RubyGems - haveapi - Versions diffs - 0.28.1 → 0.28.3 - Mend

haveapi 0.28.1 → 0.28.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

checksums.yaml +4 -4
data/haveapi.gemspec +1 -1
data/lib/haveapi/action.rb +64 -50
data/lib/haveapi/authentication/token/provider.rb +12 -0
data/lib/haveapi/authorization.rb +21 -0
data/lib/haveapi/context.rb +17 -2
data/lib/haveapi/example.rb +1 -0
data/lib/haveapi/extensions/exception_mailer.rb +6 -2
data/lib/haveapi/metadata.rb +1 -1
data/lib/haveapi/model_adapters/active_record.rb +9 -4
data/lib/haveapi/parameters/resource.rb +5 -4
data/lib/haveapi/parameters/typed.rb +34 -2
data/lib/haveapi/params.rb +16 -14
data/lib/haveapi/resources/action_state.rb +3 -3
data/lib/haveapi/server.rb +43 -8
data/lib/haveapi/spec/api_builder.rb +10 -0
data/lib/haveapi/spec/mock_action.rb +10 -9
data/lib/haveapi/spec/spec_methods.rb +4 -0
data/lib/haveapi/version.rb +1 -1
data/spec/action/runtime_spec.rb +271 -16
data/spec/action/validation_http_status_spec.rb +76 -0
data/spec/action_state_spec.rb +28 -5
data/spec/documentation/auth_filtering_spec.rb +14 -2
data/spec/model_adapters/active_record_spec.rb +167 -12
data/spec/parameters/typed_spec.rb +54 -0
data/spec/server/integration_spec.rb +1 -1
data/test_support/client_test_api.rb +46 -8
metadata +4 -3

data/spec/model_adapters/active_record_spec.rb CHANGED Viewed

@@ -47,10 +47,24 @@ module ARAdapterSpec
   class StringAccount < ActiveRecord::Base
     self.primary_key = 'uuid'
   end
+  class Dataset < ActiveRecord::Base
+    has_many :snapshots, class_name: 'ARAdapterSpec::Snapshot'
+  end
+  class Snapshot < ActiveRecord::Base
+    belongs_to :dataset, class_name: 'ARAdapterSpec::Dataset'
+  end
+  class SnapshotLink < ActiveRecord::Base
+    belongs_to :snapshot, class_name: 'ARAdapterSpec::Snapshot'
+  end
 end
 describe HaveAPI::ModelAdapters::ActiveRecord do
   api do
+    snapshot_resource = nil
     env_resource = define_resource(:Environment) do
       version 1
       auth false
@@ -79,7 +93,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          self.class.model.find(params['environment_id'])
+          self.class.model.find(path_params['environment_id'])
         end
       end
     end
@@ -113,12 +127,12 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def prepare
-          group = self.class.model.find(params[:group_id])
+          group = self.class.model.find(path_params['group_id'])
           error!('access denied') if group.note == 'PRIVATE_GROUP_NOTE'
         end
         def exec
-          self.class.model.find(params['group_id'])
+          self.class.model.find(path_params['group_id'])
         end
       end
     end
@@ -158,7 +172,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          self.class.model.find(params['filtered_group_id'])
+          self.class.model.find(path_params['filtered_group_id'])
         end
       end
     end
@@ -178,7 +192,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          with_includes(self.class.model.where(id: params['filtered_member_id'])).take!
+          with_includes(self.class.model.where(id: path_params['filtered_member_id'])).take!
         end
       end
     end
@@ -225,7 +239,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          id = params['user_id'].to_i
+          id = path_params['user_id'].to_i
           with_includes(self.class.model.where(id: id)).take!
         end
       end
@@ -244,7 +258,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          self.class.model.find(params['user_id'])
+          self.class.model.find(path_params['user_id'])
         end
       end
@@ -312,7 +326,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          self.class.model.find(params['hidden_account_id'])
+          self.class.model.find(path_params['hidden_account_id'])
         end
       end
     end
@@ -332,7 +346,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
         def exec
-          self.class.model.find(params['invoice_id'])
+          self.class.model.find(path_params['invoice_id'])
         end
       end
@@ -352,6 +366,95 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         end
       end
     end
+    define_resource(:Dataset) do
+      version 1
+      auth false
+      route 'datasets/{dataset_id}'
+      model ARAdapterSpec::Dataset
+      snapshot_resource = define_resource(:Snapshot) do
+        auth false
+        model ARAdapterSpec::Snapshot
+        define_action(:Index, superclass: HaveAPI::Actions::Default::Index) do
+          authorize { allow }
+          output(:object_list) do
+            integer :id
+            string :label
+          end
+          def exec
+            self.class.model.where(dataset_id: path_params['dataset_id']).order(id: :asc).to_a
+          end
+        end
+        define_action(:Show, superclass: HaveAPI::Actions::Default::Show) do
+          resolve ->(snapshot) { [snapshot.dataset_id, snapshot.id] }
+          authorize do |_u, params|
+            snapshot = ARAdapterSpec::Snapshot.find_by(id: params['snapshot_id'])
+            if snapshot && snapshot.dataset_id == params['dataset_id'].to_i
+              allow
+            else
+              deny
+            end
+          end
+          output(:object) do
+            integer :id
+            string :label
+          end
+          def prepare
+            snapshot = self.class.model.find(path_params['snapshot_id'])
+            error!('wrong dataset') if snapshot.dataset_id != path_params['dataset_id'].to_i
+          end
+          def exec
+            self.class.model.find(path_params['snapshot_id'])
+          end
+        end
+      end
+    end
+    define_resource(:SnapshotLink) do
+      version 1
+      auth false
+      model ARAdapterSpec::SnapshotLink
+      define_action(:Show, superclass: HaveAPI::Actions::Default::Show) do
+        authorize { allow }
+        output(:object) do
+          integer :id
+          string :label
+          resource snapshot_resource
+        end
+        def exec
+          id = path_params['snapshot_link_id']
+          with_includes(self.class.model.where(id:)).take!
+        end
+      end
+      define_action(:Update, superclass: HaveAPI::Actions::Default::Update) do
+        authorize { allow }
+        input(:hash) do
+          resource snapshot_resource
+        end
+        output(:hash) do
+          bool :assigned
+        end
+        def exec
+          { assigned: input[:snapshot].is_a?(ARAdapterSpec::Snapshot) }
+        end
+      end
+    end
   end
   default_version 1
@@ -396,6 +499,20 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
         t.string :uuid, primary_key: true
         t.string :label, null: false
       end
+      create_table :datasets do |t|
+        t.string :label, null: false
+      end
+      create_table :snapshots do |t|
+        t.integer :dataset_id, null: false
+        t.string :label, null: false
+      end
+      create_table :snapshot_links do |t|
+        t.integer :snapshot_id, null: false
+        t.string :label, null: false
+      end
     end
   end
@@ -406,6 +523,9 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
     ARAdapterSpec::Invoice.delete_all
     ARAdapterSpec::HiddenAccount.delete_all
     ARAdapterSpec::StringAccount.delete_all
+    ARAdapterSpec::SnapshotLink.delete_all
+    ARAdapterSpec::Snapshot.delete_all
+    ARAdapterSpec::Dataset.delete_all
   end
   let(:dummy_action) do
@@ -435,6 +555,14 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
     ARAdapterSpec::User.create!(defaults.merge(attrs))
   end
+  def create_snapshot_link
+    dataset = ARAdapterSpec::Dataset.create!(label: 'dataset')
+    snapshot = ARAdapterSpec::Snapshot.create!(dataset:, label: 'snapshot')
+    link = ARAdapterSpec::SnapshotLink.create!(snapshot:, label: 'link')
+    [dataset, snapshot, link]
+  end
   def action_class(resource, action)
     klass, = find_action(1, resource, action)
     klass
@@ -533,7 +661,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
     expect(group_data[:environment]).not_to have_key(:note)
   end
-  it 'passes symbol path params to associated show prepare when included' do
+  it 'passes path params to associated show prepare when included' do
     group = ARAdapterSpec::Group.create!(label: 'grp', note: 'GROUP_NOTE')
     user = create_user(name: 'user', group: group)
@@ -580,6 +708,33 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
     expect(env_data[:note]).to eq('ENV_NOTE')
   end
+  it 'uses full nested paths for associated show prepare' do
+    _dataset, snapshot, link = create_snapshot_link
+    get "/v1/snapshot_links/#{link.id}", { _meta: { includes: 'snapshot' } }, input: ''
+    expect(last_response.status).to eq(200)
+    expect(api_response).to be_ok
+    snapshot_data = api_response[:snapshot_link][:snapshot]
+    expect(snapshot_data[:_meta][:resolved]).to be(true)
+    expect(snapshot_data).to include(id: snapshot.id, label: 'snapshot')
+  end
+  it 'uses full nested paths when authorizing resource input records' do
+    _dataset, snapshot, link = create_snapshot_link
+    put "/v1/snapshot_links/#{link.id}", {
+      snapshot_link: {
+        snapshot: snapshot.id
+      }
+    }.to_json, 'CONTENT_TYPE' => 'application/json'
+    expect(last_response.status).to eq(200)
+    expect(api_response).to be_ok
+    expect(api_response[:snapshot_link]).to eq(assigned: true)
+  end
   it 'drops invalid nested include paths from requests' do
     group = ARAdapterSpec::Group.create!(label: 'grp', note: 'GRP_NOTE')
     user = create_user(name: 'user', group: group)
@@ -698,7 +853,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
       }
     }.to_json, 'CONTENT_TYPE' => 'application/json'
-    expect(last_response.status).to eq(400)
+    expect(last_response.status).to eq(200)
     expect(api_response).not_to be_ok
     expect(api_response.errors[:hidden_account]).to include('resource not found')
   end
@@ -799,7 +954,7 @@ describe HaveAPI::ModelAdapters::ActiveRecord do
   it 'rejects excessive pagination limits' do
     get '/v1/users', { user: { limit: HaveAPI::Actions::Paginable::MAX_LIMIT + 1 } }, input: ''
-    expect(last_response.status).to eq(400)
+    expect(last_response.status).to eq(200)
     expect(api_response).not_to be_ok
     expect(api_response.errors[:limit].first).to include(
       "range <0, #{HaveAPI::Actions::Paginable::MAX_LIMIT}>"

data/spec/parameters/typed_spec.rb CHANGED Viewed

@@ -193,6 +193,60 @@ describe 'Parameters::Typed' do
     expect(p.clean('value')).to be_nil
   end
+  it 'deep stringifies custom parameter keys by default' do
+    p = p_arg(type: Custom)
+    raw = {
+      rawId: 'credential-id',
+      response: {
+        clientDataJSON: 'client-data'
+      },
+      transports: [
+        { type: :usb }
+      ]
+    }
+    expect(p.clean(raw)).to eq({
+      'rawId' => 'credential-id',
+      'response' => {
+        'clientDataJSON' => 'client-data'
+      },
+      'transports' => [
+        { 'type' => :usb }
+      ]
+    })
+    expect(raw).to have_key(:rawId)
+  end
+  it 'deep symbolizes custom parameter keys when requested' do
+    p = p_arg(type: Custom, symbolize_keys: true)
+    expect(p.clean({
+      'rawId' => 'credential-id',
+      'response' => {
+        'clientDataJSON' => 'client-data'
+      },
+      'transports' => [
+        { 'type' => 'usb' }
+      ]
+    })).to eq({
+      rawId: 'credential-id',
+      response: {
+        clientDataJSON: 'client-data'
+      },
+      transports: [
+        { type: 'usb' }
+      ]
+    })
+  end
+  it 'passes normalized custom keys to custom cleaners' do
+    p = p_arg(type: Custom, clean: proc { |v| v.fetch('rawId') })
+    expect(p.clean({ rawId: 'credential-id' })).to eq('credential-id')
+    p = p_arg(type: Custom, symbolize_keys: true, clean: proc { |v| v.fetch(:rawId) })
+    expect(p.clean({ 'rawId' => 'credential-id' })).to eq('credential-id')
+  end
   it 'rejects invalid string encoding during coercion' do
     invalid = "\xff".b.force_encoding(Encoding::UTF_8)

data/spec/server/integration_spec.rb CHANGED Viewed

@@ -106,7 +106,7 @@ describe HaveAPI::Server do
         'CONTENT_TYPE' => 'application/x-www-form-urlencoded'
       }
-      expect(last_response.status).to eq(400)
+      expect(last_response.status).to eq(200)
       expect(api_response).not_to be_ok
       expect(ServerIntegrationSpec::State.writes).to be_empty
     end

data/test_support/client_test_api.rb CHANGED Viewed

@@ -268,6 +268,10 @@ module HaveAPI
           datetime :created_at
         end
+        params(:public) do
+          string :name
+        end
         define_action(:Index, superclass: HaveAPI::Actions::Default::Index) do
           extend DocFilter
@@ -292,7 +296,41 @@ module HaveAPI
           authorize { allow }
           def exec
-            project = HaveAPI::ClientTestAPI::Store.find_project(params[:project_id])
+            project = HaveAPI::ClientTestAPI::Store.find_project(path_params['project_id'])
+            error!('project not found', {}, http_status: 404) unless project
+            project
+          end
+        end
+        define_action(:PublicList, superclass: HaveAPI::Actions::Default::Index) do
+          extend DocFilter
+          route 'public/list'
+          aliases []
+          resolve { |obj| obj[:id] }
+          output(:object_list) { use :public }
+          authorize { allow }
+          def exec
+            HaveAPI::ClientTestAPI::Store.list_projects
+          end
+          def count
+            HaveAPI::ClientTestAPI::Store.count_projects
+          end
+        end
+        define_action(:PublicShow, superclass: HaveAPI::Actions::Default::Show) do
+          extend DocFilter
+          route 'public/{project_id}/show'
+          aliases []
+          resolve { |obj| obj[:id] }
+          output(:object) { use :public }
+          authorize { allow }
+          def exec
+            project = HaveAPI::ClientTestAPI::Store.find_project(path_params['project_id'])
             error!('project not found', {}, http_status: 404) unless project
             project
           end
@@ -333,11 +371,11 @@ module HaveAPI
             authorize { allow }
             def exec
-              HaveAPI::ClientTestAPI::Store.list_tasks(params[:project_id])
+              HaveAPI::ClientTestAPI::Store.list_tasks(path_params['project_id'])
             end
             def count
-              HaveAPI::ClientTestAPI::Store.list_tasks(params[:project_id]).size
+              HaveAPI::ClientTestAPI::Store.list_tasks(path_params['project_id']).size
             end
           end
@@ -349,7 +387,7 @@ module HaveAPI
             authorize { allow }
             def exec
-              task = HaveAPI::ClientTestAPI::Store.find_task(params[:project_id], params[:task_id])
+              task = HaveAPI::ClientTestAPI::Store.find_task(path_params['project_id'], path_params['task_id'])
               error!('task not found', {}, http_status: 404) unless task
               task
             end
@@ -368,7 +406,7 @@ module HaveAPI
             def exec
               HaveAPI::ClientTestAPI::Store.create_task(
-                params[:project_id],
+                path_params['project_id'],
                 input[:label],
                 input[:done]
               )
@@ -387,8 +425,8 @@ module HaveAPI
             def exec
               task = HaveAPI::ClientTestAPI::Store.update_task(
-                params[:project_id],
-                params[:task_id],
+                path_params['project_id'],
+                path_params['task_id'],
                 input[:done]
               )
               error!('task not found', {}, http_status: 404) unless task
@@ -406,7 +444,7 @@ module HaveAPI
             authorize { allow }
             def exec
-              task = HaveAPI::ClientTestAPI::Store.find_task(params[:project_id], params[:task_id])
+              task = HaveAPI::ClientTestAPI::Store.find_task(path_params['project_id'], path_params['task_id'])
               error!('task not found', {}, http_status: 404) unless task
               @state_id = HaveAPI::ClientTestAPI::ActionStateBackend.create_state(

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: haveapi
 version: !ruby/object:Gem::Version
-  version: 0.28.1
+  version: 0.28.3
 platform: ruby
 authors:
 - Jakub Skokan
@@ -29,14 +29,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.1
+        version: 0.28.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.1
+        version: 0.28.3
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
@@ -297,6 +297,7 @@ files:
 - spec/action/authorize_spec.rb
 - spec/action/dsl_spec.rb
 - spec/action/runtime_spec.rb
+- spec/action/validation_http_status_spec.rb
 - spec/action_state_spec.rb
 - spec/authentication/basic_spec.rb
 - spec/authentication/oauth2_spec.rb