ protected PaginationElementQueryStringValueExpression ParsePaginationElement()`
`104`	`98`
`105`	`99`	`protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(string path, FieldChainRequirements chainRequirements)`
`106`	`100`	`{`
`107`		`- return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);`
	`101`	`+ return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path);`
`108`	`102`	`}`
`109`	`103`	`}`
Original file line number	Diff line number	Diff line change
`@@ -10,14 +10,11 @@ namespace JsonApiDotNetCore.Queries.Internal.Parsing;`
`10`	`10`	`public class QueryStringParameterScopeParser : QueryExpressionParser`
`11`	`11`	`{`
`12`	`12`	`private readonly FieldChainRequirements _chainRequirements;`
`13`		`- private readonly Action<ResourceFieldAttribute, ResourceType, string>? _validateSingleFieldCallback;`
`14`	`13`	`private ResourceType? _resourceTypeInScope;`
`15`	`14`
`16`		`- public QueryStringParameterScopeParser(FieldChainRequirements chainRequirements,`
`17`		`- Action<ResourceFieldAttribute, ResourceType, string>? validateSingleFieldCallback = null)`
	`15`	`+ public QueryStringParameterScopeParser(FieldChainRequirements chainRequirements)`
`18`	`16`	`{`
`19`	`17`	`_chainRequirements = chainRequirements;`
`20`		`- _validateSingleFieldCallback = validateSingleFieldCallback;`
`21`	`18`	`}`
`22`	`19`
`23`	`20`	`public QueryStringParameterScopeExpression Parse(string source, ResourceType resourceTypeInScope)`
`@@ -63,12 +60,12 @@ protected override IImmutableList<ResourceFieldAttribute> OnResolveFieldChain(st`
`63`	`60`	`if (chainRequirements == FieldChainRequirements.EndsInToMany)`
`64`	`61`	`{`
`65`	`62`	`// The mismatch here (ends-in-to-many being interpreted as entire-chain-must-be-to-many) is intentional.`
`66`		`- return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);`
	`63`	`+ return ChainResolver.ResolveToManyChain(_resourceTypeInScope!, path);`
`67`	`64`	`}`
`68`	`65`
`69`	`66`	`if (chainRequirements == FieldChainRequirements.IsRelationship)`
`70`	`67`	`{`
`71`		`- return ChainResolver.ResolveRelationshipChain(_resourceTypeInScope!, path, _validateSingleFieldCallback);`
	`68`	`+ return ChainResolver.ResolveRelationshipChain(_resourceTypeInScope!, path);`
`72`	`69`	`}`
`73`	`70`
`74`	`71`	`throw new InvalidOperationException($"Unexpected combination of chain requirement flags '{chainRequirements}'.");`