All tests are passing, but they are probably wrong anyway.

Author: Colton Provias

sqlalchemy_jsonapi/serializer.py

@@ -744,10 +744,13 @@ def get_relationship(self, session, query, model, resource, relationship):
                                RelationshipActions.GET)(resource)
 
         if relationship.direction == MANYTOONE:
-            try:
-                response.data['data'] = self._render_short_instance(related)
-            except PermissionDeniedError:
+            if related == None:
                 response.data['data'] = None
+            else:
+                try:
+                    response.data['data'] = self._render_short_instance(related)
+                except PermissionDeniedError:
+                    response.data['data'] = None
         else:
             response.data['data'] = []
             for item in related:
@@ -824,12 +827,16 @@ def patch_relationship(self, session, json_data, model, resource,
                                                      item['type'],
                                                      item['id'],
                                                      Permissions.EDIT)
-                    remote = item.__mapper__.relationships[remote_side]
+                    remote = to_relate.__mapper__.relationships[remote_side]
 
                     if remote.direction == MANYTOONE:
-                        check_permission(item, remote_side, Permissions.EDIT)
+                        check_permission(to_relate,
+                                         remote_side,
+                                         Permissions.EDIT)
                     else:
-                        check_permission(item, remote_side, Permissions.CREATE)
+                        check_permission(to_relate,
+                                         remote_side,
+                                         Permissions.CREATE)
                     appender(resource, to_relate)
             session.commit()
         except KeyError:
@@ -911,8 +918,11 @@ def patch_resource(self, session, json_data, model, resource):
             session.rollback()
             raise ValidationError(str(e.orig))
         except AssertionError as e:
+            session.rollback()
             raise ValidationError(e.msg)
-
+        except TypeError as e:
+            session.rollback()
+            raise ValidationError('Incompatible data type')
         return self.get_resource(
             session,
             {},
@@ -1046,7 +1056,11 @@ def post_collection(self, session, data, model):
             session.rollback()
             raise ValidationError(str(e.orig))
         except AssertionError as e:
+            session.rollback()
             raise ValidationError(e.msg)
+        except TypeError as e:
+            session.rollback()
+            raise ValidationError('In compatible data type')
         session.refresh(resource)
         response = self.get_resource(
             session,
@@ -1090,7 +1104,7 @@ def post_relationship(self, session, json_data, model, resource,
                         '{} must be an array'.format(relationship.key))
 
                 for item in json_data['data']:
-                    if not {'type', 'id'} in set(item.keys()):
+                    if {'type', 'id'} != set(item.keys()):
                             raise BadRequestError(
                                 '{} must have type and id keys'
                                 .format(relationship.key))
@@ -1120,11 +1134,12 @@ def post_relationship(self, session, json_data, model, resource,
         except KeyError:
             raise ValidationError('Incompatible type provided')
 
-        return self.get_resource(
+        return self.get_relationship(
             session,
             {},
             {
                 'api_type': model.__jsonapi_type__,
-                'obj_id': resource.id
+                'obj_id': resource.id,
+                'relationship': relationship.key
             }
         )

sqlalchemy_jsonapi/tests/app.py

@@ -7,7 +7,7 @@
 
 from uuid import uuid4
 
-from flask import Flask
+from flask import Flask, request
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import Boolean, Column, ForeignKey, Unicode, UnicodeText
 from sqlalchemy.ext.hybrid import hybrid_property
@@ -78,6 +78,12 @@ def view_password(self):
         """ Never let the password be seen. """
         return False
 
+    @permission_test(Permissions.EDIT)
+    def prevent_edit(self):
+        if request.view_args['api_type'] == 'posts':
+            return True
+        return False
+
     @permission_test(Permissions.DELETE)
     def allow_delete(self):
         """ Just like a popular social media site, we won't delete users. """

sqlalchemy_jsonapi/tests/test_relationship_delete.py

@@ -3,7 +3,7 @@
 
 from sqlalchemy_jsonapi.errors import (
     BadRequestError, PermissionDeniedError, RelationshipNotFoundError,
-    ResourceNotFoundError, ToManyExpectedError, MissingContentTypeError)
+    ResourceNotFoundError, ToManyExpectedError, MissingContentTypeError, ValidationError)
 
 
 def test_200_on_deletion_from_to_many(comment, client):
@@ -38,17 +38,17 @@ def test_404_on_relationship_not_found(post, client):
 def test_403_on_permission_denied(user, client):
     client.delete('/api/users/{}/relationships/logs/'.format(
         user.id),
-                  data='{}',
+                  data='{"data": []}',
                   content_type='application/vnd.api+json').validate(
                       403, PermissionDeniedError)
 
 
 def test_409_on_to_one_provided(post, client):
     client.delete('/api/posts/{}/relationships/author/'.format(
         post.id),
-                  data='{}',
+                  data='{"data": {}}',
                   content_type='application/vnd.api+json').validate(
-                      409, ToManyExpectedError)
+                      409, ValidationError)
 
 
 def test_409_missing_content_type_header(post, client):

sqlalchemy_jsonapi/tests/test_resource_patch.py

@@ -70,10 +70,10 @@ def test_404_related_resource_not_found(client, post):
     client.patch('/api/posts/{}/'.format(post.id),
                  data=json.dumps(payload),
                  content_type='application/vnd.api+json').validate(
-                     404, RelatedResourceNotFoundError)
+                     404, ResourceNotFoundError)
 
 
-def test_404_field_not_found(client, post, user):
+def test_400_field_not_found(client, post, user):
     payload = {
         'data': {
             'type': 'posts',
@@ -91,7 +91,7 @@ def test_404_field_not_found(client, post, user):
     client.patch('/api/posts/{}/'.format(post.id),
                  data=json.dumps(payload),
                  content_type='application/vnd.api+json').validate(
-                     404, RelationshipNotFoundError)
+                     400, BadRequestError)
 
 
 def test_409_type_mismatch_to_one(client, post, user):
@@ -115,7 +115,7 @@ def test_409_type_mismatch_to_one(client, post, user):
                      409, ValidationError)
 
 
-def test_409_type_mismatch_to_many(client, post, user):
+def test_400_type_mismatch_to_many(client, post, user):
     payload = {
         'data': {
             'type': 'posts',
@@ -133,7 +133,7 @@ def test_409_type_mismatch_to_many(client, post, user):
     client.patch('/api/posts/{}/'.format(post.id),
                  data=json.dumps(payload),
                  content_type='application/vnd.api+json').validate(
-                     409, ValidationError)
+                     400, BadRequestError)
 
 
 def test_409_validation_failed(client, post, user):
@@ -181,7 +181,7 @@ def test_400_type_does_not_match_endpoint(client, post, user):
     client.patch('/api/posts/{}/'.format(post.id),
                  data=json.dumps(payload),
                  content_type='application/vnd.api+json').validate(
-                     400, MissingTypeError)
+                     400, BadRequestError)
 
 
 def test_403_permission_denied(user, client):