api_maker 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7d65964fbfeb5bd8a5d89702083930f77e3d9c46956695c4f0877039a43c3010
-  data.tar.gz: 2a9431af5f0bfebcfb9605d85fafc40b824448aeac9ccd5a0f595b8e9f6d642d
+  metadata.gz: 696d6f1f8b6baa82e326b7d05f4e6f6fdd57de5a7ad9a20d7961d1d7ec361e78
+  data.tar.gz: 8960e2876a0c29d700c9c429e0153f43ea31e0839a03d423ffeeb92863f18ee2
 SHA512:
-  metadata.gz: bf2858ef950edf1aa8cc9ce45938ebd1b5ea5f3dd1f11223fd42959bff910a5cceae21599abbfdce7dbabedcdcd481c54c832c77712417436d02f423285fb48d
-  data.tar.gz: 7f63b82811ef1a5207d2ecbdcc62072b4d4297263884de1c4b36704e7b114a2d027cbbb3dac324de69af6c19fc79f185f273b4bf070def5f7c9282e1b1caa404
+  metadata.gz: c185f283cb899f81293df2e93e91c9298a4c1bfe5abbc5eb56f4fd23444ff46ce42776718cc2547e103ff511e30406fdb62761363813c68d9e67375cbcee2363
+  data.tar.gz: 40be89f333195778c4c7455d4f76ec85a1786637346e75f91dd043296870d79f340b53193bf28420962c6f7f418858697e4daa0e803684d29af20ebb6481076a

data/app/api_maker/api_helpers/api_maker_helpers.rb

@@ -0,0 +1,5 @@
+module ApiHelpers::ApiMakerHelpers
+  def locals
+    @locals ||= ApiMaker::LocalsFromController.execute!(controller: controller)
+  end
+end

data/app/api_maker/services/can_can/load_abilities.rb

@@ -0,0 +1,30 @@
+class Services::CanCan::LoadAbilities < ApiMaker::BaseService
+  def perform
+    result = []
+
+    request.each do |ability_data|
+      # Sometimes Rails passes a hash instead of an array
+      ability_data = ability_data.fetch(1) if ability_data.is_a?(Array)
+
+      ability = ability_data.fetch("ability")
+      subject = ability_data.fetch("subject")
+      subject_to_check = subject
+
+      # Convert subject to original model class if resource is given
+      subject_to_check = subject.model_class if subject.is_a?(Class) && subject < ApiMaker::BaseResource
+
+      can = current_ability.can?(ability.to_sym, subject_to_check)
+      result << {
+        ability: ability,
+        can: can,
+        subject: subject
+      }
+    end
+
+    succeed!(abilities: result)
+  end
+
+  def request
+    @request ||= args.fetch(:request)
+  end
+end

data/app/api_maker/services/devise/sign_in.rb

@@ -0,0 +1,64 @@
+class Services::Devise::SignIn < ApiMaker::BaseService
+  include Devise::Controllers::Rememberable
+
+  # Rememberable needs this
+  def cookies
+    controller.__send__(:cookies)
+  end
+
+  def perform
+    fail! "Devise sign in isn't enabled", type: :devise_sign_in_isnt_enabled unless ApiMaker::Configuration.current.devise_sign_in_enabled
+
+    check_model_exists
+    check_serializer_exists
+
+    if !model.active_for_authentication?
+      fail! inactive_message, type: :inactive
+    elsif model.valid_password?(args[:password])
+      controller.sign_in(model, scope: scope)
+      remember_me(model) if args.dig(:args, :rememberMe)
+      succeed!(model_data: serializer.result)
+    else
+      fail! invalid_error_message, type: :invalid
+    end
+  end
+
+  def check_model_exists
+    error_msg = I18n.t("devise.failure.not_found_in_database", authentication_keys: model_class.authentication_keys.join(", "))
+    fail! error_msg, type: :not_found_in_database unless model
+  end
+
+  def check_serializer_exists
+    fail! "Serializer doesn't exist for #{scope}", type: :serializer_doesnt_exist unless resource
+  end
+
+  def inactive_message
+    message = model.inactive_message
+    message = I18n.t("devise.failure.#{message}") if message.is_a?(Symbol)
+    message
+  end
+
+  def invalid_error_message
+    I18n.t("devise.failure.invalid", authentication_keys: model_class.authentication_keys.join(", "))
+  end
+
+  def model
+    @model ||= model_class.find_for_authentication(email: args[:username])
+  end
+
+  def model_class
+    @model_class ||= scope.camelize.safe_constantize
+  end
+
+  def scope
+    @scope ||= args.dig(:args, :scope).presence || "user"
+  end
+
+  def resource
+    @resource ||= ApiMaker::Serializer.resource_for(model.class)
+  end
+
+  def serializer
+    @serializer ||= ApiMaker::Serializer.new(ability: current_ability, api_maker_args: api_maker_args, model: model)
+  end
+end

data/app/api_maker/services/devise/sign_out.rb

@@ -0,0 +1,9 @@
+class Services::Devise::SignOut < ApiMaker::BaseService
+  def perform
+    fail! "Devise sign out isn't enabled", type: :devise_sign_out_isnt_enabled unless ApiMaker::Configuration.current.devise_sign_out_enabled
+    scope = args.dig(:args, :scope).presence || "user"
+    current_model = controller.__send__("current_#{scope}")
+    controller.sign_out current_model
+    succeed!(success: true)
+  end
+end

data/app/api_maker/services/models/find_or_create_by.rb

@@ -0,0 +1,18 @@
+class Services::Models::FindOrCreateBy < ApiMaker::BaseService
+  def perform
+    resource_name = args.fetch(:resource_name)
+    resource = "Resources::#{resource_name}Resource".safe_constantize
+    model_class = resource.model_class
+    find_or_create_by_args = args.fetch(:find_or_create_by_args)
+    additional_data = args[:additional_data]
+
+    model = model_class.find_or_initialize_by(find_or_create_by_args)
+    model.assign_attributes(additional_data) if model.new_record? && additional_data
+
+    if model.save
+      succeed! model: model
+    else
+      fail! errors: model.errors.full_messages
+    end
+  end
+end

data/app/channels/api_maker/subscriptions_channel.rb

@@ -1,6 +1,10 @@
 class ApiMaker::SubscriptionsChannel < ApplicationCable::Channel
   def subscribed
     params[:subscription_data].each do |model_name, subscription_types|
+      subscription_types["model_class_events"]&.each do |event_name|
+        connect_model_class_event(model_name, event_name)
+      end
+
       subscription_types["events"]&.each do |event_name, model_ids|
         connect_event(model_name, model_ids, event_name)
       end
@@ -25,16 +29,24 @@ private
     model_class = model_for_resource_name(model_name)
     channel_name = model_class.api_maker_broadcast_create_channel_name
     stream_from(channel_name, coder: ActiveSupport::JSON) do |data|
+      ApiMaker::Configuration.current.before_create_event_callbacks.each do |callback|
+        callback.call(data: data)
+      end
+
       # We need to look the model up to evaluate if the user has access
-      model = data.fetch("model_class_name").safe_constantize.accessible_by(current_ability, :create_events).find(data.fetch("model_id"))
+      model_class = data.fetch("mcn").safe_constantize
 
-      # Transmit the data to JS if its allowed
+      Rails.logger.debug { "API maker: ConnectCreates for #{model_class.name}" }
+      model = model_class.accessible_by(current_ability, :create_events).find_by(model_class.primary_key => data.fetch("mi"))
+
+      # Transmit the data to JS if its found (and thereby allowed)
       transmit data if model
     end
   end
 
   def connect_destroys(model_name, model_ids)
     model_class = model_for_resource_name(model_name)
+    Rails.logger.debug { "API maker: ConnectDestroys for #{model_class.name}" }
     models = model_class.accessible_by(current_ability, :destroy_events).where(model_class.primary_key => model_ids)
     models.each do |model|
       channel_name = model.api_maker_broadcast_destroy_channel_name
@@ -47,6 +59,7 @@ private
   def connect_event(model_name, model_ids, event_name)
     ability_name = "event_#{event_name}".to_sym
     model_class = model_for_resource_name(model_name)
+    Rails.logger.debug { "API maker: ConnectEvents for #{model_class.name} #{event_name}" }
     models = model_class.accessible_by(current_ability, ability_name).where(model_class.primary_key => model_ids)
     models.each do |model|
       channel_name = model.api_maker_event_channel_name(event_name)
@@ -56,8 +69,26 @@ private
     end
   end
 
+  def connect_model_class_event(model_name, event_name)
+    ability_name = "model_class_event_#{event_name}".to_sym
+    model_class = model_for_resource_name(model_name)
+    channel_name = model_class.api_maker_model_class_event_name(event_name)
+
+    Rails.logger.debug { "API maker: ConnectModelClassEvent for #{model_class.name} #{event_name}" }
+
+    if current_ability.can?(ability_name, model_class)
+      stream_from(channel_name, coder: ActiveSupport::JSON) do |data|
+        transmit data
+      end
+    else
+      Rails.logger.warn { "API maker: No access to model class event #{model_class.name}##{event_name} with ability name: #{ability_name}" }
+    end
+  end
+
   def connect_updates(model_name, model_ids)
     model_class = model_for_resource_name(model_name)
+    Rails.logger.debug { "API maker: ConnectUpdates for #{model_class.name}" }
+
     models = model_class.accessible_by(current_ability, :update_events).where(model_class.primary_key => model_ids)
     models.each do |model|
       channel_name = model.api_maker_broadcast_update_channel_name

data/app/controllers/api_maker/base_controller.rb

@@ -8,15 +8,19 @@ class ApiMaker::BaseController < ApplicationController
 private
 
   def current_ability
-    @current_ability ||= ::ApiMaker::Ability.new(args: api_maker_args)
+    @current_ability ||= ApiMaker::Configuration.current.ability_class.new(api_maker_args: api_maker_args, locals: api_maker_locals)
+  end
+
+  def api_maker_locals
+    @api_maker_locals ||= {}
   end
 
   def render_error(error)
     puts error.inspect
-    puts error.backtrace
+    puts Rails.backtrace_cleaner.clean(error.backtrace)
 
     logger.error error.inspect
-    logger.error error.backtrace.join("\n")
+    logger.error Rails.backtrace_cleaner.clean(error.backtrace).join("\n")
 
     raise error
   end

data/app/controllers/api_maker/commands_controller.rb

@@ -1,19 +1,21 @@
 class ApiMaker::CommandsController < ApiMaker::BaseController
+  wrap_parameters false
+
   def create
     command_response = ApiMaker::CommandResponse.new(controller: self)
     controller = self
 
-    params[:pool].each do |command_type, command_type_data|
+    merged_params.fetch(:pool).each do |command_type, command_type_data|
       command_type_data.each do |resource_plural_name, command_model_data|
         command_model_data.each do |command_name, command_data|
           ApiMaker.const_get("#{command_type.camelize}CommandService").execute!(
             ability: current_ability,
-            args: api_maker_args,
+            api_maker_args: api_maker_args,
             command_response: command_response,
             commands: command_data,
             command_name: command_name,
-            resource_name: resource_plural_name,
-            controller: controller
+            controller: controller,
+            resource_name: resource_plural_name
           )
         end
       end
@@ -23,4 +25,24 @@ class ApiMaker::CommandsController < ApiMaker::BaseController
 
     render json: {responses: command_response.result}
   end
+
+  def json_params
+    @json_params ||= ActionController::Parameters.new(json_data) if json_data
+  end
+
+  def json_data
+    @json_data ||= JSON.parse(params[:json]) if params[:json]
+  end
+
+  def merged_params
+    @merged_params ||= if json_data
+      raw_data = params.permit!.to_h
+      merged_data = ApiMaker::DeepMergeParams.execute!(json_data, raw_data)
+      ActionController::Parameters.new(merged_data)
+    elsif json_params
+      json_params
+    else
+      params
+    end
+  end
 end

data/app/controllers/api_maker/session_statuses_controller.rb

@@ -1,4 +1,4 @@
-class ApiMaker::SessionStatusesController < ActionController::Base
+class ApiMaker::SessionStatusesController < ActionController::Base # rubocop:disable Rails/ApplicationController
   skip_before_action :verify_authenticity_token, raise: false
 
   def create

data/app/services/api_maker/abilities_loader.rb

@@ -0,0 +1,104 @@
+class ApiMaker::AbilitiesLoader < ApiMaker::ApplicationService
+  attr_reader :abilities, :abilities_data, :abilities_with_no_conditions, :abilities_with_no_rules, :ability, :groupings, :serializers
+
+  def initialize(abilities:, ability:, serializers:)
+    @ability = ability
+    @abilities = abilities.map(&:to_sym)
+    @abilities_data = {}
+    @abilities_with_no_conditions = []
+    @abilities_with_no_rules = []
+    @groupings = {}
+    @serializers = serializers
+  end
+
+  def perform
+    scan_abilities
+    scan_groupings
+
+    load_abilities_with_no_conditions if abilities_with_no_conditions.any?
+    load_abilities_with_no_rules if abilities_with_no_rules.any?
+
+    groupings.each_value do |ability_names|
+      load_abilities_with_conditions(ability_names)
+    end
+
+    succeed!
+  end
+
+  def scan_abilities
+    abilities.each do |ability_name|
+      abilities_data[ability_name] = {
+        combined_conditions: [],
+        rules_count: 0,
+        rule_with_no_conditions: false
+      }
+
+      relevant_rules = ability.__send__(:relevant_rules, ability_name, model_class)
+      relevant_rules.each do |can_can_rule|
+        abilities_data[ability_name][:combined_conditions] << can_can_rule.conditions.to_s
+        abilities_data[ability_name][:rules_count] += 1
+
+        if can_can_rule.__send__(:conditions_empty?)
+          abilities_data[ability_name][:rule_with_no_conditions] = true
+          abilities_with_no_conditions << ability_name
+        end
+      end
+    end
+  end
+
+  def scan_groupings
+    abilities_data.each do |ability_name, ability_data|
+      # No reason to create a group with no conditions - we are giving access to these without doing a query elsewhere
+      next if ability_data.fetch(:rule_with_no_conditions)
+
+      # If no rules have been defined, then we can safely assume no access without doing a query elsewhere
+      if ability_data.fetch(:rules_count).zero?
+        abilities_with_no_rules << ability_name
+      else
+        identifier = ability_data[:combined_conditions].join("___")
+
+        groupings[identifier] ||= []
+        groupings[identifier] << ability_name
+      end
+    end
+
+    groupings
+  end
+
+  def load_abilities_with_no_conditions
+    Rails.logger.debug { "API maker: Loading abilities with no condition: [#{abilities_with_no_conditions.join(", ")}], #{model_class}" }
+    abilities_with_no_conditions.each do |ability_name|
+      serializers.each do |serializer|
+        serializer.load_ability(ability_name, true)
+      end
+    end
+  end
+
+  def load_abilities_with_no_rules
+    Rails.logger.debug { "API maker: Loading abilities with no rules: [#{abilities_with_no_rules.join(", ")}], #{model_class}" }
+    abilities_with_no_rules.each do |ability_name|
+      serializers.each do |serializer|
+        serializer.load_ability(ability_name, false)
+      end
+    end
+  end
+
+  def load_abilities_with_conditions(ability_names)
+    Rails.logger.debug { "API maker: Loading abilities with conditions through query: [#{ability_names.join(", ")}], #{model_class}" }
+
+    model_ids = model_class
+      .accessible_by(ability, ability_names.first)
+      .where(id: serializers.map(&:id))
+      .pluck(model_class.primary_key)
+
+    serializers.each do |serializer|
+      ability_names.each do |ability_name|
+        serializer.load_ability(ability_name, model_ids.include?(serializer.id))
+      end
+    end
+  end
+
+  def model_class
+    @model_class ||= serializers.first.model.class
+  end
+end

data/app/services/api_maker/application_service.rb

@@ -1,7 +1,8 @@
 class ApiMaker::ApplicationService < ServicePattern::Service
+  # Replaces magic variables with actual variable names
   def api_maker_json(object)
     json = object.to_json
-    json.gsub!(/"\{\{(.+?)\}\}"/, "\\1")
+    json.gsub!(/"\{\{([A-z_]+?)\}\}"/, "\\1")
     json
   end
 end

data/app/services/api_maker/base_command.rb

@@ -0,0 +1,248 @@
+class ApiMaker::BaseCommand
+  ApiMaker::IncludeHelpers.execute!(klass: self)
+
+  attr_reader :api_maker_args, :collection, :collection_instance, :command, :commands, :command_response, :controller, :current_ability
+
+  delegate :args, :model, :model_id, to: :command
+  delegate :result_for_command, to: :command_response
+
+  # Returns true if the gem "goldiloader" is present in the app
+  def self.goldiloader?
+    @goldiloader = Gem::Specification.find_all_by_name("goldiloader").any? if @goldiloader.nil?
+    @goldiloader
+  end
+
+  def initialize(ability:, api_maker_args:, collection:, collection_instance:, command:, commands:, command_response:, controller:)
+    @api_maker_args = api_maker_args
+    @current_ability = ability
+    @collection = collection
+    @collection_instance = collection_instance
+    @command = command
+    @commands = commands
+    @command_response = command_response
+    @controller = controller
+  end
+
+  def execute_with_response
+    execute!
+  rescue ApiMaker::CommandFailedError => e
+    command.fail(*e.api_maker_args, &e.api_maker_block)
+  end
+
+  def self.command_error_message(error)
+    if Rails.application.config.consider_all_requests_local
+      "#{error.class.name}: #{error.message}"
+    else
+      "Internal server error"
+    end
+  end
+
+  def self.execute_in_thread!(ability:, api_maker_args:, collection:, commands:, command_response:, controller:)
+    command_response.with_thread do
+      if const_defined?(:CollectionInstance)
+        collection_instance = const_get(:CollectionInstance).new(
+          ability: ability,
+          api_maker_args: api_maker_args,
+          collection: collection,
+          commands: commands,
+          command_response: command_response,
+          controller: controller
+        )
+
+        collection = collection_instance.custom_collection if collection_instance.respond_to?(:custom_collection)
+        collection_instance.collection = collection
+
+        threadded = collection_instance.try(:threadded?)
+      end
+
+      if threadded
+        # Goldiloader doesn't work with threads (loads all relationships for each thread)
+        collection = collection.auto_include(false) if ApiMaker::BaseCommand.goldiloader?
+
+        # Load relationship before commands so each command doesn't query on its own
+        collection.load
+      end
+
+      each_command(collection: collection, command_response: command_response, commands: commands, controller: controller, threadded: threadded) do |command|
+        command_instance = new(
+          ability: ability,
+          api_maker_args: api_maker_args,
+          collection: collection,
+          collection_instance: collection_instance,
+          command: command,
+          commands: command,
+          command_response: command_response,
+          controller: controller
+        )
+        command_instance.execute_with_response
+      end
+    end
+  end
+
+  def self.each_command(collection:, command_response:, commands:, controller:, threadded:, &blk)
+    commands.each do |command_id, command_data|
+      if threadded
+        command_response.with_thread do
+          run_command(
+            command_id: command_id,
+            command_data: command_data,
+            command_response: command_response,
+            collection: collection,
+            controller: controller,
+            &blk
+          )
+        end
+      else
+        run_command(
+          command_id: command_id,
+          command_data: command_data,
+          command_response: command_response,
+          collection: collection,
+          controller: controller,
+          &blk
+        )
+      end
+    end
+  end
+
+  def self.run_command(collection:, command_id:, command_data:, command_response:, controller:)
+    command = ApiMaker::IndividualCommand.new(
+      args: ApiMaker::Deserializer.execute!(arg: command_data[:args]),
+      collection: collection,
+      command: self,
+      id: command_id,
+      primary_key: command_data[:primary_key],
+      response: command_response
+    )
+
+    begin
+      yield command
+    rescue => e # rubocop:disable Style/RescueStandardError
+      error_response = {
+        success: false,
+        errors: [{message: command_error_message(e), type: :runtime_error}]
+      }
+
+      Rails.logger.error e.message
+      Rails.logger.error Rails.backtrace_cleaner.clean(e.backtrace).join("\n")
+
+      ApiMaker::Configuration.current.report_error(
+        command: command,
+        controller: controller,
+        error: e,
+        response: error_response
+      )
+
+      command.error(error_response)
+    end
+  end
+
+  def execute_service_or_fail(service_class, *args, &blk)
+    response = service_class.execute(*args, &blk)
+
+    if response.success?
+      succeed!(success: true)
+    else
+      fail_command_from_service_error_response(response)
+    end
+  end
+
+  def fail_command_from_service_error_response(response)
+    fail!(errors: serialize_service_errors(response.errors))
+  end
+
+  def failure_response(errors:)
+    fail!(
+      model: serialized_model(model),
+      success: false,
+      errors: errors
+    )
+  end
+
+  def failure_save_response(additional_attributes: [], model:, params:, simple_model_errors: false)
+    raise "Cannot receive additional attributes unless simple model errors" if !additional_attributes.empty? && !simple_model_errors
+
+    error_messages = if simple_model_errors
+      ApiMaker::SimpleModelErrors.execute!(additional_attributes: additional_attributes, model: model)
+    else
+      model.errors.full_messages
+    end
+
+    fail!(
+      error_type: :validation_error,
+      errors: error_messages.map { |error_message| {message: error_message, type: :validation_error} },
+      model: serialized_model(model),
+      success: false,
+      validation_errors: ApiMaker::ValidationErrorsGeneratorService.execute!(model: model, params: params)
+    )
+  end
+
+  def model_class
+    @model_class ||= collection.klass
+  end
+
+  def save_models_or_fail(*models, simple_model_errors: false)
+    response = ApiMaker::Models::Save.execute(models: models, simple_model_errors: simple_model_errors)
+
+    if response.success?
+      succeed!(success: true)
+      true
+    else
+      fail!(errors: response.error_messages.map { |error| {message: error, type: :validation_error} })
+    end
+  end
+
+  def serialize_service_errors(errors)
+    errors.map do |error|
+      {
+        message: error.message,
+        type: error.type
+      }
+    end
+  end
+
+  def fail!(*args, &blk)
+    if args.is_a?(Hash) && args.key?(:errors)
+      error_messages = args.fetch(:errors).map do |error|
+        if error.is_a?(Hash) && error.key?(:message)
+          error.fetch(:message)
+        else
+          error
+        end
+      end
+    else
+      error_messages = ["Command failed"]
+    end
+
+    error = ApiMaker::CommandFailedError.new(error_messages)
+    error.api_maker_args = args
+    error.api_maker_block = blk
+
+    raise error
+  end
+
+  def succeed!(*args, &blk)
+    command.result(*args, &blk)
+  end
+
+  def inspect
+    "#<#{self.class.name}:#{__id__}>"
+  end
+
+private
+
+  def serialized_model(model)
+    collection_serializer = ApiMaker::CollectionSerializer.new(
+      ability: current_ability,
+      api_maker_args: api_maker_args,
+      collection: [model],
+      model_class: model.class,
+      query_params: args&.dig(:query_params)
+    )
+    collection_serializer.result
+  end
+
+  def serialized_resource(model)
+    ApiMaker::Serializer.new(ability: current_ability, api_maker_args: api_maker_args, model: model)
+  end
+end