RubyGems - hightop - Versions diffs - 0.2.1 → 0.3.0 - Mend

hightop 0.2.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7bfda8167d2141d8bd0be9678f1f285fe8417d0deecac5a04cee44f50efcf876
-  data.tar.gz: 0414c92e5702679fc169dbecb03d754e79461968e97a39cd2cca15d94ec4daa3
+  metadata.gz: ee918ba56e73e37d1c623e99f4bf2971f1f99a82a369582eaf78144951dab192
+  data.tar.gz: c626b6953aae5d3e43e00291b5fba24d8326d133f5aba945ab58f59f4defcb65
 SHA512:
-  metadata.gz: baad6fa1e6f4f404fd2f33448a971412ea9bf50257f5dd69531e341aa0a3afb69c816ac3191a9988ed8f30b19cce2c1d0837fb077e78fe589a7975b0283ec6d7
-  data.tar.gz: a66db10388aff6057d63f9ae977a700c0065d222a52dd04df0e7ea4bbd87f5ee51a145ff875aea5b9042dbbbaff2a10543f612519b3c65ec525852728aef5f82
+  metadata.gz: e82a5854442ce691bc664cf6bb32aa1db21ec5e527fbc4c2ff9ddca49c8b278b8edc454cb0178ddc147ab47db324b091a65840783c9912a3051c16185bf45be3
+  data.tar.gz: '0978f96d0c782e7e6cb9221c11ea01f1ec55ebc1e287fec595416b587f64d30dbe8dcda0859a18d81445ea5900b21c3acf1838cb9c29592bfa76a192f7bd76d2'

data/CHANGELOG.md CHANGED Viewed

@@ -1,45 +1,66 @@
-## 0.2.1
+## 0.3.0 (2021-08-12)
+- Raise `ActiveRecord::UnknownAttributeReference` for non-attribute arguments
+- Raise `ArgumentError` for too many arguments with enumerable
+- Removed `uniq` option (use `distinct` instead)
+- Dropped support for Active Record < 5.2 and Ruby < 2.6
+## 0.2.4 (2020-09-07)
+- Added warning for non-attribute argument
+- Added deprecation warning for `uniq`
+## 0.2.3 (2020-06-18)
+- Dropped support for Active Record 4.2 and Ruby 2.3
+- Fixed deprecation warning in Ruby 2.7
+## 0.2.2 (2019-08-12)
+- Added support for Mongoid
+## 0.2.1 (2019-08-04)
 - Added support for arrays and hashes
-## 0.2.0
+## 0.2.0 (2017-03-19)
 - Use keyword arguments
-## 0.1.4
+## 0.1.4 (2016-02-04)
 - Added `distinct` option to replace `uniq`
-## 0.1.3
+## 0.1.3 (2015-06-18)
 - Fixed `min` option with `uniq`
-## 0.1.2
+## 0.1.2 (2014-11-05)
 - Added `min` option
-## 0.1.1
+## 0.1.1 (2014-07-02)
 - Added `uniq` option
 - Fixed `Model.limit(n).top`
-## 0.1.0
+## 0.1.0 (2014-06-11)
 - No changes, just bump
-## 0.0.4
+## 0.0.4 (2014-06-11)
 - Added support for multiple groups
 - Added `nil` option
-## 0.0.3
+## 0.0.3 (2014-06-11)
 - Fixed escaping
-## 0.0.2
+## 0.0.2 (2014-05-29)
 - Added `limit` parameter
-## 0.0.1
+## 0.0.1 (2014-05-11)
 - First release

data/LICENSE.txt CHANGED Viewed

@@ -1,4 +1,4 @@
-Copyright (c) 2014-2019 Andrew Kane
+Copyright (c) 2014-2021 Andrew Kane
 MIT License

data/README.md CHANGED Viewed

@@ -4,23 +4,16 @@ A nice shortcut for group count queries
 ```ruby
 Visit.top(:browser)
+# {
+#   "Chrome"  => 63,
+#   "Safari"  => 50,
+#   "Firefox" => 34
+# }
 ```
-instead of
+Works with Active Record, Mongoid, arrays and hashes
-```ruby
-Visit.group(:browser).where("browser IS NOT NULL").order("count_all DESC, browser").count
-```
-Be sure to [sanitize user input](https://rails-sqli.org/) like you must with `group`
-Also works with arrays and hashes
-```ruby
-["up", "up", "down"].top(1)
-```
-[![Build Status](https://travis-ci.org/ankane/hightop.svg)](https://travis-ci.org/ankane/hightop)
+[![Build Status](https://github.com/ankane/hightop/workflows/build/badge.svg?branch=master)](https://github.com/ankane/hightop/actions)
 ## Installation
@@ -100,6 +93,18 @@ Min count
 ["up", "up", "down"].top(min: 2)
 ```
+## Upgrading
+### 0.3.0
+Hightop 0.3.0 protects against unsafe input by default. For non-attribute arguments, use:
+```ruby
+Visit.top(Arel.sql(known_safe_value))
+```
+Also, the `uniq` option has been removed. Use `distinct` instead.
 ## History
 View the [changelog](https://github.com/ankane/hightop/blob/master/CHANGELOG.md)
@@ -112,3 +117,12 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
 - Fix bugs and [submit pull requests](https://github.com/ankane/hightop/pulls)
 - Write, clarify, or fix documentation
 - Suggest or add new features
+To get started with development:
+```sh
+git clone https://github.com/ankane/hightop.git
+cd hightop
+bundle install
+bundle exec rake test
+```

data/lib/hightop.rb CHANGED Viewed

@@ -3,9 +3,15 @@ require "active_support"
 # modules
 require "hightop/enumerable"
-require "hightop/kicks"
 require "hightop/version"
 ActiveSupport.on_load(:active_record) do
+  require "hightop/utils"
+  require "hightop/kicks"
   extend Hightop::Kicks
 end
+ActiveSupport.on_load(:mongoid) do
+  require "hightop/mongoid"
+  Mongoid::Document::ClassMethods.include(Hightop::Mongoid)
+end

data/lib/hightop/enumerable.rb CHANGED Viewed

@@ -1,12 +1,9 @@
 module Enumerable
-  def top(*args, &block)
-    if block || !respond_to?(:scoping)
-      limit, options, _ = args
-      if limit.is_a?(Hash) && args.size == 1
-        options = limit
-        limit = nil
-      end
-      options ||= {}
+  def top(*args, **options, &block)
+    if block || !(respond_to?(:scoping) || respond_to?(:with_scope))
+      raise ArgumentError, "wrong number of arguments (given 2, expected 0..1)" if args.size > 1
+      limit = args[0]
       min = options[:min]
       counts = Hash.new(0)
@@ -19,8 +16,10 @@ module Enumerable
       arr = counts.sort_by { |_, v| -v }
       arr = arr[0...limit] if limit
       Hash[arr]
+    elsif respond_to?(:scoping)
+      scoping { @klass.send(:top, *args, **options, &block) }
     else
-      scoping { @klass.send(:top, *args, &block) }
+      with_scope(self) { klass.send(:top, *args, **options, &block) }
     end
   end
 end

data/lib/hightop/kicks.rb CHANGED Viewed

@@ -1,22 +1,31 @@
 module Hightop
   module Kicks
-    def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
-      distinct ||= uniq
-      order_str = column.is_a?(Array) ? column.map(&:to_s).join(", ") : column
-      relation = group(column).order(["count_#{distinct || 'all'} DESC", order_str])
+    def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
+      columns = column.is_a?(Array) ? column : [column]
+      columns = columns.map { |c| Utils.validate_column(c) }
+      distinct = Utils.validate_column(distinct) if distinct
+      relation = group(*columns).order("1 DESC", *columns)
       if limit
         relation = relation.limit(limit)
       end
       # terribly named option
       unless binding.local_variable_get(:nil)
-        (column.is_a?(Array) ? column : [column]).each do |c|
+        columns.each do |c|
+          c = Utils.resolve_column(self, c)
           relation = relation.where("#{c} IS NOT NULL")
         end
       end
       if min
-        relation = relation.having("COUNT(#{distinct ? "DISTINCT #{distinct}" : '*'}) >= #{min.to_i}")
+        if distinct
+          d = Utils.resolve_column(self, distinct)
+          relation = relation.having("COUNT(DISTINCT #{d}) >= #{min.to_i}")
+        else
+          relation = relation.having("COUNT(*) >= #{min.to_i}")
+        end
       end
       if distinct

data/lib/hightop/mongoid.rb ADDED Viewed

@@ -0,0 +1,52 @@
+module Hightop
+  module Mongoid
+    # super helpful article
+    # https://maximomussini.com/posts/mongoid-aggregation-dsl/
+    def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
+      columns = column.is_a?(Array) ? column : [column]
+      relation = all
+      # terribly named option
+      unless binding.local_variable_get(:nil)
+        columns.each do |c|
+          relation = relation.and(c.ne => nil)
+        end
+      end
+      ids = {}
+      columns.each_with_index do |c, i|
+        ids["c#{i}"] = "$#{c}"
+      end
+      if distinct
+        # group with distinct column first, then group without it
+        # https://stackoverflow.com/questions/24761266/select-group-by-count-and-distinct-count-in-same-mongodb-query/24770233#24770233
+        distinct_ids = ids.merge("c#{ids.size}" => "$#{distinct}")
+        relation = relation.group(_id: distinct_ids, count: {"$sum" => 1})
+        ids.each_key do |k|
+          ids[k] = "$_id.#{k}"
+        end
+      end
+      relation = relation.group(_id: ids, count: {"$sum" => 1})
+      if min
+        relation.pipeline.push("$match" => {"count" => {"$gte" => min}})
+      end
+      relation = relation.desc(:count)
+      if limit
+        relation = relation.limit(limit)
+      end
+      result = {}
+      collection.aggregate(relation.pipeline).each do |doc|
+        key = doc["_id"].values
+        key = key[0] if key.size == 1
+        result[key] = doc["count"]
+      end
+      result
+    end
+  end
+end

data/lib/hightop/utils.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module Hightop
+  module Utils
+    class << self
+      # basic version of Active Record disallow_raw_sql!
+      # symbol = column (safe), Arel node = SQL (safe), other = untrusted
+      # matches table.column and column
+      def validate_column(column)
+        unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral)
+          column = column.to_s
+          unless /\A\w+(\.\w+)?\z/i.match(column)
+            raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values."
+          end
+        end
+        column
+      end
+      # resolves eagerly
+      def resolve_column(relation, column)
+        node = relation.send(:relation).send(:arel_columns, [column]).first
+        node = Arel::Nodes::SqlLiteral.new(node) if node.is_a?(String)
+        relation.connection.visitor.accept(node, Arel::Collectors::SQLString.new).value
+      end
+    end
+  end
+end

data/lib/hightop/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Hightop
-  VERSION = "0.2.1"
+  VERSION = "0.3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hightop
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Andrew Kane
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-08-05 00:00:00.000000000 Z
+date: 2021-08-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,72 +16,16 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '4.2'
-- !ruby/object:Gem::Dependency
-  name: bundler
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: rake
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-- !ruby/object:Gem::Dependency
-  name: minitest
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '5'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-description:
-email: andrew@chartkick.com
+        version: '5.2'
+description:
+email: andrew@ankane.org
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -92,12 +36,14 @@ files:
 - lib/hightop.rb
 - lib/hightop/enumerable.rb
 - lib/hightop/kicks.rb
+- lib/hightop/mongoid.rb
+- lib/hightop/utils.rb
 - lib/hightop/version.rb
 homepage: https://github.com/ankane/hightop
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -105,15 +51,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.6'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.4
-signing_key:
+rubygems_version: 3.2.22
+signing_key:
 specification_version: 4
 summary: A nice shortcut for group count queries
 test_files: []