hightop 0.2.4 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (11) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +12 -0
  3. data/LICENSE.txt +1 -1
  4. data/README.md +15 -16
  5. data/lib/hightop/enumerable.rb +2 -1
  6. data/lib/hightop/kicks.rb +3 -6
  7. data/lib/hightop/mongoid.rb +1 -5
  8. data/lib/hightop/utils.rb +6 -2
  9. data/lib/hightop/version.rb +1 -1
  10. data/lib/hightop.rb +5 -5
  11. metadata +11 -67
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e986b06b74104ea5fb99fe92abdb061eab4cc225ba9fa4f34216eadcd704e556
4
- data.tar.gz: 5ca8954b8ce39c1212e0bc0b651e22450ff26b17795665b561cc7e4bbb134067
3
+ metadata.gz: f5cecd8f175eb80cd97c4aa38d38113de436b2c437bd60d97a72585b994fea97
4
+ data.tar.gz: 16272ba486c5ecafd05e26b211ba373f0446173bbc26a32d2644b4d069d1ea79
5
5
  SHA512:
6
- metadata.gz: e9d93d7b9edcce9dcfb6f3b7912ef3252454731bcc68d45cc9ff391df854a6fe49e5d7ca269780e55e98cf1481a17ef3472427de69694d6098cfdcacf9e61c7d
7
- data.tar.gz: cd86dfd59b77d39482d06d0a6e9f59869ca15eaab6eef6e5cc62f754ad9d3addd781e21749a192a181385620b2508b520ee22da1f2c397566ac82159778a65d2
6
+ metadata.gz: 1c7b2abd51dc28b295fd7d039d1127e7d2a4e855f5204564c0f0bd54c1522b9d707429f56214a3a457e3c0d0e3bcfa6046122e53356fb4d24679935dfa0cb856
7
+ data.tar.gz: 4e33403bb495306b78ebe1d5ea97d15defd6e3952dcc97e346ad6e45a933795577cb4dde81fe01e1b73fa2c41da3cb3f6735972638b8b6011b019275ad9b5f36
data/CHANGELOG.md CHANGED
@@ -1,3 +1,15 @@
1
+ ## 0.4.0 (2023-07-02)
2
+
3
+ - Dropped support for Active Record < 6.1 and Ruby < 3
4
+ - Dropped support for Mongoid < 7
5
+
6
+ ## 0.3.0 (2021-08-12)
7
+
8
+ - Raise `ActiveRecord::UnknownAttributeReference` for non-attribute arguments
9
+ - Raise `ArgumentError` for too many arguments with arrays and hashes
10
+ - Removed `uniq` option (use `distinct` instead)
11
+ - Dropped support for Active Record < 5.2 and Ruby < 2.6
12
+
1
13
  ## 0.2.4 (2020-09-07)
2
14
 
3
15
  - Added warning for non-attribute argument
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2014-2020 Andrew Kane
1
+ Copyright (c) 2014-2023 Andrew Kane
2
2
 
3
3
  MIT License
4
4
 
data/README.md CHANGED
@@ -13,14 +13,14 @@ Visit.top(:browser)
13
13
 
14
14
  Works with Active Record, Mongoid, arrays and hashes
15
15
 
16
- [![Build Status](https://travis-ci.org/ankane/hightop.svg?branch=master)](https://travis-ci.org/ankane/hightop)
16
+ [![Build Status](https://github.com/ankane/hightop/workflows/build/badge.svg?branch=master)](https://github.com/ankane/hightop/actions)
17
17
 
18
18
  ## Installation
19
19
 
20
20
  Add this line to your application’s Gemfile:
21
21
 
22
22
  ```ruby
23
- gem 'hightop'
23
+ gem "hightop"
24
24
  ```
25
25
 
26
26
  ## Options
@@ -61,19 +61,6 @@ And min count
61
61
  Visit.top(:city, min: 10)
62
62
  ```
63
63
 
64
- ## User Input
65
-
66
- If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with `group`.
67
-
68
- ```ruby
69
- column = params[:column]
70
-
71
- # check against permitted columns
72
- raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
73
-
74
- User.top(column)
75
- ```
76
-
77
64
  ## Arrays and Hashes
78
65
 
79
66
  Arrays
@@ -106,6 +93,18 @@ Min count
106
93
  ["up", "up", "down"].top(min: 2)
107
94
  ```
108
95
 
96
+ ## Upgrading
97
+
98
+ ### 0.3.0
99
+
100
+ Hightop 0.3.0 protects against unsafe input by default. For non-attribute arguments, use:
101
+
102
+ ```ruby
103
+ Visit.top(Arel.sql(known_safe_value))
104
+ ```
105
+
106
+ Also, the `uniq` option has been removed. Use `distinct` instead.
107
+
109
108
  ## History
110
109
 
111
110
  View the [changelog](https://github.com/ankane/hightop/blob/master/CHANGELOG.md)
@@ -119,7 +118,7 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
119
118
  - Write, clarify, or fix documentation
120
119
  - Suggest or add new features
121
120
 
122
- To get started with development and testing:
121
+ To get started with development:
123
122
 
124
123
  ```sh
125
124
  git clone https://github.com/ankane/hightop.git
data/lib/hightop/enumerable.rb CHANGED
@@ -1,7 +1,8 @@
1
1
  module Enumerable
2
2
  def top(*args, **options, &block)
3
3
  if block || !(respond_to?(:scoping) || respond_to?(:with_scope))
4
- # TODO raise error if too many arguments
4
+ raise ArgumentError, "wrong number of arguments (given #{args.size}, expected 0..1)" if args.size > 1
5
+
5
6
  limit = args[0]
6
7
  min = options[:min]
7
8
 
data/lib/hightop/kicks.rb CHANGED
@@ -1,13 +1,10 @@
1
1
  module Hightop
2
2
  module Kicks
3
- def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
4
- warn "[hightop] uniq is deprecated. Use distinct instead" if uniq
5
-
3
+ def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
6
4
  columns = column.is_a?(Array) ? column : [column]
7
- columns.each { |c| Utils.validate_column(c) }
5
+ columns = columns.map { |c| Utils.validate_column(c) }
8
6
 
9
- distinct ||= uniq
10
- Utils.validate_column(distinct) if distinct
7
+ distinct = Utils.validate_column(distinct) if distinct
11
8
 
12
9
  relation = group(*columns).order("1 DESC", *columns)
13
10
  if limit
data/lib/hightop/mongoid.rb CHANGED
@@ -2,13 +2,9 @@ module Hightop
2
2
  module Mongoid
3
3
  # super helpful article
4
4
  # https://maximomussini.com/posts/mongoid-aggregation-dsl/
5
- def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
6
- warn "[hightop] uniq is deprecated. Use distinct instead" if uniq
7
-
5
+ def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
8
6
  columns = column.is_a?(Array) ? column : [column]
9
7
 
10
- distinct ||= uniq
11
-
12
8
  relation = all
13
9
 
14
10
  # terribly named option
data/lib/hightop/utils.rb CHANGED
@@ -5,9 +5,13 @@ module Hightop
5
5
  # symbol = column (safe), Arel node = SQL (safe), other = untrusted
6
6
  # matches table.column and column
7
7
  def validate_column(column)
8
- unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) || /\A\w+(\.\w+)?\z/i.match(column.to_s)
9
- warn "[hightop] Non-attribute argument: #{column}. Use Arel.sql() for known-safe values. This will raise an error in Hightop 0.3.0"
8
+ unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral)
9
+ column = column.to_s
10
+ unless /\A\w+(\.\w+)?\z/i.match(column)
11
+ raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values."
12
+ end
10
13
  end
14
+ column
11
15
  end
12
16
 
13
17
  # resolves eagerly
data/lib/hightop/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hightop
2
- VERSION = "0.2.4"
2
+ VERSION = "0.4.0"
3
3
  end
data/lib/hightop.rb CHANGED
@@ -2,16 +2,16 @@
2
2
  require "active_support"
3
3
 
4
4
  # modules
5
- require "hightop/enumerable"
6
- require "hightop/version"
5
+ require_relative "hightop/enumerable"
6
+ require_relative "hightop/version"
7
7
 
8
8
  ActiveSupport.on_load(:active_record) do
9
- require "hightop/utils"
10
- require "hightop/kicks"
9
+ require_relative "hightop/utils"
10
+ require_relative "hightop/kicks"
11
11
  extend Hightop::Kicks
12
12
  end
13
13
 
14
14
  ActiveSupport.on_load(:mongoid) do
15
- require "hightop/mongoid"
15
+ require_relative "hightop/mongoid"
16
16
  Mongoid::Document::ClassMethods.include(Hightop::Mongoid)
17
17
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hightop
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.4
4
+ version: 0.4.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-07 00:00:00.000000000 Z
11
+ date: 2023-07-02 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,72 +16,16 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '5'
19
+ version: '6.1'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '5'
27
- - !ruby/object:Gem::Dependency
28
- name: bundler
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: '0'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - ">="
39
- - !ruby/object:Gem::Version
40
- version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: rake
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- - !ruby/object:Gem::Dependency
56
- name: minitest
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: '5'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: '5'
69
- - !ruby/object:Gem::Dependency
70
- name: sqlite3
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- version: '0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - ">="
81
- - !ruby/object:Gem::Version
82
- version: '0'
83
- description:
84
- email: andrew@chartkick.com
26
+ version: '6.1'
27
+ description:
28
+ email: andrew@ankane.org
85
29
  executables: []
86
30
  extensions: []
87
31
  extra_rdoc_files: []
@@ -99,7 +43,7 @@ homepage: https://github.com/ankane/hightop
99
43
  licenses:
100
44
  - MIT
101
45
  metadata: {}
102
- post_install_message:
46
+ post_install_message:
103
47
  rdoc_options: []
104
48
  require_paths:
105
49
  - lib
@@ -107,15 +51,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
107
51
  requirements:
108
52
  - - ">="
109
53
  - !ruby/object:Gem::Version
110
- version: '2.4'
54
+ version: '3'
111
55
  required_rubygems_version: !ruby/object:Gem::Requirement
112
56
  requirements:
113
57
  - - ">="
114
58
  - !ruby/object:Gem::Version
115
59
  version: '0'
116
60
  requirements: []
117
- rubygems_version: 3.1.2
118
- signing_key:
61
+ rubygems_version: 3.4.10
62
+ signing_key:
119
63
  specification_version: 4
120
64
  summary: A nice shortcut for group count queries
121
65
  test_files: []