active_force 0.6.1 → 0.7.0

data/lib/active_force/table.rb

@@ -7,18 +7,22 @@ module ActiveForce
       @klass = klass.to_s
     end
 
+    def table_name name = nil
+      @name = name || @name || pick_table_name
+    end
+
     def name
       @name ||= pick_table_name
     end
 
-    def custom_table_name?
+    def custom_table?
       !StandardTypes::STANDARD_TYPES.include?(name_without_namespace)
     end
 
     private
 
     def pick_table_name
-      if custom_table_name?
+      if custom_table?
         "#{ name_without_namespace }__c"
       else
         name_without_namespace

data/lib/active_force/version.rb

@@ -1,3 +1,3 @@
 module ActiveForce
-  VERSION = "0.6.1"
+  VERSION = "0.7.0"
 end

data/lib/generators/active_force/model/model_generator.rb

@@ -18,6 +18,7 @@ module ActiveForce
       @attributes ||= sfdc_columns.map do |column|
         Attribute.new column_to_field(column), column
       end
+      @attributes - [:id]
     end
 
     def sfdc_columns

data/lib/generators/active_force/model/templates/model.rb.erb

@@ -1,5 +1,3 @@
-require 'active_force/sobject'
-
 class <%= @class_name %> < ActiveForce::SObject
 <% attributes.each do |attribute| -%>
   <%= attribute_line attribute %>

data/spec/active_force/active_query_spec.rb

@@ -1,5 +1,4 @@
 require 'spec_helper'
-require 'active_force/active_query'
 
 describe ActiveForce::ActiveQuery do
   let(:sobject) do
@@ -44,17 +43,22 @@ describe ActiveForce::ActiveQuery do
   describe "condition mapping" do
     it "maps conditions for a .where" do
       active_query.where(field: 123)
-      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123")
+      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123)")
+    end
+
+    it 'transforms an array to a WHERE/IN clause' do
+      active_query.where(field: ['foo', 'bar'])
+      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c IN ('foo','bar'))")
     end
 
     it "encloses the value in quotes if it's a string" do
       active_query.where field: "hello"
-      expect(active_query.to_s).to end_with("Field__c = 'hello'")
+      expect(active_query.to_s).to end_with("(Field__c = 'hello')")
     end
 
     it "puts NULL when a field is set as nil" do
       active_query.where field: nil
-      expect(active_query.to_s).to end_with("Field__c = NULL")
+      expect(active_query.to_s).to end_with("(Field__c = NULL)")
     end
 
     describe 'bind parameters' do
@@ -67,17 +71,17 @@ describe ActiveForce::ActiveQuery do
 
       it 'accepts bind parameters' do
         active_query.where('Field__c = ?', 123)
-        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123")
+        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123)")
       end
 
       it 'accepts nil bind parameters' do
         active_query.where('Field__c = ?', nil)
-        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = NULL")
+        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = NULL)")
       end
 
       it 'accepts multiple bind parameters' do
         active_query.where('Field__c = ? AND Other_Field__c = ? AND Name = ?', 123, 321, 'Bob')
-        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob'")
+        expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob')")
       end
 
       it 'complains when there given an incorrect number of bind parameters' do
@@ -89,22 +93,22 @@ describe ActiveForce::ActiveQuery do
       context 'named bind parameters' do
         it 'accepts bind parameters' do
           active_query.where('Field__c = :field', field: 123)
-          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123")
+          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123)")
         end
 
         it 'accepts nil bind parameters' do
           active_query.where('Field__c = :field', field: nil)
-          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = NULL")
+          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = NULL)")
         end
 
         it 'accepts multiple bind parameters' do
           active_query.where('Field__c = :field AND Other_Field__c = :other_field AND Name = :name', field: 123, other_field: 321, name: 'Bob')
-          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob'")
+          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob')")
         end
 
         it 'accepts multiple bind parameters orderless' do
           active_query.where('Field__c = :field AND Other_Field__c = :other_field AND Name = :name', name: 'Bob', other_field: 321, field: 123)
-          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob'")
+          expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Field__c = 123 AND Other_Field__c = 321 AND Name = 'Bob')")
         end
 
         it 'complains when there given an incorrect number of bind parameters' do
@@ -120,7 +124,7 @@ describe ActiveForce::ActiveQuery do
     it "should query the client, with the SFDC field names and correctly enclosed values" do
       expect(client).to receive :query
       active_query.find_by field: 123
-      expect(active_query.to_s).to eq "SELECT Id FROM table_name WHERE Field__c = 123 LIMIT 1"
+      expect(active_query.to_s).to eq "SELECT Id FROM table_name WHERE (Field__c = 123) LIMIT 1"
     end
   end
 
@@ -137,4 +141,27 @@ describe ActiveForce::ActiveQuery do
       active_query.map {}
     end
   end
+
+  describe "prevent SOQL injection attacks" do
+    let(:mappings){ { quote_field: "QuoteField", backslash_field: "Backslash_Field__c", number_field: "NumberField" } }
+    let(:quote_input){ "' OR Id!=NULL OR Id='" }
+    let(:backslash_input){ "\\" }
+    let(:number_input){ 123 }
+    let(:expected_query){ "SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\' AND NumberField = 123 AND QuoteField = ''' OR Id!=NULL OR Id=''')" }
+
+    it 'escapes quotes and backslashes in bind parameters' do
+      active_query.where('Backslash_Field__c = :backslash_field AND NumberField = :number_field AND QuoteField = :quote_field', number_field: number_input, backslash_field: backslash_input, quote_field: quote_input)
+      expect(active_query.to_s).to eq(expected_query)
+    end
+
+    it 'escapes quotes and backslashes in named bind parameters' do
+      active_query.where('Backslash_Field__c = ? AND NumberField = ? AND QuoteField = ?', backslash_input, number_input, quote_input)
+      expect(active_query.to_s).to eq(expected_query)
+    end
+
+    it 'escapes quotes and backslashes in hash conditions' do
+      active_query.where(backslash_field: backslash_input, number_field: number_input, quote_field: quote_input)
+      expect(active_query.to_s).to eq("SELECT Id FROM table_name WHERE (Backslash_Field__c = '\\\\') AND (NumberField = 123) AND (QuoteField = ''' OR Id!=NULL OR Id=''')")
+    end
+  end
 end

data/spec/active_force/association/relation_model_builder_spec.rb

@@ -0,0 +1,62 @@
+require 'spec_helper'
+
+module ActiveForce
+  module Association
+    describe RelationModelBuilder do
+      let(:instance){ described_class.new association, value }
+
+      describe '#build_relation_model' do
+        context 'has_many' do
+          let(:association){ HasManyAssociation.new Post, :comments }
+
+          context 'with values' do
+            let(:value) do
+              build_restforce_collection([
+                Restforce::SObject.new({'Id' => '213', 'PostId' => '123'}),
+                Restforce::SObject.new({'Id' => '214', 'PostId' => '123'})
+              ])
+            end
+
+            it 'returns an array of Comments' do
+              comments = instance.build_relation_model
+              expect(comments).to be_a Array
+              expect(comments.all?{ |c| c.is_a? Comment }).to be true
+            end
+          end
+
+          context 'without values' do
+            let(:value){ nil }
+
+            it 'returns an empty array' do
+              comments = instance.build_relation_model
+              expect(comments).to be_a Array
+              expect(comments).to be_empty
+            end
+          end
+        end
+
+        context 'belongs_to' do
+          let(:association){ BelongsToAssociation.new(Comment, :post) }
+
+          context 'with a value' do
+            let(:value) do
+              build_restforce_sobject 'Id' => '213'
+            end
+
+            it 'returns a post' do
+              expect(instance.build_relation_model).to be_a Post
+            end
+          end
+
+          context 'without a value' do
+            let(:value){ nil }
+
+            it 'returns nil' do
+              expect(instance.build_relation_model).to be_nil
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/spec/active_force/association_spec.rb

@@ -1,10 +1,8 @@
 require 'spec_helper'
-require 'active_force/association'
 
 describe ActiveForce::SObject do
-
   let :post do
-    Post.new(id: "1")
+    Post.new(id: "1", title: 'Ham')
   end
 
   let :comment do
@@ -12,29 +10,14 @@ describe ActiveForce::SObject do
   end
 
   let :client do
-    double("sfdc_client", query: [Restforce::Mash.new(id: 1)])
+    double("sfdc_client", query: [Restforce::Mash.new("Id" => 1)])
   end
 
   before do
-    class Post < ActiveForce::SObject
-      self.table_name = "Post__c"
-    end
-
-    class Comment < ActiveForce::SObject
-      field :post_id, from: "PostId"
-      self.table_name = "Comment__c"
-    end
-
     allow(ActiveForce::SObject).to receive(:sfdc_client).and_return client
   end
 
   describe "has_many_query" do
-    before do
-      class Post < ActiveForce::SObject
-        has_many :comments
-      end
-    end
-
     it "should respond to relation method" do
       expect(post).to respond_to(:comments)
     end
@@ -51,7 +34,7 @@ describe ActiveForce::SObject do
 
     describe 'to_s' do
       it "should return a SOQL statment" do
-        soql = "SELECT Id, PostId FROM Comment__c WHERE PostId = '1'"
+        soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (PostId = '1')"
         expect(post.comments.to_s).to eq soql
       end
     end
@@ -59,80 +42,62 @@ describe ActiveForce::SObject do
     context 'when the SObject is namespaced' do
       let(:account){ Foo::Account.new(id: '1') }
 
-      before do
-        module Foo
-          class Opportunity < ActiveForce::SObject
-            field :account_id, from: 'AccountId'
-          end
-
-          class Account < ActiveForce::SObject
-            has_many :opportunities, model: Foo::Opportunity
-          end
-        end
-      end
-
       it 'correctly infers the foreign key and forms the correct query' do
-        soql = "SELECT Id, AccountId FROM Opportunity WHERE AccountId = '1'"
+        soql = "SELECT Id, AccountId, Partner_Account_Id__c FROM Opportunity WHERE (AccountId = '1')"
         expect(account.opportunities.to_s).to eq soql
       end
 
       it 'uses an explicit foreign key if it is supplied' do
-        Foo::Opportunity.field :partner_account_id, from: 'Partner_Account_Id__c'
-        Foo::Account.has_many :opportunities, foreign_key: :partner_account_id, model: Foo::Opportunity
-        soql = "SELECT Id, AccountId, Partner_Account_Id__c FROM Opportunity WHERE Partner_Account_Id__c = '1'"
-        expect(account.opportunities.to_s).to eq soql
+        soql = "SELECT Id, AccountId, Partner_Account_Id__c FROM Opportunity WHERE (Partner_Account_Id__c = '1')"
+        expect(account.partner_opportunities.to_s).to eq soql
       end
     end
   end
 
   describe 'has_many(options)' do
-    before do
-      Post.has_many :comments
-    end
-
     it 'should allow to send a different query table name' do
-      Post.has_many :ugly_comments, { model: Comment }
-      soql = "SELECT Id, PostId FROM Comment__c WHERE PostId = '1'"
+      soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (PostId = '1')"
       expect(post.ugly_comments.to_s).to eq soql
     end
 
     it 'should allow to change the foreign key' do
-      Post.has_many :comments, { foreign_key: :poster }
-      Comment.field :poster, from: 'PostId'
-      soql = "SELECT Id, PostId FROM Comment__c WHERE PostId = '1'"
-      expect(post.comments.to_s).to eq soql
+      soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (PosterId__c = '1')"
+      expect(post.poster_comments.to_s).to eq soql
     end
 
     it 'should allow to add a where condition' do
-      Post.has_many :comments, { where: '1 = 1' }
-      soql = "SELECT Id, PostId FROM Comment__c WHERE 1 = 1 AND PostId = '1'"
-      expect(post.comments.to_s).to eq soql
+      soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (1 = 0) AND (PostId = '1')"
+      expect(post.impossible_comments.to_s).to eq soql
+    end
+
+    it 'accepts custom scoping' do
+      soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (Body__c = 'RE: Ham') AND (PostId = '1') ORDER BY CreationDate DESC"
+      expect(post.reply_comments.to_s).to eq soql
+    end
+
+    it 'accepts custom scoping that preloads associations of the association' do
+      account = Salesforce::Account.new id: '1', business_partner: 'qwerty'
+      soql = "SELECT Id, OwnerId, AccountId, Business_Partner__c, Owner.Id FROM Opportunity WHERE (Business_Partner__c = 'qwerty') AND (AccountId = '1')"
+      expect(account.partner_opportunities.to_s).to eq soql
     end
 
     it 'should use a convention name for the foreign key' do
-      soql = "SELECT Id, PostId FROM Comment__c WHERE PostId = '1'"
+      soql = "SELECT Id, PostId, PosterId__c, FancyPostId, Body__c FROM Comment__c WHERE (PostId = '1')"
       expect(post.comments.to_s).to eq soql
     end
-
   end
 
   describe "belongs_to" do
-    before do
-      Comment.belongs_to :post
-    end
-
     it "should get the resource it belongs to" do
       expect(comment.post).to be_instance_of(Post)
     end
 
     it "should allow to pass a foreign key as options" do
-      class Comment < ActiveForce::SObject
-      	field :fancy_post_id, from: 'PostId'
-      	belongs_to :post, foreign_key: :fancy_post_id
-      end
+      Comment.belongs_to :post, foreign_key: :fancy_post_id
       allow(comment).to receive(:fancy_post_id).and_return "2"
-      expect(client).to receive(:query).with("SELECT Id FROM Post__c WHERE Id = '2' LIMIT 1")
+      expect(client).to receive(:query).with("SELECT Id, Title__c FROM Post__c WHERE (Id = '2') LIMIT 1")
       comment.post
+      Comment.belongs_to :post # reset association to original value
     end
 
     it 'makes only one API call to fetch the associated object' do
@@ -141,29 +106,37 @@ describe ActiveForce::SObject do
       comment.post
     end
 
-    it 'accepts assignment of an existing object as an association' do
-      expect(client).to_not receive(:query)
-      other_post = Post.new(id: "2")
-      comment.post = other_post
-      expect(comment.post_id).to eq other_post.id
-      expect(comment.post).to eq other_post
-    end
+    describe "assignments" do
+      let(:comment) do
+        comment = Comment.new(id: '1')
+        comment.post = Post.new(id: '1')
+        comment
+      end
 
-    context 'when the SObject is namespaced' do
-      let(:attachment){ Foo::Attachment.new(id: '1', lead_id: '2') }
       before do
-        module Foo
-          class Lead < ActiveForce::SObject; end
+        expect(client).to_not receive(:query)
+      end
+      
+      it 'accepts assignment of an existing object as an association' do
+        expect(client).to_not receive(:query)
+        other_post = Post.new(id: "2")
+        comment.post = other_post
+        expect(comment.post_id).to eq other_post.id
+        expect(comment.post).to eq other_post
+      end
 
-          class Attachment < ActiveForce::SObject
-            field :lead_id, from: 'Lead_Id__c'
-            belongs_to :lead, model: Foo::Lead
-          end
-        end
+      it 'can desassociate an object by setting it as nil' do
+        comment.post = nil
+        expect(comment.post_id).to eq nil
+        expect(comment.post).to eq nil
       end
+    end
+
+    context 'when the SObject is namespaced' do
+      let(:attachment){ Foo::Attachment.new(id: '1', lead_id: '2') }
 
       it 'generates the correct query' do
-        expect(client).to receive(:query).with("SELECT Id FROM Lead WHERE Id = '2' LIMIT 1")
+        expect(client).to receive(:query).with("SELECT Id FROM Lead WHERE (Id = '2') LIMIT 1")
         attachment.lead
       end
 
@@ -173,18 +146,10 @@ describe ActiveForce::SObject do
 
       context 'when given a foreign key' do
         let(:attachment){ Foo::Attachment.new(id: '1', fancy_lead_id: '2') }
-        before do
-          module Foo
-            class Attachment < ActiveForce::SObject
-              field :fancy_lead_id, from: 'LeadId'
-              belongs_to :lead, model: Foo::Lead, foreign_key: :fancy_lead_id
-            end
-          end
-        end
 
         it 'generates the correct query' do
-          expect(client).to receive(:query).with("SELECT Id FROM Lead WHERE Id = '2' LIMIT 1")
-          attachment.lead
+          expect(client).to receive(:query).with("SELECT Id FROM Lead WHERE (Id = '2') LIMIT 1")
+          attachment.fancy_lead
         end
       end
     end