forest_liana 5.1.3 → 5.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 403847f23770b011b6551b87228a5d1f12cff04d9fa96b2389137279517ee48c
-  data.tar.gz: 2900ede987dfbff932097a05f367e1247a37ac2a00be6e611f6ee14b730c15c2
+  metadata.gz: e035848d2e7346973187338d78579301dcf062b2b6192ba383cd1f50dcccf584
+  data.tar.gz: 5f8a3ecdea7a8f4643922c27626397bfa3d497c14302f77f377153a22f064b0f
 SHA512:
-  metadata.gz: c5ee8dd97d27c5c78f6b9146cf98f41d1dbc6f72c4e4e70d662fae4d4b1f3b6d45f4339f6a9f43d74d84d193fb9001bce8662f5f6c2846b5f49ccbdec7cc8a22
-  data.tar.gz: 423aea81ffed1126246a21ba1205a514d45b7fd5f924cd041be01f94b003099c1e6079af83660e6fd405f9d2e8481634677d772ac53eaf7ae793a15f5a4776aa
+  metadata.gz: a30b760625155ae65acf9c8d6941e1e8ddd408b98cd377fdd6f6385c943ceef74e72cf3318d1373f966f8eda48dd9c35c4198bdaeecba2c9c6ffd52f2285e465
+  data.tar.gz: 52b468bfea30b0c115c318ab60eefd2caf382c94df171ea53ec0e203d6869d823f0deb23b20f66939f2560a8611d55b2c6b64f1dcb0b5ffb3d461de3471db8a5

data/app/controllers/forest_liana/actions_controller.rb

@@ -1,7 +1,89 @@
 module ForestLiana
   class ActionsController < ForestLiana::BaseController
+
     def values
       render serializer: nil, json: {}, status: :ok
     end
+
+    def get_collection(collection_name)
+      ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
+    end
+
+    def get_action(collection_name)
+      collection = get_collection(collection_name)
+      begin
+         collection.actions.find {|action| ActiveSupport::Inflector.parameterize(action.name) == params[:action_name]}
+      rescue => error
+        FOREST_LOGGER.error "Smart Action get action retrieval error: #{error}"
+        nil
+      end
+    end
+    
+    def get_record
+      model = ForestLiana::SchemaUtils.find_model_from_collection_name(params[:collectionName])
+      redord_getter = ForestLiana::ResourceGetter.new(model, {:id => params[:recordIds][0]})
+      redord_getter.perform
+      redord_getter.record
+    end
+
+    def get_smart_action_load_ctx(fields)
+      fields = fields.reduce({}) {|p, c| p.update(c[:field] => c.merge!(value: nil))}
+      {:record => get_record, :fields => fields}
+    end
+
+    def get_smart_action_change_ctx(fields)
+      fields = fields.reduce({}) {|p, c| p.update(c[:field] => c.permit!.to_h)}
+      {:record => get_record, :fields => fields}
+    end
+
+    def handle_result(result, formatted_fields, action)
+      if result.nil? || !result.is_a?(Hash)
+        return render status: 500, json: { error: 'Error in smart action load hook: hook must return an object' }
+      end
+      is_same_data_structure = ForestLiana::IsSameDataStructureHelper::Analyser.new(formatted_fields, result, 1)
+      unless is_same_data_structure.perform
+        return render status: 500, json: { error: 'Error in smart action hook: fields must be unchanged (no addition nor deletion allowed)' }
+      end
+
+      # Apply result on fields (transform the object back to an array), preserve order.
+      fields = action.fields.map { |field| result[field[:field]] }
+
+      render serializer: nil, json: { fields: fields}, status: :ok
+    end
+
+    def load
+      action = get_action(params[:collectionName])
+
+      if !action
+        render status: 500, json: {error: 'Error in smart action load hook: cannot retrieve action from collection'}
+      else
+        # Transform fields from array to an object to ease usage in hook, adds null value.
+        context = get_smart_action_load_ctx(action.fields)
+        formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
+
+        # Call the user-defined load hook.
+        result = action.hooks[:load].(context)
+
+        handle_result(result, formatted_fields, action)
+      end
+    end
+
+    def change
+      action = get_action(params[:collectionName])
+
+      if !action
+        render status: 500, json: {error: 'Error in smart action change hook: cannot retrieve action from collection'}
+      else
+        # Transform fields from array to an object to ease usage in hook.
+        context = get_smart_action_change_ctx(params[:fields])
+        formatted_fields = context[:fields].clone # clone for following test on is_same_data_structure
+
+        # Call the user-defined change hook.
+        field_name = params[:fields].select { |field| field[:value] != field[:previousValue] }[0][:field]
+        result = action.hooks[:change][field_name].(context)
+
+        handle_result(result, formatted_fields, action)
+      end
+    end
   end
 end

data/app/controllers/forest_liana/resources_controller.rb

@@ -22,7 +22,13 @@ module ForestLiana
           checker = ForestLiana::PermissionsChecker.new(@resource, 'searchToEdit', @rendering_id)
           return head :forbidden unless checker.is_authorized?
         else
-          checker = ForestLiana::PermissionsChecker.new(@resource, 'list', @rendering_id)
+          checker = ForestLiana::PermissionsChecker.new(
+            @resource,
+            'list',
+            @rendering_id,
+            nil,
+            get_collection_list_permission_info(forest_user, request)
+          )
           return head :forbidden unless checker.is_authorized?
         end
 
@@ -51,7 +57,13 @@ module ForestLiana
 
     def count
       begin
-        checker = ForestLiana::PermissionsChecker.new(@resource, 'list', @rendering_id)
+        checker = ForestLiana::PermissionsChecker.new(
+          @resource,
+          'list',
+          @rendering_id,
+          nil,
+          get_collection_list_permission_info(forest_user, request)
+        )
         return head :forbidden unless checker.is_authorized?
 
         getter = ForestLiana::ResourcesGetter.new(@resource, params)
@@ -232,5 +244,15 @@ module ForestLiana
       collection_name = ForestLiana.name_for(@resource)
       @collection ||= ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
     end
+
+    # NOTICE: Return a formatted object containing the request condition filters and 
+    #         the user id used by the scope validator class to validate if scope is 
+    #         in request
+    def get_collection_list_permission_info(user, collection_list_request)
+      {
+        user_id: user['id'],
+        filters: collection_list_request[:filters],
+      }
+    end
   end
 end

data/app/helpers/forest_liana/is_same_data_structure_helper.rb

@@ -0,0 +1,44 @@
+require 'set'
+
+module ForestLiana
+  module IsSameDataStructureHelper
+    class Analyser
+      def initialize(object, other, deep = 0)
+        @object = object
+        @other = other
+        @deep = deep
+      end
+
+      def are_objects(object, other)
+        object && other && object.is_a?(Hash) && other.is_a?(Hash)
+      end
+
+      def check_keys(object, other, step = 0)
+        unless are_objects(object, other)
+          return false
+        end
+
+        object_keys = object.keys
+        other_keys = other.keys
+
+        if object_keys.length != other_keys.length
+          return false
+        end
+
+        object_keys_set = object_keys.to_set
+        other_keys.each { |key|
+          if !object_keys_set.member?(key) || (step + 1 <= @deep && !check_keys(object[key], other[key], step + 1))
+            return false
+          end
+        }
+
+        return true
+      end
+
+      def perform
+        check_keys(@object, @other)
+      end
+    end
+  end
+end
+

data/app/models/forest_liana/model/action.rb

@@ -5,7 +5,7 @@ class ForestLiana::Model::Action
   extend ActiveModel::Naming
 
   attr_accessor :id, :name, :base_url, :endpoint, :http_method, :fields, :redirect,
-    :type, :download
+    :type, :download, :hooks
 
   def initialize(attributes = {})
     if attributes.key?(:global)
@@ -66,6 +66,7 @@ class ForestLiana::Model::Action
     @base_url ||= nil
     @type ||= "bulk"
     @download ||= false
+    @hooks = !@hooks.nil? ? @hooks.symbolize_keys : nil
   end
 
   def persisted?

data/app/services/forest_liana/apimap_sorter.rb

@@ -39,6 +39,7 @@ module ForestLiana
       'redirect',
       'download',
       'fields',
+      'hooks',
     ]
     KEYS_ACTION_FIELD = [
       'field',

data/app/services/forest_liana/filters_parser.rb

@@ -81,11 +81,15 @@ module ForestLiana
       parsed_field = parse_field_name(field)
       parsed_operator = parse_operator(operator)
       parsed_value = parse_value(operator, value)
+      field_and_operator = "#{parsed_field} #{parsed_operator}"
 
-      if Rails::VERSION::MAJOR >= 5
-        ActiveRecord::Base.sanitize_sql(["#{parsed_field} #{parsed_operator} ?", parsed_value])
+      if Rails::VERSION::MAJOR < 5
+        "#{field_and_operator} #{ActiveRecord::Base.sanitize(parsed_value)}"
+      # NOTICE: sanitize method as been removed in Rails 5.1 and sanitize_sql introduced in Rails 5.2.
+      elsif Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR == 1
+        "#{field_and_operator} #{ActiveRecord::Base.connection.quote(parsed_value)}"
       else
-        "#{parsed_field} #{parsed_operator} #{ActiveRecord::Base.sanitize(parsed_value)}"
+        ActiveRecord::Base.sanitize_sql(["#{field_and_operator} ?", parsed_value])
       end
     end
 

data/app/services/forest_liana/permissions_checker.rb

@@ -3,11 +3,12 @@ module ForestLiana
     @@permissions_per_rendering = Hash.new
     @@expiration_in_seconds = (ENV['FOREST_PERMISSIONS_EXPIRATION_IN_SECONDS'] || 3600).to_i
 
-    def initialize(resource, permission_name, rendering_id, smart_action_parameters = nil)
+    def initialize(resource, permission_name, rendering_id, smart_action_parameters = nil, collection_list_parameters = nil)
       @collection_name = ForestLiana.name_for(resource)
       @permission_name = permission_name
       @rendering_id = rendering_id
       @smart_action_parameters = smart_action_parameters
+      @collection_list_parameters = collection_list_parameters
     end
 
     def is_authorized?
@@ -46,12 +47,23 @@ module ForestLiana
       return @allowed && (@users.nil?|| @users.include?(@user_id.to_i));
     end
 
+    def collection_list_allowed?(scope_permissions)
+      return ForestLiana::ScopeValidator.new(
+        scope_permissions['filter'],
+        scope_permissions['dynamicScopesValues']['users']
+      ).is_scope_in_request?(@collection_list_parameters)
+    end
+
     def is_allowed?
       permissions = get_permissions
       if permissions && permissions[@collection_name] &&
         permissions[@collection_name]['collection']
         if @permission_name === 'actions'
           return smart_action_allowed?(permissions[@collection_name]['actions'])
+        # NOTICE: Permissions[@collection_name]['scope'] will either contains conditions filter and
+        #         dynamic user values definition, or null for collection that does not use scopes
+        elsif @permission_name === 'list' and permissions[@collection_name]['scope']
+          return collection_list_allowed?(permissions[@collection_name]['scope'])
         else
           return permissions[@collection_name]['collection'][@permission_name]
         end

data/app/services/forest_liana/resources_getter.rb

@@ -12,11 +12,11 @@ module ForestLiana
       @collection = get_collection(@collection_name)
       @fields_to_serialize = get_fields_to_serialize
       @field_names_requested = field_names_requested
-      get_segment()
-      compute_includes()
+      get_segment
+      compute_includes
       @search_query_builder = SearchQueryBuilder.new(@params, @includes, @collection)
 
-      prepare_query()
+      prepare_query
     end
 
     def self.get_ids_from_request(params)

data/app/services/forest_liana/scope_validator.rb

@@ -0,0 +1,97 @@
+module ForestLiana
+  class ScopeValidator
+    def initialize(scope_permissions, users_variable_values)
+      @scope_filters = scope_permissions
+      @users_variable_values = users_variable_values
+    end
+
+    def is_scope_in_request?(scope_request)
+      begin
+        filters = JSON.parse(scope_request[:filters])
+      rescue JSON::ParserError
+        raise ForestLiana::Errors::HTTP422Error.new('Invalid filters JSON format')
+      end
+      @computed_scope = compute_condition_filters_from_scope(scope_request[:user_id])
+
+      # NOTICE: Perfom a travel in the request condition filters tree to find the scope
+      tagged_scope_filters = get_scope_found_in_request(filters)
+
+      # NOTICE: Permission system always send an aggregator even if there is only one condition
+      #         In that case, if the condition is valid, then request was not edited
+      return !tagged_scope_filters.nil? if @scope_filters['conditions'].length == 1
+
+      # NOTICE: If there is more than one condition, do a final validation on the condition filters
+      return tagged_scope_filters != nil &&
+        tagged_scope_filters[:aggregator] == @scope_filters['aggregator'] &&
+        tagged_scope_filters[:conditions] &&
+        tagged_scope_filters[:conditions].length == @scope_filters['conditions'].length
+    end
+
+    private
+
+    def compute_condition_filters_from_scope(user_id)
+      computed_condition_filters = @scope_filters.clone
+      computed_condition_filters['conditions'].each do |condition|
+        if condition.include?('value') && 
+          !condition['value'].nil? && 
+          condition['value'].start_with?('$') && 
+          @users_variable_values.include?(user_id)
+          condition['value'] = @users_variable_values[user_id][condition['value']]
+        end
+      end
+      return computed_condition_filters
+    end
+
+    def get_scope_found_in_request(filters)
+      return nil unless filters
+      return search_scope_aggregation(filters)
+    end
+
+    def search_scope_aggregation(node)
+      ensure_valid_aggregation(node)
+
+      return is_scope_condition?(node) unless node['aggregator']
+  
+      # NOTICE: Remove conditions that are not from the scope
+      filtered_conditions = node['conditions'].map { |condition| 
+        search_scope_aggregation(condition)
+      }.select { |condition|
+        condition
+      }
+
+      # NOTICE: If there is only one condition filter left and its current aggregator is
+      #         an "and", this condition filter is the searched scope
+      if (filtered_conditions.length == 1 && 
+        filtered_conditions.first.is_a?(Hash) &&
+        filtered_conditions.first.include?(:aggregator) &&
+        node['aggregator'] == 'and')
+        return filtered_conditions.first
+      end
+
+      # NOTICE: Otherwise, validate if the current node is the scope and return nil
+      #         if it's not
+      return (filtered_conditions.length == @scope_filters['conditions'].length && 
+        node['aggregator'] == @scope_filters['aggregator']) ?
+        { aggregator: node['aggregator'], conditions: filtered_conditions } :
+        nil
+    end
+
+    def is_scope_condition?(condition)
+      ensure_valid_condition(condition)
+      return @computed_scope['conditions'].include?(condition)
+    end
+
+    def ensure_valid_aggregation(node)
+      raise ForestLiana::Errors::HTTP422Error.new('Filters cannot be a raw value') unless node.is_a?(Hash)
+      raise_empty_condition_in_filter_error if node.empty?
+    end
+
+    def ensure_valid_condition(condition)
+      raise_empty_condition_in_filter_error if condition.empty?
+      raise ForestLiana::Errors::HTTP422Error.new('Condition cannot be a raw value') unless condition.is_a?(Hash)
+      unless condition['field'].is_a?(String) and condition['operator'].is_a?(String)
+        raise ForestLiana::Errors::HTTP422Error.new('Invalid condition format')
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -57,4 +57,6 @@ ForestLiana::Engine.routes.draw do
 
   # Smart Actions forms value
   post 'actions/:action_name/values' => 'actions#values'
+  post 'actions/:action_name/hooks/load' => 'actions#load'
+  post 'actions/:action_name/hooks/change' => 'actions#change'
 end

data/lib/forest_liana/bootstrapper.rb

@@ -38,6 +38,14 @@ module ForestLiana
 
     private
 
+    def get_collection(collection_name)
+      ForestLiana.apimap.find { |collection| collection.name.to_s == collection_name }
+    end
+
+    def get_action(collection, action_name)
+      collection.actions.find {|action| action.name == action_name}
+    end
+
     def generate_apimap
       create_apimap
       require_lib_forest_liana
@@ -45,6 +53,17 @@ module ForestLiana
 
       if Rails.env.development?
         @collections_sent = ForestLiana.apimap.as_json
+
+        @collections_sent.each do |collection|
+          collection['actions'].each do |action|
+            c = get_collection(collection['name'])
+            a = get_action(c, action['name'])
+            load = !a.hooks.nil? && a.hooks.key?(:load) && a.hooks[:load].is_a?(Proc)
+            change = !a.hooks.nil? && a.hooks.key?(:change) && a.hooks[:change].is_a?(Hash) ? a.hooks[:change].keys : []
+            action['hooks'] = {:load => load, :change => change}
+          end
+        end
+
         @meta_sent = ForestLiana.meta
         SchemaFileUpdater.new(SCHEMA_FILENAME, @collections_sent, @meta_sent).perform()
       else
@@ -175,7 +194,6 @@ module ForestLiana
     def setup_forest_liana_meta
       ForestLiana.meta = {
         database_type: database_type,
-        framework_version: Gem.loaded_specs["rails"].version.version,
         liana: 'forest-rails',
         liana_version: ForestLiana::VERSION,
         orm_version: Gem.loaded_specs["activerecord"].version.version

data/lib/forest_liana/schema_file_updater.rb

@@ -50,6 +50,7 @@ module ForestLiana
       'redirect',
       'download',
       'fields',
+      'hooks',
     ]
     KEYS_ACTION_FIELD = [
       'field',

data/lib/forest_liana/version.rb

@@ -1,3 +1,3 @@
 module ForestLiana
-  VERSION = "5.1.3"
+  VERSION = "5.3.0"
 end

data/spec/helpers/forest_liana/is_same_data_structure_helper_spec.rb

@@ -0,0 +1,87 @@
+module ForestLiana
+  context 'IsSameDataStructure class' do
+    it 'should: be valid with simple data' do
+      object = {:a => 'a', :b => 'b'}
+      other = {:a => 'a', :b => 'b'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be true
+    end
+
+    it 'should: be invalid with simple data' do
+      object = {:a => 'a', :b => 'b'}
+      other = {:a => 'a', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with not same hash' do
+      object = {:a => 'a', :b => 'b'}
+      other = {:a => 'a', :b => 'b', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with nil' do
+      object = nil
+      other = {:a => 'a', :b => 'b', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with not hash' do
+      object = nil
+      other = {:a => 'a', :b => 'b', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with integer' do
+      object = 1
+      other = {:a => 'a', :b => 'b', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with string' do
+      object = 'a'
+      other = {:a => 'a', :b => 'b', :c => 'c'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other).perform
+      expect(result).to be false
+    end
+
+    it 'should: be valid with depth 1' do
+      object = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      other = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      result = IsSameDataStructureHelper::Analyser.new(object, other, 1).perform
+      expect(result).to be true
+    end
+
+    it 'should: be invalid with depth 1' do
+      object = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      other = {:a => {:c => 'c'}, :b => {:e => 'e'}}
+      result = IsSameDataStructureHelper::Analyser.new(object, other, 1).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with depth 1 and nil' do
+      object = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      other = {:a => {:c => 'c'}, :b => nil}
+      result = IsSameDataStructureHelper::Analyser.new(object, other, 1).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with depth 1 and integer' do
+      object = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      other = {:a => {:c => 'c'}, :b => 1}
+      result = IsSameDataStructureHelper::Analyser.new(object, other, 1).perform
+      expect(result).to be false
+    end
+
+    it 'should: be invalid with depth 1 and string' do
+      object = {:a => {:c => 'c'}, :b => {:d => 'd'}}
+      other = {:a => {:c => 'c'}, :b => 'b'}
+      result = IsSameDataStructureHelper::Analyser.new(object, other, 1).perform
+      expect(result).to be false
+    end
+  end
+end

data/spec/requests/actions_controller_spec.rb

@@ -0,0 +1,136 @@
+require 'rails_helper'
+
+describe 'Requesting Actions routes', :type => :request  do
+  before(:each) do
+    allow(ForestLiana::IpWhitelist).to receive(:is_ip_whitelist_retrieved) { true }
+    allow(ForestLiana::IpWhitelist).to receive(:is_ip_valid) { true }
+    Island.create(name: 'Corsica')
+  end
+
+  after(:each) do
+    Island.destroy_all
+  end
+
+  describe 'call /values' do
+    it 'should respond 200' do
+      post '/forest/actions/foo/values', {}
+      expect(response.status).to eq(200)
+      expect(response.body).to be {}
+    end
+  end
+
+  describe 'hooks' do
+    foo = {
+        field: 'foo',
+        type: 'String',
+        default_value: nil,
+        enums: nil,
+        is_required: false,
+        reference: nil,
+        description: nil,
+        widget: nil,
+    }
+    action_definition = {
+        name: 'my_action',
+        fields: [foo],
+        hooks: {
+            :load => -> (context) {
+              context[:fields]
+            },
+            :change => {
+              'foo' => -> (context) {
+                fields = context[:fields]
+                fields['foo'][:value] = 'baz'
+                return fields
+              }
+            }
+        }
+    }
+    fail_action_definition = {
+        name: 'fail_action',
+        fields: [foo],
+        hooks: {
+            :load => -> (context) {
+              1
+            },
+            :change => {
+                'foo' => -> (context) {
+                  1
+                }
+            }
+        }
+    }
+    cheat_action_definition = {
+        name: 'cheat_action',
+        fields: [foo],
+        hooks: {
+            :load => -> (context) {
+              context[:fields]['baz'] = foo.clone.update({field: 'baz'})
+              context[:fields]
+            },
+            :change => {
+                'foo' => -> (context) {
+                  context[:fields]['baz'] = foo.clone.update({field: 'baz'})
+                  context[:fields]
+                }
+            }
+        }
+    }
+    action = ForestLiana::Model::Action.new(action_definition)
+    fail_action = ForestLiana::Model::Action.new(fail_action_definition)
+    cheat_action = ForestLiana::Model::Action.new(cheat_action_definition)
+    island = ForestLiana.apimap.find {|collection| collection.name.to_s == ForestLiana.name_for(Island)}
+    island.actions = [action, fail_action, cheat_action]
+
+    describe 'call /load' do
+      params = {recordIds: [1], collectionName: 'Island'}
+
+      it 'should respond 200' do
+        post '/forest/actions/my_action/hooks/load', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(200)
+        expect(JSON.parse(response.body)).to eq({'fields' => [foo.merge({:value => nil}).stringify_keys]})
+      end
+
+      it 'should respond 500 with bad params' do
+        post '/forest/actions/my_action/hooks/load', {}
+        expect(response.status).to eq(500)
+      end
+
+      it 'should respond 500 with bad hook result type' do
+        post '/forest/actions/fail_action/hooks/load', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(500)
+      end
+
+      it 'should respond 500 with bad hook result data structure' do
+        post '/forest/actions/cheat_action/hooks/load', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(500)
+      end
+    end
+
+    describe 'call /change' do
+      updated_foo = foo.clone.merge({:previousValue => nil, :value => 'bar'})
+      params = {recordIds: [1], fields: [updated_foo], collectionName: 'Island'}
+
+      it 'should respond 200' do
+        post '/forest/actions/my_action/hooks/change', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(200)
+        expect(JSON.parse(response.body)).to eq({'fields' => [updated_foo.merge({:value => 'baz'}).stringify_keys]})
+      end
+
+      it 'should respond 500 with bad params' do
+        post '/forest/actions/my_action/hooks/change', {}
+        expect(response.status).to eq(500)
+      end
+
+      it 'should respond 500 with bad hook result type' do
+        post '/forest/actions/fail_action/hooks/change', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(500)
+      end
+
+      it 'should respond 500 with bad hook result data structure' do
+        post '/forest/actions/cheat_action/hooks/change', JSON.dump(params), 'CONTENT_TYPE' => 'application/json'
+        expect(response.status).to eq(500)
+      end
+    end
+  end
+end

data/spec/services/forest_liana/apimap_sorter_spec.rb

@@ -75,7 +75,8 @@ module ForestLiana
                 type: 'File',
                 field: 'File'
               }],
-              http_method: nil
+              http_method: nil,
+              hooks: nil,
             }
           }, {
             attributes: {
@@ -95,7 +96,8 @@ module ForestLiana
               download: nil,
               endpoint: nil,
               redirect: nil,
-              'http_method': nil
+              'http_method': nil,
+              hooks: nil,
             }
           }]
         }
@@ -148,8 +150,8 @@ module ForestLiana
         end
 
         it 'should sort the included actions and segments objects attributes values' do
-          expect(apimap_sorted['included'][0]['attributes'].keys).to eq(['name', 'endpoint', 'http_method', 'redirect', 'download'])
-          expect(apimap_sorted['included'][1]['attributes'].keys).to eq(['name', 'http_method', 'fields'])
+          expect(apimap_sorted['included'][0]['attributes'].keys).to eq(['name', 'endpoint', 'http_method', 'redirect', 'download', 'hooks'])
+          expect(apimap_sorted['included'][1]['attributes'].keys).to eq(['name', 'http_method', 'fields', 'hooks'])
           expect(apimap_sorted['included'][2]['attributes'].keys).to eq(['name'])
           expect(apimap_sorted['included'][3]['attributes'].keys).to eq(['name'])
         end

data/spec/services/forest_liana/schema_adapter_spec.rb

@@ -9,7 +9,7 @@ module ForestLiana
 
           expect(collection.fields.map { |field| field[:field] }).to eq(
             ["id", "name", "created_at", "updated_at", "trees"]
-          );
+          )
         end
       end
     end

data/test/services/forest_liana/scope_validator_test.rb

@@ -0,0 +1,185 @@
+module ForestLiana
+  class ScopeValidatorTest < ActiveSupport::TestCase
+    test 'Request with aggregated condition filters should be allowed if it matches the scope exactly' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'name', 'value' => 'john', 'operator' => 'equal' },
+            { 'field' => 'price', 'value' => '2500', 'operator' => 'equal' }
+          ]
+        }, [])
+
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'and',
+          conditions: [
+            { field: 'name', value: 'john', operator: 'equal' },
+            { field: 'price', value: '2500', operator: 'equal' }              
+          ]
+        })
+      })
+      assert allowed == true
+    end
+
+    test 'Request with simple condition filter should be allowed if it matches the scope exactly' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'field', 'value' => 'value', 'operator' => 'equal' }
+          ]
+        }, [])
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          field: 'field', value: 'value', operator: 'equal'
+        })
+      })
+      assert allowed == true
+    end
+
+    test 'Request with multiples condition filters should be allowed if it contains the scope ' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'name', 'value' => 'doe', 'operator' => 'equal' }
+          ]
+        }, []
+        )
+        
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'and',
+          conditions: [
+            { field: 'name', value: 'doe', operator: 'equal' },
+            { field: 'field2', value: 'value2', operator: 'equal' }              
+          ]
+        })
+      })
+      assert allowed == true
+    end
+
+    test 'Request with dynamic user values should be allowed if it matches the scope exactly' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'name', 'value' => '$currentUser.lastname', 'operator' => 'equal' }
+          ],
+        }, {
+          '1' => { '$currentUser.lastname' => 'john' }
+        })
+
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          'field' => 'name', 'value' => 'john', 'operator' => 'equal'
+        })
+      })
+      assert allowed == true
+    end
+
+    test 'Request with multiples aggregation and dynamic values should be allowed if it contains the scope' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+        'aggregator' => 'or',
+        'conditions' => [
+            { 'field' => 'price', 'value' => '2500', 'operator' => 'equal' },
+            { 'field' => 'name', 'value' => '$currentUser.lastname', 'operator' => 'equal' }
+          ]
+        }, {
+          '1' => { '$currentUser.lastname' => 'john' }
+        })
+        
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'and',
+          conditions: [
+            { field: 'field', value: 'value', operator: 'equal' },
+            { 
+              aggregator: 'or',
+              conditions: [
+                { field: 'price', value: '2500', operator: 'equal' },
+                { field: 'name', value: 'john', operator: 'equal' }   
+              ]
+            }
+          ]
+        })
+      })
+      assert allowed == true
+    end
+
+    test 'Request that does not match the expect scope should not be allowed' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'name', 'value' => 'john', 'operator' => 'equal' },
+            { 'field' => 'price', 'value' => '2500', 'operator' => 'equal' }
+          ]
+        }, [])
+        
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'and',
+          conditions: [
+            { field: 'name', value: 'definitely_not_john', operator: 'equal' },
+            { field: 'price', value: '0', operator: 'equal' }              
+          ]
+        })
+      })
+      assert allowed == false
+    end
+
+    test 'Request that are missing part of the scope should not be allowed' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+          'aggregator' => 'and',
+          'conditions' => [
+            { 'field' => 'name', 'value' => 'john', 'operator' => 'equal' },
+            { 'field' => 'price', 'value' => '2500', 'operator' => 'equal' }
+          ]
+        }, [])
+        
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'and',
+          conditions: [
+            { field: 'name', value: 'john', operator: 'equal' },
+          ]
+        })
+      })
+      assert allowed == false
+    end
+
+    test 'Request that does not have a top aggregator being "and" should not be allowed' do
+      scope_validator = ForestLiana::ScopeValidator.new({
+        'aggregator' => 'and',
+        'conditions' => [
+            { 'field' => 'price', 'value' => '2500', 'operator' => 'equal' },
+            { 'field' => 'name', 'value' => '$currentUser.lastname', 'operator' => 'equal' }
+          ]
+        }, {
+          '1' => { '$currentUser.lastname' => 'john' }
+        })
+
+      allowed = scope_validator.is_scope_in_request?({
+        user_id: '1',
+        filters: JSON.generate({
+          aggregator: 'or',
+          conditions: [
+            { field: 'field', value: 'value', operator: 'equal' },
+            { 
+              aggregator: 'and',
+              conditions: [
+                { field: 'price', value: '2500', operator: 'equal' },
+                { field: 'name', value: 'john', operator: 'equal' }   
+              ]
+            }
+          ]
+        })
+      })
+      assert allowed == false
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: forest_liana
 version: !ruby/object:Gem::Version
-  version: 5.1.3
+  version: 5.3.0
 platform: ruby
 authors:
 - Sandro Munda
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-05-19 00:00:00.000000000 Z
+date: 2020-12-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -211,6 +211,7 @@ files:
 - app/helpers/forest_liana/adapter_helper.rb
 - app/helpers/forest_liana/application_helper.rb
 - app/helpers/forest_liana/decoration_helper.rb
+- app/helpers/forest_liana/is_same_data_structure_helper.rb
 - app/helpers/forest_liana/query_helper.rb
 - app/helpers/forest_liana/schema_helper.rb
 - app/models/forest_liana/model/action.rb
@@ -262,6 +263,7 @@ files:
 - app/services/forest_liana/resources_getter.rb
 - app/services/forest_liana/schema_adapter.rb
 - app/services/forest_liana/schema_utils.rb
+- app/services/forest_liana/scope_validator.rb
 - app/services/forest_liana/search_query_builder.rb
 - app/services/forest_liana/stat_getter.rb
 - app/services/forest_liana/stripe_base_getter.rb
@@ -335,9 +337,11 @@ files:
 - spec/dummy/db/migrate/20190716130830_add_age_to_tree.rb
 - spec/dummy/db/migrate/20190716135241_add_type_to_user.rb
 - spec/dummy/db/schema.rb
+- spec/helpers/forest_liana/is_same_data_structure_helper_spec.rb
 - spec/helpers/forest_liana/query_helper_spec.rb
 - spec/helpers/forest_liana/schema_helper_spec.rb
 - spec/rails_helper.rb
+- spec/requests/actions_controller_spec.rb
 - spec/requests/resources_spec.rb
 - spec/services/forest_liana/apimap_sorter_spec.rb
 - spec/services/forest_liana/filters_parser_spec.rb
@@ -432,6 +436,7 @@ files:
 - test/services/forest_liana/resource_updater_test.rb
 - test/services/forest_liana/resources_getter_test.rb
 - test/services/forest_liana/schema_adapter_test.rb
+- test/services/forest_liana/scope_validator_test.rb
 - test/services/forest_liana/value_stat_getter_test.rb
 - test/test_helper.rb
 homepage: https://github.com/ForestAdmin/forest-rails
@@ -453,8 +458,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.7
+rubygems_version: 3.0.8
 signing_key: 
 specification_version: 4
 summary: Official Rails Liana for Forest
@@ -469,6 +473,7 @@ test_files:
 - test/fixtures/has_many_field.yml
 - test/fixtures/string_field.yml
 - test/services/forest_liana/resources_getter_test.rb
+- test/services/forest_liana/scope_validator_test.rb
 - test/services/forest_liana/schema_adapter_test.rb
 - test/services/forest_liana/has_many_getter_test.rb
 - test/services/forest_liana/value_stat_getter_test.rb
@@ -554,6 +559,7 @@ test_files:
 - spec/services/forest_liana/apimap_sorter_spec.rb
 - spec/services/forest_liana/filters_parser_spec.rb
 - spec/spec_helper.rb
+- spec/requests/actions_controller_spec.rb
 - spec/requests/resources_spec.rb
 - spec/dummy/README.rdoc
 - spec/dummy/app/views/layouts/application.html.erb
@@ -596,5 +602,6 @@ test_files:
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/database.yml
 - spec/helpers/forest_liana/schema_helper_spec.rb
+- spec/helpers/forest_liana/is_same_data_structure_helper_spec.rb
 - spec/helpers/forest_liana/query_helper_spec.rb
 - spec/rails_helper.rb