json-api-dotnet
diff --git a/‎src/JsonApiDotNetCore/Configuration/JsonApiApplicationBuilder.cs
Lines changed: 0 additions & 2 deletions b/‎src/JsonApiDotNetCore/Configuration/JsonApiApplicationBuilder.cs
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/JsonApiDotNetCore/Middleware/AsyncResourceTypeMatchFilter.cs
Lines changed: 0 additions & 75 deletions b/‎src/JsonApiDotNetCore/Middleware/AsyncResourceTypeMatchFilter.cs
Lines changed: 0 additions & 75 deletions
diff --git a/‎src/JsonApiDotNetCore/Middleware/IAsyncResourceTypeMatchFilter.cs
Lines changed: 0 additions & 9 deletions b/‎src/JsonApiDotNetCore/Middleware/IAsyncResourceTypeMatchFilter.cs
Lines changed: 0 additions & 9 deletions
diff --git a/‎src/JsonApiDotNetCore/Serialization/JsonApiReader.cs
Lines changed: 60 additions & 6 deletions b/‎src/JsonApiDotNetCore/Serialization/JsonApiReader.cs
Lines changed: 60 additions & 6 deletions
diff --git a/‎test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/ResourceTypeMismatchTests.cs
Lines changed: 24 additions & 0 deletions b/‎test/JsonApiDotNetCoreExampleTests/Acceptance/Spec/ResourceTypeMismatchTests.cs
Lines changed: 24 additions & 0 deletions
@@ -92,7 +92,6 @@ public void ConfigureMvc()
             {
                 options.EnableEndpointRouting = true;
                 options.Filters.AddService<IAsyncJsonApiExceptionFilter>();
-                options.Filters.AddService<IAsyncResourceTypeMatchFilter>();
                 options.Filters.AddService<IAsyncQueryStringActionFilter>();
                 options.Filters.AddService<IAsyncConvertEmptyActionResultFilter>();
                 ConfigureMvcOptions?.Invoke(options);
@@ -159,7 +158,6 @@ private void AddMiddlewareLayer()
             _services.AddSingleton<IJsonApiApplicationBuilder>(this);
             _services.TryAddSingleton<IExceptionHandler, ExceptionHandler>();
             _services.TryAddScoped<IAsyncJsonApiExceptionFilter, AsyncJsonApiExceptionFilter>();
-            _services.TryAddScoped<IAsyncResourceTypeMatchFilter, AsyncResourceTypeMatchFilter>();
             _services.TryAddScoped<IAsyncQueryStringActionFilter, AsyncQueryStringActionFilter>();
             _services.TryAddScoped<IAsyncConvertEmptyActionResultFilter, AsyncConvertEmptyActionResultFilter>();
             _services.TryAddSingleton<IJsonApiInputFormatter, JsonApiInputFormatter>();
 
@@ -1,11 +1,16 @@
 using System;
 using System.Collections;
+using System.Collections.Generic;
 using System.IO;
+using System.Net.Http;
+using System.Linq;
 using System.Threading.Tasks;
+using JsonApiDotNetCore.Configuration;
 using JsonApiDotNetCore.Errors;
 using JsonApiDotNetCore.Middleware;
 using JsonApiDotNetCore.Resources;
 using JsonApiDotNetCore.Serialization.Objects;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Http.Extensions;
 using Microsoft.AspNetCore.Mvc.Formatters;
 using Microsoft.Extensions.Logging;
@@ -16,17 +21,20 @@ namespace JsonApiDotNetCore.Serialization
     public class JsonApiReader : IJsonApiReader
     {
         private readonly IJsonApiDeserializer _deserializer;
-        private readonly IJsonApiRequest _request;
+        private readonly IJsonApiRequest _jsonApiRequest;
+        private readonly IResourceContextProvider _resourceContextProvider;
         private readonly TraceLogWriter<JsonApiReader> _traceWriter;
 
         public JsonApiReader(IJsonApiDeserializer deserializer,
-            IJsonApiRequest request,
+            IJsonApiRequest jsonApiRequest,
+            IResourceContextProvider resourceContextProvider,
             ILoggerFactory loggerFactory)
         {
             if (loggerFactory == null) throw new ArgumentNullException(nameof(loggerFactory));
 
             _deserializer = deserializer ?? throw new ArgumentNullException(nameof(deserializer));
-            _request = request ?? throw new ArgumentNullException(nameof(request));
+            _jsonApiRequest = jsonApiRequest ?? throw new ArgumentNullException(nameof(jsonApiRequest));
+            _resourceContextProvider = resourceContextProvider;
             _traceWriter = new TraceLogWriter<JsonApiReader>(loggerFactory);
         }
 
@@ -63,22 +71,46 @@ public async Task<InputFormatterResult> ReadAsync(InputFormatterContext context)
 
             ValidatePatchRequestIncludesId(context, model, body);
 
+            ValidateIncomingResourceType(context, model);
+            
             return await InputFormatterResult.SuccessAsync(model);
         }
 
+        private void ValidateIncomingResourceType(InputFormatterContext context, object model)
+        {
+            if (context.HttpContext.IsJsonApiRequest() && IsPatchOrPostRequest(context.HttpContext.Request))
+            {
+                var endPointResourceTypes = GetEndpointResourceType();
+                var bodyResourceTypes = GetBodyResourceTypes(model);
+
+                foreach (var bodyResourceType in bodyResourceTypes)
+                {
+                    if (bodyResourceType != null && endPointResourceTypes != null && bodyResourceType != endPointResourceTypes)
+                    {
+                        var resourceFromEndpoint = _resourceContextProvider.GetResourceContext(endPointResourceTypes);
+                        var resourceFromBody = _resourceContextProvider.GetResourceContext(bodyResourceType);
+
+                        throw new ResourceTypeMismatchException(new HttpMethod(context.HttpContext.Request.Method),
+                            context.HttpContext.Request.Path,
+                            resourceFromEndpoint, resourceFromBody);
+                    }
+                }
+            }
+        }
+
         private void ValidatePatchRequestIncludesId(InputFormatterContext context, object model, string body)
         {
-            if (context.HttpContext.Request.Method == "PATCH")
+            if (context.HttpContext.Request.Method == HttpMethods.Patch)
             {
                 bool hasMissingId = model is IList list ? HasMissingId(list) : HasMissingId(model);
                 if (hasMissingId)
                 {
                     throw new InvalidRequestBodyException("Payload must include 'id' element.", null, body);
                 }
 
-                if (_request.Kind == EndpointKind.Primary && TryGetId(model, out var bodyId) && bodyId != _request.PrimaryId)
+                if (_jsonApiRequest.Kind == EndpointKind.Primary && TryGetId(model, out var bodyId) && bodyId != _jsonApiRequest.PrimaryId)
                 {
-                    throw new ResourceIdMismatchException(bodyId, _request.PrimaryId, context.HttpContext.Request.GetDisplayUrl());
+                    throw new ResourceIdMismatchException(bodyId, _jsonApiRequest.PrimaryId, context.HttpContext.Request.GetDisplayUrl());
                 }
             }
         }
@@ -134,5 +166,27 @@ private async Task<string> GetRequestBody(Stream body)
             // https://github.com/aspnet/AspNetCore/issues/7644
             return await reader.ReadToEndAsync();
         }
+        
+        private bool IsPatchOrPostRequest(HttpRequest request)
+        {
+            return request.Method == HttpMethods.Patch || request.Method == HttpMethods.Post;
+        }
+
+        private IEnumerable<Type> GetBodyResourceTypes(object model)
+        {
+            if (model is ICollection<IIdentifiable> resourceCollection)
+            {
+                return resourceCollection.Select(r => r.GetType()).Distinct();
+            }
+
+            return model == null ? new Type[0] : new[] { model.GetType() };
+        }
+
+        private Type GetEndpointResourceType()
+        {
+            return _jsonApiRequest.Kind == EndpointKind.Primary
+                ? _jsonApiRequest.PrimaryResource.ResourceType 
+                : _jsonApiRequest.SecondaryResource?.ResourceType;
+        }
     }
 }
@@ -80,5 +80,29 @@ public async Task Patching_Through_Relationship_Link_With_Mismatching_Resource_T
             Assert.Equal("Resource type mismatch between request body and endpoint URL.", errorDocument.Errors[0].Title);
             Assert.Equal("Expected resource of type 'people' in PATCH request body at endpoint '/api/v1/todoItems/1/relationships/owner', instead of 'todoItems'.", errorDocument.Errors[0].Detail);
         }
+        
+        [Fact]
+        public async Task Patching_Through_Relationship_Link_With_Multiple_Resources_Types_Returns_Conflict()
+        {
+            // Arrange
+            string content = JsonConvert.SerializeObject(new
+            {
+                data = new object[]
+                {
+                    new { type = "todoItems", id = 1 },
+                    new { type = "articles", id = 2 },
+                }
+            });
+
+            // Act
+            var (body, _) = await Patch("/api/v1/todoItems/1/relationships/childrenTodos", content);
+
+            // Assert
+            var errorDocument = JsonConvert.DeserializeObject<ErrorDocument>(body);
+            Assert.Single(errorDocument.Errors);
+            Assert.Equal(HttpStatusCode.Conflict, errorDocument.Errors[0].StatusCode);
+            Assert.Equal("Resource type mismatch between request body and endpoint URL.", errorDocument.Errors[0].Title);
+            Assert.Equal("Expected resource of type 'todoItems' in PATCH request body at endpoint '/api/v1/todoItems/1/relationships/childrenTodos', instead of 'articles'.", errorDocument.Errors[0].Detail);
+        }
     }
 }