introspective_grape 0.5.0 → 0.5.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d15f31a850811633ad737c414309293b36b8cacb15508468e5155a5b6aec2bed
-  data.tar.gz: 17b3a773228928342af7c692f2ac62352cd1bcdda2695351cae9cf56c449fc82
+  metadata.gz: 1221cfb7bde9b3896a0c11c595c685198a10a88120cb7ad0711baca8b954e7a0
+  data.tar.gz: 18ef790d77cc390818ea413f04c3ffe0f87a60350a5a7157bb73e66ab9693360
 SHA512:
-  metadata.gz: acf6d1def5d4df6c3438e67d1743c6dfe86a00b44044ce8b709e7800bca20096180084a0bb994b77535c4a956997df25c4dde8349f63b7831d17fe494e900c04
-  data.tar.gz: 509de38fd9a074d493caf0389bdb10d8bfad3fe4a145e3f1c2a9ff30b33d2efc2fbfa466f6e743d081fa678035f05214b8c71f6305562f34a65faac530f1c96b
+  metadata.gz: fdc88a2e154ab024c70c978e553533d79d67b31194ae47e1fa6b923ffa83df585b317aabc2c5159ff9ef63881d235df0ca2cbd9ce28d303213029f6284f8288c
+  data.tar.gz: f95cddc2dfe36efb3cf54f572d977c10573d658410a876dcf2adba43fb82ea066c1eea53582fa659079ff3211a638edcb0682b156abf040f8a4469bdd330bf87

data/.github/workflows/security.yml

@@ -0,0 +1,32 @@
+name: security
+on: push
+jobs:
+  security:
+    name: Security
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.6.2
+      - name: Cache Ruby Gems
+        uses: actions/cache@v2
+        with:
+          path: vendor/bundle
+          key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-gems-
+      - name: Bundle Install
+        run: |
+          gem install bundler
+          bundle config path vendor/bundle
+          bundle install --jobs 4 --retry 3
+      - name: Security Checks
+        run: |
+          bundle exec brakeman -z
+          gem install bundle-audit
+          bundle-audit update
+          bundle-audit
+

data/CHANGELOG.md

@@ -1,3 +1,14 @@
+
+0.5.2 02/07/2022
+================
+
+Lock down compatible Grape version to 1.6.0, as the next version has breaking changes for classes inheriting from Grape::Validator::Base.
+
+0.5.1 02/07/2022
+================
+
+Removed stray require of 'byebug'.
+
 0.5.0 10/20/2021
 ================
 

data/README.md

@@ -305,8 +305,7 @@ myself, but would be trivial to make more atomistic.
 ## Documenting Endpoints
 
 If you wish to provide additional documentation for end points you can define
-`self.<index,show,update,create,destroy>_documentation` class methods in the API class (or extend them
-from a documentation module, which would be preferable).
+`self.<index,show,update,create,destroy>_documentation(name)` class methods in the API class (or extend them from a documentation module, which would be preferable).
 
 ## Grape Hooks - The Precedence of Declaration Matters
 

data/introspective_grape.gemspec

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency 'schema_validations'
   s.add_runtime_dependency 'rack'
 
-  s.add_runtime_dependency 'grape'
+  s.add_runtime_dependency 'grape', '1.6.0'
   s.add_runtime_dependency 'dry-types'
   s.add_runtime_dependency 'grape-entity'
   s.add_runtime_dependency 'grape-swagger'

data/lib/introspective_grape/api.rb

@@ -1,6 +1,6 @@
 require 'action_controller'
 require 'kaminari'
-require 'byebug'
+#require 'byebug'
 require 'grape-kaminari'
 require 'introspective_grape/validators'
 
@@ -408,7 +408,7 @@ module IntrospectiveGrape
         # Check if it's a file attachment, look for an override class from the model,
         # check PG2RUBY, use the database type, or fail over to a String:
         uploaded_file?(model, field)           ||
-          check_model_for_type(model, field)    ||
+          check_model_for_type(model, field)   ||
           PG2RUBY[db_type]                     ||
           db_type_constant(db_type)            ||
           String # default to String if nothing else works

data/lib/introspective_grape/traversal.rb

@@ -1,56 +1,56 @@
-module IntrospectiveGrape
-  module Traversal
-    # For deeply nested endpoints we want to present the record being affected, these
-    # methods traverse down from the parent instance to the child model associations
-    # of the deeply nested route.
-
-    def find_leaves(routes, record, params)
-      # Traverse down our route and find the leaf's siblings from its parent, e.g.
-      # project/#/teams/#/team_users ~> project.find.teams.find.team_users
-      # (the traversal of the intermediate nodes occurs in find_leaf())
-      return record if routes.size < 2 # the leaf is the root
-
-      record = find_leaf(routes, record, params) || return
-
-      assoc  = routes.last
-      if assoc.many?
-        leaves = record.send( assoc.reflection.name ).includes( default_includes(assoc.model) )
-        verify_records_found(leaves, routes)
-        leaves
-      else
-        # has_one associations don't return a CollectionProxy and so don't support
-        # eager loading.
-        record.send( assoc.reflection.name )
-      end
-    end
-
-    def verify_records_found(leaves, routes)
-      return if (leaves.map(&:class) - [routes.last.model]).empty?
-
-      raise ActiveRecord::RecordNotFound.new("Records contain the wrong models, they should all be #{routes.last.model.name}, found #{records.map(&:class).map(&:name).join(',')}")
-    end
-
-    def find_leaf(routes, record, params)
-      return record unless routes.size > 1
-
-      # For deeply nested routes we need to search from the root of the API to the leaf
-      # of its nested associations in order to guarantee the validity of the relationship,
-      # the authorization on the parent model, and the sanity of passed parameters.
-      routes[1..-1].each do |r|
-        if record && params[r.key]
-          ref    = r.reflection
-          record = record.send(ref.name).where( id: params[r.key] ).first if ref
-        end
-      end
-
-      verify_record_found(routes, params, record)
-      record
-    end
-
-    def verify_record_found(routes, params, record)
-      return unless params[routes.last.key] && record.class != routes.last.model
-
-      raise ActiveRecord::RecordNotFound.new("No #{routes.last.model.name} with ID '#{params[routes.last.key]}'")
-    end
-  end
-end
+module IntrospectiveGrape
+  module Traversal
+    # For deeply nested endpoints we want to present the record being affected, these
+    # methods traverse down from the parent instance to the child model associations
+    # of the deeply nested route.
+
+    def find_leaves(routes, record, params)
+      # Traverse down our route and find the leaf's siblings from its parent, e.g.
+      # project/#/teams/#/team_users ~> project.find.teams.find.team_users
+      # (the traversal of the intermediate nodes occurs in find_leaf())
+      return record if routes.size < 2 # the leaf is the root
+
+      record = find_leaf(routes, record, params) || return
+
+      assoc  = routes.last
+      if assoc.many?
+        leaves = record.send( assoc.reflection.name ).includes( default_includes(assoc.model) )
+        verify_records_found(leaves, routes)
+        leaves
+      else
+        # has_one associations don't return a CollectionProxy and so don't support
+        # eager loading.
+        record.send( assoc.reflection.name )
+      end
+    end
+
+    def verify_records_found(leaves, routes)
+      return if (leaves.map(&:class) - [routes.last.model]).empty?
+
+      raise ActiveRecord::RecordNotFound.new("Records contain the wrong models, they should all be #{routes.last.model.name}, found #{records.map(&:class).map(&:name).join(',')}")
+    end
+
+    def find_leaf(routes, record, params)
+      return record unless routes.size > 1
+
+      # For deeply nested routes we need to search from the root of the API to the leaf
+      # of its nested associations in order to guarantee the validity of the relationship,
+      # the authorization on the parent model, and the sanity of passed parameters.
+      routes[1..-1].each do |r|
+        if record && params[r.key]
+          ref    = r.reflection
+          record = record.send(ref.name).where( id: params[r.key] ).first if ref
+        end
+      end
+
+      verify_record_found(routes, params, record)
+      record
+    end
+
+    def verify_record_found(routes, params, record)
+      return unless params[routes.last.key] && record.class != routes.last.model
+
+      raise ActiveRecord::RecordNotFound.new("No #{routes.last.model.name} with ID '#{params[routes.last.key]}'")
+    end
+  end
+end

data/lib/introspective_grape/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module IntrospectiveGrape
-  VERSION = '0.5.0'
+  VERSION = '0.5.2'
 end

data/spec/dummy/.ruby-version

@@ -0,0 +1 @@
+2.6.0

data/spec/dummy/app/api/dummy/company_api.rb

@@ -14,6 +14,15 @@ class Dummy::CompanyAPI < IntrospectiveGrape::API
       present params
     end
 
+    desc "Test kaminari pagination in a custom index"
+    params do
+      use :pagination
+    end
+    get '/paginated/list' do
+      authorize Company.new, :index?
+      companies = Company.all
+      present paginate(companies), using: CompanyEntity
+    end
   end
 
   class CompanyEntity < Grape::Entity

data/spec/requests/company_api_spec.rb

@@ -27,6 +27,15 @@ describe Dummy::CompanyAPI, type: :request do
       json.first['id'].should eq Company.first.id
       response.headers.slice("X-Total", "X-Total-Pages", "X-Per-Page", "X-Page", "X-Next-Page", "X-Prev-Page", "X-Offset").values.should eq ["30", "2", "25", "1", "2", "", "0"]
     end
+
+    it "should allow pagination in a custom index" do
+      Company.destroy_all
+      30.times { Company.make! }
+
+      get '/api/v1/companies/paginated/list'
+      response.should be_successful
+      response.headers.slice("X-Total", "X-Total-Pages", "X-Per-Page", "X-Page", "X-Next-Page", "X-Prev-Page", "X-Offset").values.should eq ["30", "2", "25", "1", "2", "", "0"]
+    end
   end
 
   before :all do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: introspective_grape
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.2
 platform: ruby
 authors:
 - Josh Buermann
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-10-27 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -56,16 +56,16 @@ dependencies:
   name: grape
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - '='
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 1.6.0
 - !ruby/object:Gem::Dependency
   name: dry-types
   requirement: !ruby/object:Gem::Requirement
@@ -344,6 +344,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".github/workflows/lint.yml"
+- ".github/workflows/security.yml"
 - ".github/workflows/test.yml"
 - ".gitignore"
 - ".rubocop.yml"
@@ -375,6 +376,7 @@ files:
 - lib/introspective_grape/validators.rb
 - lib/introspective_grape/version.rb
 - lib/tasks/introspective_grape_tasks.rake
+- spec/dummy/.ruby-version
 - spec/dummy/Gemfile
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile
@@ -544,6 +546,7 @@ signing_key:
 specification_version: 4
 summary: Quickly configure Grape APIs around your database schema and models.
 test_files:
+- spec/dummy/.ruby-version
 - spec/dummy/Gemfile
 - spec/dummy/README.rdoc
 - spec/dummy/Rakefile