fastapi 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f404875852a90f7b72255293e1ea77b775bebd50
-  data.tar.gz: 3c50ae17829b4838528e6bd199ddee967c241af4
+  metadata.gz: 4460407df7d3911b524f6dd308dbedbae42d0adc
+  data.tar.gz: bda3575a0b7923296a47a545983637f0dc8858a7
 SHA512:
-  metadata.gz: 0edb07fcd025e2663d52b2034dcb6167eec57c0820b915278232dc60a4822dd0bd1123e24528f4cd02795c38222fdc4133f562f31e75cddd0604f9bf9ece37f6
-  data.tar.gz: ecf66e27e516ea0847e795ef25e49e23666bd7acde5c4251245e11a630b95f6000af9e87447fab2a58b1d6bebbf35e8dcfb3e2e2ca68780bd8d61e3755c973b0
+  metadata.gz: 4f154e7c32f580077ab94fc229469c7b1d6e844733ccead5d6cd3e689b611953921243245be63ea62086e0345c3b44baeb9988922e050fcaba0cb23615e7fb89
+  data.tar.gz: 33b875319c13e7269fa914d5773c1c23c2ed73c03fe68841ebff7be90de58dc47e419e43ff3d73b7318c5cb931765d91dffa607618ec33fc60734d3fd43883e5

data/lib/fastapi.rb

@@ -65,6 +65,36 @@ class FastAPI
 
   end
 
+  # Create and execute an optimized SQL query based on specified filters.
+  #   Runs through mode fastapi_safe_fields list
+  #
+  # @param filters [Hash] a hash containing the intended filters
+  # @param meta [Hash] a hash containing custom metadata
+  # @return [FastAPI] the current instance
+  def safe_filter(filters = {}, meta = {})
+
+    result = fastapi_query(filters, true)
+
+    metadata = {}
+
+    meta.each do |key, value|
+      metadata[key] = value
+    end
+
+    metadata[:total] = result[:total]
+    metadata[:offset] = result[:offset]
+    metadata[:count] = result[:count]
+    metadata[:error] = result[:error]
+
+    @metadata = metadata
+    @data = result[:data]
+
+    @result_type = @@result_types[:multiple]
+
+    self
+
+  end
+
   # Create and execute an optimized SQL query based on specified object id.
   # Provides customized error response if not found.
   #
@@ -164,7 +194,7 @@ class FastAPI
 
   private
 
-    def fastapi_query(filters = {})
+    def fastapi_query(filters = {}, safe = false)
 
       offset = 0
       count = 500
@@ -180,7 +210,17 @@ class FastAPI
         filters.delete(:__count)
       end
 
-      prepared_data = api_generate_sql(filters, offset, count)
+      begin
+        prepared_data = api_generate_sql(filters, offset, count, safe)
+      rescue Exception => error
+        return {
+          data: [],
+          total: 0,
+          count: 0,
+          offset: offset,
+          error: error.message
+        }
+      end
 
       model_lookup = {}
       prepared_data[:models].each do |key, model|
@@ -221,7 +261,7 @@ class FastAPI
         row.each_with_index do |val, key_index|
 
           field = fields[key_index]
-          split_index = field.index('__')
+          split_index = field.rindex('__')
 
           if field[0..7] == '__many__'
 
@@ -432,14 +472,66 @@ class FastAPI
 
     end
 
-    def parse_filters(filters, model = nil)
+    def parse_filters(filters, safe = false, model = nil)
+
+      self_obj = model.nil? ? @model : model
+      self_string_table = model.nil? ? @model.to_s.tableize : '__' + model.to_s.tableize
+
+      # if we're at the top level...
+      if model.nil?
+
+        if safe
+          filters.each do |key, value|
+            found_index = key.to_s.rindex('__')
+            key_root = found_index.nil? ? key : key.to_s[0...found_index].to_sym
+            if not [:__order, :__offset, :__count].include? key and not self_obj.fastapi_fields_whitelist.include? key_root
+              raise 'Filter "' + key.to_s + '" not supported'
+            end
+          end
+        end
+
+        all_filters = {}
+
+        @model.fastapi_filters.each do |key, value|
+          if value.is_a? Hash
+            copy = {}
+            value.each do |key, value|
+              copy[key] = value
+            end
+            value = copy
+          end
+          all_filters[key] = value
+        end
+
+        filters.each do |field, value|
+          all_filters[field.to_sym] = value
+        end
+
+        filters = all_filters
+
+      end
 
       if not filters.has_key? :__order
         filters[:__order] = [:created_at, 'DESC']
       end
 
-      self_obj = model.nil? ? @model : model
-      self_string_table = model.nil? ? @model.to_s.tableize : '__' + model.to_s.tableize
+
+      filters.each do |key, value|
+        if [:__order, :__offset, :__count].include? key
+          next
+        end
+        found_index = key.to_s.rindex('__')
+        key_root = found_index.nil? ? key : key.to_s[0...found_index].to_sym
+        if not self_obj.column_names.include? key_root.to_s
+          if not model.nil? or (
+            not @model.reflect_on_all_associations(:has_many).map(&:name).include? key_root and
+            not @model.reflect_on_all_associations(:belongs_to).map(&:name).include? key_root
+          )
+            raise 'Filter "' + key.to_s + '" not supported'
+          end
+        end
+      end
+
 
       filter_array = []
       filter_has_many = {}
@@ -482,12 +574,12 @@ class FastAPI
 
             field = key.to_s
 
-            if field.index('__').nil?
+            if field.rindex('__').nil?
               comparator = 'is'
             else
 
-              comparator = field[(field.index('__') + 2)..-1]
-              field = field[0...field.index('__')]
+              comparator = field[(field.rindex('__') + 2)..-1]
+              field = field[0...field.rindex('__')]
 
               if not @@api_comparator_list.include? comparator
                 next # skip dis bro
@@ -497,7 +589,7 @@ class FastAPI
 
             if model.nil? and self_obj.reflect_on_all_associations(:has_many).map(&:name).include? key
 
-              filter_result = parse_filters(value, field.singularize.classify.constantize)
+              filter_result = parse_filters(value, safe, field.singularize.classify.constantize)
               # logger.info filter_result
               filter_has_many[key] = filter_result[:main]
               order_has_many[key] = filter_result[:main_order]
@@ -559,26 +651,9 @@ class FastAPI
 
     end
 
-    def api_generate_sql(filters, offset, count)
-
-      api_filters = {}
-
-      @model.fastapi_filters.each do |key, value|
-        if value.is_a? Hash
-          copy = {}
-          value.each do |key, value|
-            copy[key] = value
-          end
-          value = copy
-        end
-        api_filters[key] = value
-      end
-
-      filters.each do |field, value|
-        api_filters[field.to_sym] = value
-      end
+    def api_generate_sql(filters, offset, count, safe = false)
 
-      filters = parse_filters(api_filters)
+      filters = parse_filters(filters, safe)
 
       fields = []
       belongs = []

data/lib/fastapi/active_record_extension.rb

@@ -22,6 +22,14 @@ module FastAPIExtension
       @fastapi_fields_sub = fields
     end
 
+    # Set safe fields for FastAPIInstance.safe_filter
+    #
+    # @param fields [Array] a list of fields in the form of symbols
+    # @return [Array] the same array of fields
+    def fastapi_safe_fields(fields)
+      @fastapi_fields_whitelist = fields
+    end
+
     # Used to set any default filters for the top level fastapi response
     #
     # @param filters [Hash] a hash containing the intended filters
@@ -38,6 +46,10 @@ module FastAPIExtension
       @fastapi_fields_sub or [:id]
     end
 
+    def fastapi_fields_whitelist
+      @fastapi_fields_whitelist or @fastapi_fields or [:id]
+    end
+
     def fastapi_filters
       @fastapi_filters or {}
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fastapi
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Keith Horwood
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-07-21 00:00:00.000000000 Z
+date: 2014-07-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: oj
@@ -65,7 +65,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="