Skip to main content

enforce_max_objects_in_set

jmap_server

Function enforce_max_objects_in_set 

Source 
pub fn enforce_max_objects_in_set(
    args: &Map<String, Value>,
    max: u64,
) -> Result<(), JmapError>
Expand description

Enforce RFC 8620 §5.3 maxObjectsInSet cap at the top of a /set handler (bd:JMAP-ayoz.41.1).

Counts entries in the wire create (object), update (object), and destroy (array) arguments. Returns JmapError::limit("maxObjectsInSet") — which maps to HTTP 400 + wire type: "limit" via crate::response::error_status — when the sum exceeds max.

Call at the top of every handle_*_set after the account_exists gate and before any per-entry processing. A request carrying megabytes of /set ops is rejected before the handler touches the storage layer:

let (account_id, args) = extract_account_id(args)?;
if !backend.account_exists(caller, &account_id).await
    .map_err(|e| server_fail_from_backend(&e))?
{
    return Err(JmapError::account_not_found());
}
jmap_server::helpers::enforce_max_objects_in_set(
    &args,
    backend.max_objects_in_set(caller, &account_id),
)?;

§Why this lives in the foundation

maxObjectsInSet is a RFC 8620 §5.3 base-protocol cap, not an extension concept. Every jmap-*-server extension’s handle_*_set needs the same check; the helper is the single source of truth so a future revision (different error shape, additional counting rule, alternate semantics for non-object create / update) lands in one place instead of being propagated through 28 handler sites.

§Counting rules

  • create is counted as args["create"].as_object()?.len() — missing key, null, or non-object types count as 0.
  • update is counted the same way (RFC 8620 §5.3 update is Id[PatchObject]).
  • destroy is counted as args["destroy"].as_array()?.len() — missing key, null, or non-array types count as 0.

Wire-shape validation of the individual create / update / destroy arguments belongs to the per-handler argument parsing, not to this cap-enforcement helper. A non-object create survives the cap check (counts as 0) and is rejected by the handler’s downstream args.remove("create") match arm. Conversely, a well-formed but over-limit create is rejected here before the handler runs.

§Errors

Returns JmapError::limit("maxObjectsInSet") when the sum exceeds max. The HTTP layer maps this to a 400 response with the limit name in the RFC 7807 "limit" field.