hightop 0.2.4 → 0.3.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/LICENSE.txt +1 -1
  4. data/README.md +14 -15
  5. data/lib/hightop/enumerable.rb +2 -1
  6. data/lib/hightop/kicks.rb +3 -6
  7. data/lib/hightop/mongoid.rb +1 -5
  8. data/lib/hightop/utils.rb +6 -2
  9. data/lib/hightop/version.rb +1 -1
  10. metadata +11 -67
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e986b06b74104ea5fb99fe92abdb061eab4cc225ba9fa4f34216eadcd704e556
4
- data.tar.gz: 5ca8954b8ce39c1212e0bc0b651e22450ff26b17795665b561cc7e4bbb134067
3
+ metadata.gz: ee918ba56e73e37d1c623e99f4bf2971f1f99a82a369582eaf78144951dab192
4
+ data.tar.gz: c626b6953aae5d3e43e00291b5fba24d8326d133f5aba945ab58f59f4defcb65
5
5
  SHA512:
6
- metadata.gz: e9d93d7b9edcce9dcfb6f3b7912ef3252454731bcc68d45cc9ff391df854a6fe49e5d7ca269780e55e98cf1481a17ef3472427de69694d6098cfdcacf9e61c7d
7
- data.tar.gz: cd86dfd59b77d39482d06d0a6e9f59869ca15eaab6eef6e5cc62f754ad9d3addd781e21749a192a181385620b2508b520ee22da1f2c397566ac82159778a65d2
6
+ metadata.gz: e82a5854442ce691bc664cf6bb32aa1db21ec5e527fbc4c2ff9ddca49c8b278b8edc454cb0178ddc147ab47db324b091a65840783c9912a3051c16185bf45be3
7
+ data.tar.gz: '0978f96d0c782e7e6cb9221c11ea01f1ec55ebc1e287fec595416b587f64d30dbe8dcda0859a18d81445ea5900b21c3acf1838cb9c29592bfa76a192f7bd76d2'
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 0.3.0 (2021-08-12)
2
+
3
+ - Raise `ActiveRecord::UnknownAttributeReference` for non-attribute arguments
4
+ - Raise `ArgumentError` for too many arguments with enumerable
5
+ - Removed `uniq` option (use `distinct` instead)
6
+ - Dropped support for Active Record < 5.2 and Ruby < 2.6
7
+
1
8
  ## 0.2.4 (2020-09-07)
2
9
 
3
10
  - Added warning for non-attribute argument
data/LICENSE.txt CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2014-2020 Andrew Kane
1
+ Copyright (c) 2014-2021 Andrew Kane
2
2
 
3
3
  MIT License
4
4
 
data/README.md CHANGED
@@ -13,7 +13,7 @@ Visit.top(:browser)
13
13
 
14
14
  Works with Active Record, Mongoid, arrays and hashes
15
15
 
16
- [![Build Status](https://travis-ci.org/ankane/hightop.svg?branch=master)](https://travis-ci.org/ankane/hightop)
16
+ [![Build Status](https://github.com/ankane/hightop/workflows/build/badge.svg?branch=master)](https://github.com/ankane/hightop/actions)
17
17
 
18
18
  ## Installation
19
19
 
@@ -61,19 +61,6 @@ And min count
61
61
  Visit.top(:city, min: 10)
62
62
  ```
63
63
 
64
- ## User Input
65
-
66
- If passing user input as the column, be sure to sanitize it first [like you must](https://rails-sqli.org/) with `group`.
67
-
68
- ```ruby
69
- column = params[:column]
70
-
71
- # check against permitted columns
72
- raise "Unpermitted column" unless ["column_a", "column_b"].include?(column)
73
-
74
- User.top(column)
75
- ```
76
-
77
64
  ## Arrays and Hashes
78
65
 
79
66
  Arrays
@@ -106,6 +93,18 @@ Min count
106
93
  ["up", "up", "down"].top(min: 2)
107
94
  ```
108
95
 
96
+ ## Upgrading
97
+
98
+ ### 0.3.0
99
+
100
+ Hightop 0.3.0 protects against unsafe input by default. For non-attribute arguments, use:
101
+
102
+ ```ruby
103
+ Visit.top(Arel.sql(known_safe_value))
104
+ ```
105
+
106
+ Also, the `uniq` option has been removed. Use `distinct` instead.
107
+
109
108
  ## History
110
109
 
111
110
  View the [changelog](https://github.com/ankane/hightop/blob/master/CHANGELOG.md)
@@ -119,7 +118,7 @@ Everyone is encouraged to help improve this project. Here are a few ways you can
119
118
  - Write, clarify, or fix documentation
120
119
  - Suggest or add new features
121
120
 
122
- To get started with development and testing:
121
+ To get started with development:
123
122
 
124
123
  ```sh
125
124
  git clone https://github.com/ankane/hightop.git
data/lib/hightop/enumerable.rb CHANGED
@@ -1,7 +1,8 @@
1
1
  module Enumerable
2
2
  def top(*args, **options, &block)
3
3
  if block || !(respond_to?(:scoping) || respond_to?(:with_scope))
4
- # TODO raise error if too many arguments
4
+ raise ArgumentError, "wrong number of arguments (given 2, expected 0..1)" if args.size > 1
5
+
5
6
  limit = args[0]
6
7
  min = options[:min]
7
8
 
data/lib/hightop/kicks.rb CHANGED
@@ -1,13 +1,10 @@
1
1
  module Hightop
2
2
  module Kicks
3
- def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
4
- warn "[hightop] uniq is deprecated. Use distinct instead" if uniq
5
-
3
+ def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
6
4
  columns = column.is_a?(Array) ? column : [column]
7
- columns.each { |c| Utils.validate_column(c) }
5
+ columns = columns.map { |c| Utils.validate_column(c) }
8
6
 
9
- distinct ||= uniq
10
- Utils.validate_column(distinct) if distinct
7
+ distinct = Utils.validate_column(distinct) if distinct
11
8
 
12
9
  relation = group(*columns).order("1 DESC", *columns)
13
10
  if limit
data/lib/hightop/mongoid.rb CHANGED
@@ -2,13 +2,9 @@ module Hightop
2
2
  module Mongoid
3
3
  # super helpful article
4
4
  # https://maximomussini.com/posts/mongoid-aggregation-dsl/
5
- def top(column, limit = nil, distinct: nil, uniq: nil, min: nil, nil: nil)
6
- warn "[hightop] uniq is deprecated. Use distinct instead" if uniq
7
-
5
+ def top(column, limit = nil, distinct: nil, min: nil, nil: nil)
8
6
  columns = column.is_a?(Array) ? column : [column]
9
7
 
10
- distinct ||= uniq
11
-
12
8
  relation = all
13
9
 
14
10
  # terribly named option
data/lib/hightop/utils.rb CHANGED
@@ -5,9 +5,13 @@ module Hightop
5
5
  # symbol = column (safe), Arel node = SQL (safe), other = untrusted
6
6
  # matches table.column and column
7
7
  def validate_column(column)
8
- unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral) || /\A\w+(\.\w+)?\z/i.match(column.to_s)
9
- warn "[hightop] Non-attribute argument: #{column}. Use Arel.sql() for known-safe values. This will raise an error in Hightop 0.3.0"
8
+ unless column.is_a?(Symbol) || column.is_a?(Arel::Nodes::SqlLiteral)
9
+ column = column.to_s
10
+ unless /\A\w+(\.\w+)?\z/i.match(column)
11
+ raise ActiveRecord::UnknownAttributeReference, "Query method called with non-attribute argument(s): #{column.inspect}. Use Arel.sql() for known-safe values."
12
+ end
10
13
  end
14
+ column
11
15
  end
12
16
 
13
17
  # resolves eagerly
data/lib/hightop/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Hightop
2
- VERSION = "0.2.4"
2
+ VERSION = "0.3.0"
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: hightop
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.4
4
+ version: 0.3.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andrew Kane
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-09-07 00:00:00.000000000 Z
11
+ date: 2021-08-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -16,72 +16,16 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '5'
19
+ version: '5.2'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '5'
27
- - !ruby/object:Gem::Dependency
28
- name: bundler
29
- requirement: !ruby/object:Gem::Requirement
30
- requirements:
31
- - - ">="
32
- - !ruby/object:Gem::Version
33
- version: '0'
34
- type: :development
35
- prerelease: false
36
- version_requirements: !ruby/object:Gem::Requirement
37
- requirements:
38
- - - ">="
39
- - !ruby/object:Gem::Version
40
- version: '0'
41
- - !ruby/object:Gem::Dependency
42
- name: rake
43
- requirement: !ruby/object:Gem::Requirement
44
- requirements:
45
- - - ">="
46
- - !ruby/object:Gem::Version
47
- version: '0'
48
- type: :development
49
- prerelease: false
50
- version_requirements: !ruby/object:Gem::Requirement
51
- requirements:
52
- - - ">="
53
- - !ruby/object:Gem::Version
54
- version: '0'
55
- - !ruby/object:Gem::Dependency
56
- name: minitest
57
- requirement: !ruby/object:Gem::Requirement
58
- requirements:
59
- - - ">="
60
- - !ruby/object:Gem::Version
61
- version: '5'
62
- type: :development
63
- prerelease: false
64
- version_requirements: !ruby/object:Gem::Requirement
65
- requirements:
66
- - - ">="
67
- - !ruby/object:Gem::Version
68
- version: '5'
69
- - !ruby/object:Gem::Dependency
70
- name: sqlite3
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- version: '0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - ">="
81
- - !ruby/object:Gem::Version
82
- version: '0'
83
- description:
84
- email: andrew@chartkick.com
26
+ version: '5.2'
27
+ description:
28
+ email: andrew@ankane.org
85
29
  executables: []
86
30
  extensions: []
87
31
  extra_rdoc_files: []
@@ -99,7 +43,7 @@ homepage: https://github.com/ankane/hightop
99
43
  licenses:
100
44
  - MIT
101
45
  metadata: {}
102
- post_install_message:
46
+ post_install_message:
103
47
  rdoc_options: []
104
48
  require_paths:
105
49
  - lib
@@ -107,15 +51,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
107
51
  requirements:
108
52
  - - ">="
109
53
  - !ruby/object:Gem::Version
110
- version: '2.4'
54
+ version: '2.6'
111
55
  required_rubygems_version: !ruby/object:Gem::Requirement
112
56
  requirements:
113
57
  - - ">="
114
58
  - !ruby/object:Gem::Version
115
59
  version: '0'
116
60
  requirements: []
117
- rubygems_version: 3.1.2
118
- signing_key:
61
+ rubygems_version: 3.2.22
62
+ signing_key:
119
63
  specification_version: 4
120
64
  summary: A nice shortcut for group count queries
121
65
  test_files: []