introspective_grape 0.5.0 → 0.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d15f31a850811633ad737c414309293b36b8cacb15508468e5155a5b6aec2bed
-  data.tar.gz: 17b3a773228928342af7c692f2ac62352cd1bcdda2695351cae9cf56c449fc82
+  metadata.gz: 9e942af5ab00cc32f0611bfe27ec28ad6dbeb3d5b6f20d847dae3f1dd66cd5d2
+  data.tar.gz: 489588ff1f420618c18566e111933dab186cdc6d16493ec8a3f17cfad8ece9d6
 SHA512:
-  metadata.gz: acf6d1def5d4df6c3438e67d1743c6dfe86a00b44044ce8b709e7800bca20096180084a0bb994b77535c4a956997df25c4dde8349f63b7831d17fe494e900c04
-  data.tar.gz: 509de38fd9a074d493caf0389bdb10d8bfad3fe4a145e3f1c2a9ff30b33d2efc2fbfa466f6e743d081fa678035f05214b8c71f6305562f34a65faac530f1c96b
+  metadata.gz: 783bdfd1b17ba6709e2d86146d27e427579051e71de65fb76bebfe4f77ca445093fd03176f6adacf6749accf918ceb9a0a0fbb205ef06329da18535962ad98bd
+  data.tar.gz: 60bbbbf652648b841091fa37b6494b87a87fe6b72732b0d1f0540ad5b52ec258684b4ccd19bcee99f285b608a73a08f75975e0c6777900774b23d1b1d724e2d5

data/.github/workflows/security.yml

@@ -0,0 +1,32 @@
+name: security
+on: push
+jobs:
+  security:
+    name: Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6.2
+      - name: Cache Ruby Gems
+        uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+      - name: Bundle Install
+        run: |
+          gem install bundler
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: Security Checks
+        run: |
+          bundle exec brakeman -z
+          gem install bundle-audit
+          bundle-audit update
+          bundle-audit
+

data/.ruby-version

@@ -1 +1 @@
-2.5.0
+2.7.3

data/CHANGELOG.md

@@ -1,3 +1,25 @@
+
+0.5.5 02/24/2022
+================
+
+Update the local ruby in the gem to 2.7.3 to clear security warning cruft.
+
+Sanitize some sql.
+
+Target the still-supported 'kt-paperclip' in the gemspec (many pardons while we're planning the switch over to activestorage support).
+
+Fix bug from looking for the ActiveRecord columns_hash on non-ActiveRecord objects.
+
+0.5.2 02/07/2022
+================
+
+Lock down compatible Grape version to 1.6.0, as the next version has breaking changes for classes inheriting from Grape::Validator::Base.
+
+0.5.1 02/07/2022
+================
+
+Removed stray require of 'byebug'.
+
 0.5.0 10/20/2021
 ================
 

data/README.md

@@ -305,8 +305,7 @@ myself, but would be trivial to make more atomistic.
 ## Documenting Endpoints
 
 If you wish to provide additional documentation for end points you can define
-`self.<index,show,update,create,destroy>_documentation` class methods in the API class (or extend them
-from a documentation module, which would be preferable).
+`self.<index,show,update,create,destroy>_documentation(name)` class methods in the API class (or extend them from a documentation module, which would be preferable).
 
 ## Grape Hooks - The Precedence of Declaration Matters
 

data/introspective_grape.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'schema_validations'
   s.add_runtime_dependency 'rack'
 
-  s.add_runtime_dependency 'grape'
+  s.add_runtime_dependency 'grape', '1.6.0'
   s.add_runtime_dependency 'dry-types'
   s.add_runtime_dependency 'grape-entity'
   s.add_runtime_dependency 'grape-swagger'
@@ -57,7 +57,7 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'machinist_redux'
 
   # dummy app dependencies
-  s.add_development_dependency 'paperclip'
+  s.add_development_dependency 'kt-paperclip'
   s.add_development_dependency 'rufus-mnemo'
   s.add_development_dependency 'devise'
 end

data/lib/introspective_grape/api.rb

@@ -1,6 +1,6 @@
 require 'action_controller'
 require 'kaminari'
-require 'byebug'
+#require 'byebug'
 require 'grape-kaminari'
 require 'introspective_grape/validators'
 
@@ -403,12 +403,12 @@ module IntrospectiveGrape
       def param_type(model, field)
         # Translate from the AR type to the GrapeParam types
         field   = field.to_s
-        db_type = (model&.columns_hash || {})[field]&.type
+        db_type = (model&.try(:columns_hash) || {})[field]&.type
 
         # Check if it's a file attachment, look for an override class from the model,
         # check PG2RUBY, use the database type, or fail over to a String:
         uploaded_file?(model, field)           ||
-          check_model_for_type(model, field)    ||
+          check_model_for_type(model, field)   ||
           PG2RUBY[db_type]                     ||
           db_type_constant(db_type)            ||
           String # default to String if nothing else works

data/lib/introspective_grape/filters.rb

@@ -91,7 +91,7 @@ module IntrospectiveGrape
 
       if timestamp_filter(klass, model, field)
         op      = field.ends_with?('_start') ? '>=' : '<='
-        records.where("#{timestamp_filter(klass, model, field)} #{op} ?", Time.zone.parse(params[field]))
+        records.where(ActiveRecord::Base.sanitize_sql_array(["#{timestamp_filter(klass, model, field)} #{op} ?", Time.zone.parse(params[field])]))
       elsif model.respond_to?("#{field}=")
         records.send("#{field}=", params[field])
       else

data/lib/introspective_grape/traversal.rb

@@ -1,56 +1,56 @@
-module IntrospectiveGrape
-  module Traversal
-    # For deeply nested endpoints we want to present the record being affected, these
-    # methods traverse down from the parent instance to the child model associations
-    # of the deeply nested route.
-
-    def find_leaves(routes, record, params)
-      # Traverse down our route and find the leaf's siblings from its parent, e.g.
-      # project/#/teams/#/team_users ~> project.find.teams.find.team_users
-      # (the traversal of the intermediate nodes occurs in find_leaf())
-      return record if routes.size < 2 # the leaf is the root
-
-      record = find_leaf(routes, record, params) || return
-
-      assoc  = routes.last
-      if assoc.many?
-        leaves = record.send( assoc.reflection.name ).includes( default_includes(assoc.model) )
-        verify_records_found(leaves, routes)
-        leaves
-      else
-        # has_one associations don't return a CollectionProxy and so don't support
-        # eager loading.
-        record.send( assoc.reflection.name )
-      end
-    end
-
-    def verify_records_found(leaves, routes)
-      return if (leaves.map(&:class) - [routes.last.model]).empty?
-
-      raise ActiveRecord::RecordNotFound.new("Records contain the wrong models, they should all be #{routes.last.model.name}, found #{records.map(&:class).map(&:name).join(',')}")
-    end
-
-    def find_leaf(routes, record, params)
-      return record unless routes.size > 1
-
-      # For deeply nested routes we need to search from the root of the API to the leaf
-      # of its nested associations in order to guarantee the validity of the relationship,
-      # the authorization on the parent model, and the sanity of passed parameters.
-      routes[1..-1].each do |r|
-        if record && params[r.key]
-          ref    = r.reflection
-          record = record.send(ref.name).where( id: params[r.key] ).first if ref
-        end
-      end
-
-      verify_record_found(routes, params, record)
-      record
-    end
-
-    def verify_record_found(routes, params, record)
-      return unless params[routes.last.key] && record.class != routes.last.model
-
-      raise ActiveRecord::RecordNotFound.new("No #{routes.last.model.name} with ID '#{params[routes.last.key]}'")
-    end
-  end
-end
+module IntrospectiveGrape
+  module Traversal
+    # For deeply nested endpoints we want to present the record being affected, these
+    # methods traverse down from the parent instance to the child model associations
+    # of the deeply nested route.
+
+    def find_leaves(routes, record, params)
+      # Traverse down our route and find the leaf's siblings from its parent, e.g.
+      # project/#/teams/#/team_users ~> project.find.teams.find.team_users
+      # (the traversal of the intermediate nodes occurs in find_leaf())
+      return record if routes.size < 2 # the leaf is the root
+
+      record = find_leaf(routes, record, params) || return
+
+      assoc  = routes.last
+      if assoc.many?
+        leaves = record.send( assoc.reflection.name ).includes( default_includes(assoc.model) )
+        verify_records_found(leaves, routes)
+        leaves
+      else
+        # has_one associations don't return a CollectionProxy and so don't support
+        # eager loading.
+        record.send( assoc.reflection.name )
+      end
+    end
+
+    def verify_records_found(leaves, routes)
+      return if (leaves.map(&:class) - [routes.last.model]).empty?
+
+      raise ActiveRecord::RecordNotFound.new("Records contain the wrong models, they should all be #{routes.last.model.name}, found #{records.map(&:class).map(&:name).join(',')}")
+    end
+
+    def find_leaf(routes, record, params)
+      return record unless routes.size > 1
+
+      # For deeply nested routes we need to search from the root of the API to the leaf
+      # of its nested associations in order to guarantee the validity of the relationship,
+      # the authorization on the parent model, and the sanity of passed parameters.
+      routes[1..-1].each do |r|
+        if record && params[r.key]
+          ref    = r.reflection
+          record = record.send(ref.name).where( id: params[r.key] ).first if ref
+        end
+      end
+
+      verify_record_found(routes, params, record)
+      record
+    end
+
+    def verify_record_found(routes, params, record)
+      return unless params[routes.last.key] && record.class != routes.last.model
+
+      raise ActiveRecord::RecordNotFound.new("No #{routes.last.model.name} with ID '#{params[routes.last.key]}'")
+    end
+  end
+end

data/lib/introspective_grape/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module IntrospectiveGrape
-  VERSION = '0.5.0'
+  VERSION = '0.5.5'
 end

data/spec/dummy/.ruby-version

@@ -0,0 +1 @@
+2.6.0

data/spec/dummy/Gemfile

@@ -1,19 +1,19 @@
 source 'https://rubygems.org'
-gem 'rails', '5.2.6'
+gem 'rails', '5.2.6.2'
 
 gem 'byebug'
 gem 'camel_snake_keys'
 
 gem 'devise'
 gem 'delayed_paperclip'
-#gem 'devise-async'
+gem 'kt-paperclip'
 
 gem 'grape'
 gem 'grape-entity'
 gem 'grape-kaminari'
 gem 'grape-swagger'
 gem 'grape-swagger-entity'
-gem 'introspective_grape', path: '~/Dropbox/contrib/introspective_grape'
+gem 'introspective_grape' #, path: '~/Dropbox/contrib/introspective_grape'
 
 gem 'paperclip'
 gem 'pundit'

data/spec/dummy/app/api/dummy/company_api.rb

@@ -14,6 +14,15 @@ class Dummy::CompanyAPI < IntrospectiveGrape::API
       present params
     end
 
+    desc "Test kaminari pagination in a custom index"
+    params do
+      use :pagination
+    end
+    get '/paginated/list' do
+      authorize Company.new, :index?
+      companies = Company.all
+      present paginate(companies), using: CompanyEntity
+    end
   end
 
   class CompanyEntity < Grape::Entity

data/spec/requests/company_api_spec.rb

@@ -27,6 +27,15 @@ describe Dummy::CompanyAPI, type: :request do
       json.first['id'].should eq Company.first.id
       response.headers.slice("X-Total", "X-Total-Pages", "X-Per-Page", "X-Page", "X-Next-Page", "X-Prev-Page", "X-Offset").values.should eq ["30", "2", "25", "1", "2", "", "0"]
     end
+
+    it "should allow pagination in a custom index" do
+      Company.destroy_all
+      30.times { Company.make! }
+
+      get '/api/v1/companies/paginated/list'
+      response.should be_successful
+      response.headers.slice("X-Total", "X-Total-Pages", "X-Per-Page", "X-Page", "X-Next-Page", "X-Prev-Page", "X-Offset").values.should eq ["30", "2", "25", "1", "2", "", "0"]
+    end
   end
 
   before :all do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: introspective_grape
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.5
 platform: ruby
 authors:
 - Josh Buermann
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-27 00:00:00.000000000 Z
+date: 2022-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -56,16 +56,16 @@ dependencies:
   name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: dry-types
   requirement: !ruby/object:Gem::Requirement
@@ -291,7 +291,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: paperclip
+  name: kt-paperclip
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -344,6 +344,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/lint.yml"
+- ".github/workflows/security.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
 - ".rubocop.yml"
@@ -375,6 +376,7 @@ files:
 - lib/introspective_grape/validators.rb
 - lib/introspective_grape/version.rb
 - lib/tasks/introspective_grape_tasks.rake
+- spec/dummy/.ruby-version
 - spec/dummy/Gemfile
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
@@ -538,12 +540,12 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Quickly configure Grape APIs around your database schema and models.
 test_files:
+- spec/dummy/.ruby-version
 - spec/dummy/Gemfile
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile