RubyGems - forest_liana - Versions diffs - 7.0.0.beta.3 → 7.0.0 - Mend

forest_liana 7.0.0.beta.3 → 7.0.0

Files changed (46) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3115af32c59b5bf0e32218f3d40cb661809d58316714654520bde1bfee235098
-  data.tar.gz: 850a6dbc96d8ff1e74ffe7970dc98ff2bd721d6b834087353052208722b55810
+  metadata.gz: 22a57de11c5ddee0b53cba1df6f74bebe5cb049534b7eabe58e8c77b5f7e8454
+  data.tar.gz: 3c26aeac71c9b1aab9e5fcd76434136e8a0779e88433f2522c1e39a18b44442c
 SHA512:
-  metadata.gz: ea018906c77a41db7a7dc1022cd6485e5f9a293763c1822a64706092f8be74d1046230198af6d0041277cb8f2b852115633b96f622f69a192dc99f911cd31178
-  data.tar.gz: cf12c7f0821b3e9232fe884e3d5c04470f6467d4a571ffc88ce2f6e36c9edac6704dcdd9a0c431dd222435bac1c31b512a5585bc9fb99f141e309e41f9ff8696
+  metadata.gz: ab71e9560ee8823ad87a3db7cb47ea142f020385dbe33b1679223b09f2190b98e30166864ac3765b58bbca1b8181036d5bd59dcfb616ef5b764a66d89f5d1138
+  data.tar.gz: 3d9c7dd145ec8616b85df2d7f11c27e65dc5311b5e4e3b03f427143f4a0a906f14cd1b797d840c4830147ace5866d2c5840afc377c36ebfd58412286ecc7e8dd

data/app/controllers/forest_liana/actions_controller.rb CHANGED Viewed

@@ -1,8 +1,13 @@
 module ForestLiana
-  class ActionsController < ForestLiana::BaseController
+  class ActionsController < ApplicationController
-    def values
-      render serializer: nil, json: {}, status: :ok
+    def get_smart_action_hook_request
+      begin
+        params[:data][:attributes]
+      rescue => error
+        FOREST_LOGGER.error "Smart Action hook request error: #{error}"
+        {}
+      end
     end
     def get_collection(collection_name)
@@ -12,19 +17,12 @@ module ForestLiana
     def get_action(collection_name)
       collection = get_collection(collection_name)
       begin
-         collection.actions.find {|action| ActiveSupport::Inflector.parameterize(action.name) == params[:action_name]}
+        collection.actions.find {|action| ActiveSupport::Inflector.parameterize(action.name) == params[:action_name]}
       rescue => error
         FOREST_LOGGER.error "Smart Action get action retrieval error: #{error}"
         nil
       end
     end
-    def get_record
-      model = ForestLiana::SchemaUtils.find_model_from_collection_name(params[:collectionName])
-      redord_getter = ForestLiana::ResourceGetter.new(model, {:id => params[:recordIds][0]})
-      redord_getter.perform
-      redord_getter.record
-    end
     def get_smart_action_load_ctx(fields)
       fields = fields.map do |field|
@@ -32,7 +30,7 @@ module ForestLiana
         field[:value] = nil unless field[:value]
         field
       end
-      {:record => get_record, :fields => fields}
+      {:fields => fields, :params => params}
     end
     def get_smart_action_change_ctx(fields, field_changed)
@@ -42,7 +40,7 @@ module ForestLiana
         ForestLiana::WidgetsHelper.set_field_widget(field)
         field
       end
-      {:record => get_record,  :field_changed => found_field_changed, :fields => fields}
+      {:field_changed => found_field_changed, :fields => fields, :params => params}
     end
     def handle_result(result, action)
@@ -87,7 +85,9 @@ module ForestLiana
     end
     def load
-      action = get_action(params[:collectionName])
+      load_request = get_smart_action_hook_request
+      action = get_action(load_request[:collection_name])
       if !action
         render status: 500, json: {error: 'Error in smart action load hook: cannot retrieve action from collection'}
@@ -103,18 +103,20 @@ module ForestLiana
     end
     def change
-      action = get_action(params[:collectionName])
+      change_request = get_smart_action_hook_request
+      action = get_action(change_request[:collection_name])
       if !action
         return render status: 500, json: {error: 'Error in smart action change hook: cannot retrieve action from collection'}
-      elsif params[:fields].nil?
+      elsif change_request[:fields].nil?
         return render status: 500, json: {error: 'Error in smart action change hook: fields params is mandatory'}
-      elsif !params[:fields].is_a?(Array)
+      elsif !change_request[:fields].is_a?(Array)
         return render status: 500, json: {error: 'Error in smart action change hook: fields params must be an array'}
       end
       # Get the smart action hook change context
-      context = get_smart_action_change_ctx(params[:fields], params[:changedField])
+      context = get_smart_action_change_ctx(change_request[:fields], change_request[:changed_field])
       field_changed_hook = context[:field_changed][:hook]

data/app/controllers/forest_liana/application_controller.rb CHANGED Viewed

@@ -86,15 +86,6 @@ module ForestLiana
       end
     end
-    def get_smart_action_context
-      begin
-        params[:data][:attributes].values[0].to_hash.symbolize_keys
-      rescue => error
-        FOREST_LOGGER.error "Smart Action context retrieval error: #{error}"
-        {}
-      end
-    end
     def internal_server_error
       head :internal_server_error
     end

data/app/controllers/forest_liana/associations_controller.rb CHANGED Viewed

@@ -10,7 +10,7 @@ module ForestLiana
     def index
       begin
-        getter = HasManyGetter.new(@resource, @association, params)
+        getter = HasManyGetter.new(@resource, @association, params, forest_user)
         getter.perform
         respond_to do |format|
@@ -25,7 +25,7 @@ module ForestLiana
     def count
       begin
-        getter = HasManyGetter.new(@resource, @association, params)
+        getter = HasManyGetter.new(@resource, @association, params, forest_user)
         getter.count
         render serializer: nil, json: { count: getter.records_count }

data/app/controllers/forest_liana/resources_controller.rb CHANGED Viewed

@@ -29,7 +29,7 @@ module ForestLiana
           return head :forbidden unless checker.is_authorized?
         end
-        getter = ForestLiana::ResourcesGetter.new(@resource, params)
+        getter = ForestLiana::ResourcesGetter.new(@resource, params, forest_user)
         getter.perform
         respond_to do |format|
@@ -63,7 +63,7 @@ module ForestLiana
         )
         return head :forbidden unless checker.is_authorized?
-        getter = ForestLiana::ResourcesGetter.new(@resource, params)
+        getter = ForestLiana::ResourcesGetter.new(@resource, params, forest_user)
         getter.count
         render serializer: nil, json: { count: getter.records_count }
@@ -89,10 +89,12 @@ module ForestLiana
         checker = ForestLiana::PermissionsChecker.new(@resource, 'readEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
-        getter = ForestLiana::ResourceGetter.new(@resource, params)
+        getter = ForestLiana::ResourceGetter.new(@resource, params, forest_user)
         getter.perform
         render serializer: nil, json: render_record_jsonapi(getter.record)
+      rescue ActiveRecord::RecordNotFound
+        render serializer: nil, json: { status: 404 }, status: :not_found
       rescue => error
         FOREST_LOGGER.error "Record Show error: #{error}\n#{format_stacktrace(error)}"
         internal_server_error
@@ -127,7 +129,7 @@ module ForestLiana
         checker = ForestLiana::PermissionsChecker.new(@resource, 'editEnabled', @rendering_id, user_id: forest_user['id'])
         return head :forbidden unless checker.is_authorized?
-        updater = ForestLiana::ResourceUpdater.new(@resource, params)
+        updater = ForestLiana::ResourceUpdater.new(@resource, params, forest_user)
         updater.perform
         if updater.errors
@@ -149,7 +151,14 @@ module ForestLiana
       checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
-      @resource.destroy(params[:id]) if @resource.exists?(params[:id])
+      collection_name = ForestLiana.name_for(@resource)
+      scoped_records = ForestLiana::ScopeManager.apply_scopes_on_records(@resource, forest_user, collection_name, params[:timezone])
+      unless scoped_records.exists?(params[:id])
+        return render serializer: nil, json: { status: 404 }, status: :not_found
+      end
+      scoped_records.destroy(params[:id])
       head :no_content
     rescue => error
@@ -161,7 +170,7 @@ module ForestLiana
       checker = ForestLiana::PermissionsChecker.new(@resource, 'deleteEnabled', @rendering_id, user_id: forest_user['id'])
       return head :forbidden unless checker.is_authorized?
-      ids = ForestLiana::ResourcesGetter.get_ids_from_request(params)
+      ids = ForestLiana::ResourcesGetter.get_ids_from_request(params, forest_user)
       @resource.destroy(ids) if ids&.any?
       head :no_content

data/app/controllers/forest_liana/scopes_controller.rb ADDED Viewed

@@ -0,0 +1,20 @@
+module ForestLiana
+  class ScopesController < ForestLiana::ApplicationController
+    def invalidate_scope_cache
+      begin
+        rendering_id = params[:renderingId]
+        unless rendering_id
+          FOREST_LOGGER.error 'Missing renderingId'
+          return render serializer: nil, json: { status: 400 }, status: :bad_request
+        end
+        ForestLiana::ScopeManager.invalidate_scope_cache(rendering_id)
+        return render serializer: nil, json: { status: 200 }, status: :ok
+      rescue => error
+        FOREST_LOGGER.error "Error during scope cache invalidation: #{error.message}"
+        render serializer: nil, json: {status: 500 }, status: :internal_server_error
+      end
+    end
+  end
+end

data/app/controllers/forest_liana/smart_actions_controller.rb CHANGED Viewed

@@ -1,9 +1,9 @@
 module ForestLiana
   class SmartActionsController < ForestLiana::ApplicationController
     if Rails::VERSION::MAJOR < 4
-      before_filter :check_permission_for_smart_route
+      before_filter :smart_action_pre_perform_checks
     else
-      before_action :check_permission_for_smart_route
+      before_action :smart_action_pre_perform_checks
     end
     private
@@ -17,6 +17,41 @@ module ForestLiana
       end
     end
+    def smart_action_pre_perform_checks
+      check_permission_for_smart_route
+      ensure_record_ids_in_scope
+    end
+    def ensure_record_ids_in_scope
+      begin
+        attributes = get_smart_action_request
+        # if performing a `selectAll` let the `get_ids_from_request` handle the scopes
+        return if attributes[:all_records]
+        resource = find_resource(attributes[:collection_name])
+        # user is using the composite_primary_keys gem
+        if resource.primary_key.kind_of?(Array)
+          # TODO: handle primary keys
+          return
+        end
+        filter = JSON.generate({ 'field' => resource.primary_key, 'operator' => 'in', 'value' => attributes[:ids] })
+        resources_getter = ForestLiana::ResourcesGetter.new(resource, { :filters => filter, :timezone => attributes[:timezone] }, forest_user)
+        # resources getter will return records inside the scope. if the length differs then ids are out of scope
+        return if resources_getter.count == attributes[:ids].length
+        # target records are out of scope
+        render serializer: nil, json: { error: 'Smart Action: target record not found' }, status: :bad_request
+      rescue => error
+        FOREST_LOGGER.error "Smart Action: #{error}\n#{format_stacktrace(error)}"
+        render serializer: nil, json: { error: 'Smart Action: failed to evaluate permissions' }, status: :internal_server_error
+      end
+    end
     def check_permission_for_smart_route
       begin
@@ -58,7 +93,8 @@ module ForestLiana
     # smart action permissions are retrieved from the action's endpoint and http_method
     def get_smart_action_request_info
       {
-        endpoint: request.fullpath,
+        # trim query params to get the endpoint
+        endpoint: request.fullpath.split('?').first,
         http_method: request.request_method
       }
     end

data/app/controllers/forest_liana/stats_controller.rb CHANGED Viewed

@@ -27,15 +27,15 @@ module ForestLiana
     def get
       case params[:type]
       when CHART_TYPE_VALUE
-        stat = ValueStatGetter.new(@resource, params)
+        stat = ValueStatGetter.new(@resource, params, forest_user)
       when CHART_TYPE_PIE
-        stat = PieStatGetter.new(@resource, params)
+        stat = PieStatGetter.new(@resource, params, forest_user)
       when CHART_TYPE_LINE
-        stat = LineStatGetter.new(@resource, params)
+        stat = LineStatGetter.new(@resource, params, forest_user)
       when CHART_TYPE_OBJECTIVE
-        stat = ObjectiveStatGetter.new(@resource, params)
+        stat = ObjectiveStatGetter.new(@resource, params, forest_user)
       when CHART_TYPE_LEADERBOARD
-        stat = LeaderboardStatGetter.new(@resource, params)
+        stat = LeaderboardStatGetter.new(@resource, params, forest_user)
       end
       stat.perform

data/app/services/forest_liana/filters_parser.rb CHANGED Viewed

@@ -109,13 +109,15 @@ module ForestLiana
       parsed_value = parse_value(operator, value)
       field_and_operator = "#{parsed_field} #{parsed_operator}"
+      # parenthesis around the parsed_value are required to make the `IN` operator work
+      # and have no side effects on other requests
       if Rails::VERSION::MAJOR < 5
-        "#{field_and_operator} #{ActiveRecord::Base.sanitize(parsed_value)}"
+        "#{field_and_operator} (#{ActiveRecord::Base.sanitize(parsed_value)})"
       # NOTICE: sanitize method as been removed in Rails 5.1 and sanitize_sql introduced in Rails 5.2.
       elsif Rails::VERSION::MAJOR == 5 && Rails::VERSION::MINOR == 1
-        "#{field_and_operator} #{ActiveRecord::Base.connection.quote(parsed_value)}"
+        "#{field_and_operator} (#{ActiveRecord::Base.connection.quote(parsed_value)})"
       else
-        ActiveRecord::Base.sanitize_sql(["#{field_and_operator} ?", parsed_value])
+        ActiveRecord::Base.sanitize_sql(["#{field_and_operator} (?)", parsed_value])
       end
     end
@@ -147,6 +149,8 @@ module ForestLiana
         'IS'
       when 'present'
         'IS NOT'
+      when 'in'
+        'IN'
       else
         raise_unknown_operator_error(operator)
       end
@@ -154,7 +158,7 @@ module ForestLiana
     def parse_value(operator, value)
       case operator
-      when 'not', 'greater_than', 'less_than', 'not_equal', 'equal', 'before', 'after'
+      when 'not', 'greater_than', 'less_than', 'not_equal', 'equal', 'before', 'after', 'in'
         value
       when 'contains', 'not_contains'
         "%#{value}%"

data/app/services/forest_liana/has_many_dissociator.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module ForestLiana
-  class HasManyDissociator
+  class HasManyDissociator < ForestLiana::ApplicationController
     def initialize(resource, association, params)
       @resource = resource
       @association = association
@@ -17,7 +17,7 @@ module ForestLiana
       if @data.is_a?(Array)
         record_ids = @data.map { |record| record[:id] }
       elsif @data.dig('attributes').present?
-        record_ids = ForestLiana::ResourcesGetter.get_ids_from_request(@params)
+        record_ids = ForestLiana::ResourcesGetter.get_ids_from_request(@params, forest_user)
       else
         record_ids = Array.new
       end

data/app/services/forest_liana/has_many_getter.rb CHANGED Viewed

@@ -4,7 +4,7 @@ module ForestLiana
     attr_reader :includes
     attr_reader :records_count
-    def initialize(resource, association, params)
+    def initialize(resource, association, params, forest_user)
       @resource = resource
       @association = association
       @params = params
@@ -13,7 +13,7 @@ module ForestLiana
       @collection = get_collection(@collection_name)
       compute_includes()
       includes_symbols = @includes.map { |include| include.to_sym }
-      @search_query_builder = SearchQueryBuilder.new(@params, includes_symbols, @collection)
+      @search_query_builder = SearchQueryBuilder.new(@params, includes_symbols, @collection, forest_user)
       prepare_query()
     end

data/app/services/forest_liana/leaderboard_stat_getter.rb CHANGED Viewed

@@ -1,20 +1,22 @@
 module ForestLiana
   class LeaderboardStatGetter < StatGetter
-    def initialize(resource, params)
-      @resource = resource
-      @params = params
-      @model_relationship =  @resource.reflect_on_association(@params[:relationship_field]).klass
-      compute_includes()
-      @label_field = @params[:label_field]
-      @aggregate = @params[:aggregate].downcase
-      @aggregate_field = @params[:aggregate_field]
-      @limit = @params[:limit]
-      @groub_by = "#{@resource.table_name}.#{@label_field}"
+    def initialize(parent_model, params, forest_user)
+      @scoped_parent_model = get_scoped_model(parent_model, forest_user, params[:timezone])
+      child_model = @scoped_parent_model.reflect_on_association(params[:relationship_field]).klass
+      @scoped_child_model = get_scoped_model(child_model, forest_user, params[:timezone])
+      @label_field = params[:label_field]
+      @aggregate = params[:aggregate].downcase
+      @aggregate_field = params[:aggregate_field]
+      @limit = params[:limit]
+      @groub_by = "#{@scoped_parent_model.table_name}.#{@label_field}"
     end
     def perform
-      result = @model_relationship
-        .joins(@includes)
+      includes = ForestLiana::QueryHelper.get_one_association_names_symbol(@scoped_child_model)
+      result = @scoped_child_model
+        .joins(includes)
+        .where({ @scoped_parent_model.name.downcase.to_sym => @scoped_parent_model })
         .group(@groub_by)
         .order(order)
         .limit(@limit)
@@ -24,8 +26,12 @@ module ForestLiana
       @record = Model::Stat.new(value: result)
     end
-    def compute_includes
-      @includes = ForestLiana::QueryHelper.get_one_association_names_symbol(@model_relationship)
+    def get_scoped_model(model, forest_user, timezone)
+      scope_filters = ForestLiana::ScopeManager.get_scope_for_user(forest_user, model.name, as_string: true)
+      return model.unscoped if scope_filters.blank?
+      FiltersParser.new(scope_filters, model, timezone).apply_filters
     end
     def order

data/app/services/forest_liana/line_stat_getter.rb CHANGED Viewed

@@ -25,8 +25,10 @@ module ForestLiana
     def perform
       value = get_resource().joins(@includes)
-      unless @params[:filters].blank?
-        value = FiltersParser.new(@params[:filters], value, @params[:timezone]).apply_filters
+      filters = ForestLiana::ScopeManager.append_scope_for_user(@params[:filters], @user, @resource.name)
+      unless filters.blank?
+        value = FiltersParser.new(filters, @resource, @params[:timezone]).apply_filters
       end
       Groupdate.week_start = :monday