RubyGems - jpie - Versions diffs - 1.0.0 → 1.0.1 - Mend

jpie 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (83) hide show

data/lib/json_api/controllers/concerns/resource_actions.rb CHANGED Viewed

@@ -1,9 +1,26 @@
 # frozen_string_literal: true
+require_relative "resource_actions/filter_validation"
+require_relative "resource_actions/field_validation"
+require_relative "resource_actions/preloading"
+require_relative "resource_actions/serialization"
+require_relative "resource_actions/pagination"
+require_relative "resource_actions/type_validation"
+require_relative "resource_actions/crud_helpers"
+require_relative "resource_actions/resource_loading"
 module JSONAPI
   module ResourceActions
     extend ActiveSupport::Concern
     include ActiveStorageSupport
+    include FilterValidation
+    include FieldValidation
+    include Preloading
+    include Serialization
+    include Pagination
+    include TypeValidation
+    include CrudHelpers
+    include ResourceLoading
     included do
       before_action :load_jsonapi_resource
@@ -17,21 +34,10 @@ module JSONAPI
     end
     def index
-      initial_scope = @preloaded_resources || model_class.all
-      scoped = apply_authorization_scope(initial_scope, action: :index)
-      query = JSONAPI::CollectionQuery.new(
-        scoped,
-        definition: @resource_class,
-        model_class: model_class,
-        filter_params: parse_filter_param,
-        sort_params: parse_sort_param,
-        page_params: parse_page_param
-      ).execute
+      scope = apply_authorization_scope(@preloaded_resources || model_class.all, action: :index)
+      query = build_query(scope)
       @total_count = query.total_count
       @pagination_applied = query.pagination_applied
       render json: serialize_collection(query.scope), status: :ok
     end
@@ -42,616 +48,59 @@ module JSONAPI
     end
     def create
-      # Determine STI class from type in payload
-      sti_class = determine_sti_class_for_create
-      # Use subtype model class for deserialization so it finds the correct resource class
-      params_hash = deserialize_params(:create, model_class: sti_class)
-      attachment_params = extract_active_storage_params_from_hash(params_hash, sti_class)
-      # Remove attachment params from regular params
-      attachment_params.each_key { |key| params_hash.delete(key.to_s) }
-      # Remove type from params_hash if present - STI handles type automatically
-      params_hash.delete("type")
-      params_hash.delete(:type)
-      # For STI base class, ensure type is set explicitly (Rails STI doesn't always set it for base class)
-      # Only set type if this is actually an STI base class (has type column and base_class == class)
-      if sti_class.respond_to?(:base_class) &&
-         sti_class.base_class == sti_class &&
-         sti_class.column_names.include?("type")
-        params_hash["type"] = sti_class.name
-      end
-      resource = sti_class.new(params_hash)
+      resource = build_resource_for_create
       authorize_resource_action!(resource, action: :create)
+      attach_active_storage_files(resource, @create_attachments, resource_class: determine_sti_resource_class)
+      save_created(resource)
+    rescue ArgumentError => e
+      render_create_error(e)
+    rescue JSONAPI::Exceptions::ParameterNotAllowed, ActiveSupport::MessageVerifier::InvalidSignature => e
+      handle_create_exception(e)
+    end
-      # Attach files before saving so validation can check files.attached?
-      # ActiveStorage allows attaching to unsaved records and will persist attachments when the record is saved
-      sti_resource_class = determine_sti_resource_class_for_create
-      attach_active_storage_files(resource, attachment_params, resource_class: sti_resource_class)
+    def build_resource_for_create
+      sti_class = determine_sti_class
+      params_hash, @create_attachments = prepare_create_params(sti_class)
+      sti_class.new(params_hash)
+    end
-      if resource.save
-        emit_resource_event(:created, resource)
-        render json: serialize_resource(resource), status: :created, location: resource_url(resource)
-      else
-        render_validation_errors(resource)
-      end
-    rescue ArgumentError => e
-      if e.message.match?(/invalid.*subtype/i)
-        render_invalid_subtype_error(e)
-      else
-        render_invalid_relationship_error(e)
+    def handle_create_exception(error)
+      case error
+      when JSONAPI::Exceptions::ParameterNotAllowed then render_parameter_not_allowed_error(error)
+      when ActiveSupport::MessageVerifier::InvalidSignature then render_signed_id_error(error)
       end
-    rescue ActiveSupport::MessageVerifier::InvalidSignature => e
-      render_invalid_signed_id_error(e)
     end
     def update
       authorize_resource_action!(@resource, action: :update)
-      params_hash = deserialize_params(:update)
-      attachment_params = extract_active_storage_params_from_hash(params_hash, model_class)
-      # Remove attachment params from regular params
-      attachment_params.each_key { |key| params_hash.delete(key.to_s) }
-      if @resource.update(params_hash)
-        attach_active_storage_files(@resource, attachment_params, resource_class: @resource_class)
-        emit_resource_event(:updated, @resource)
-        render json: serialize_resource(@resource), status: :ok
-      else
-        render_validation_errors(@resource)
-      end
+      params_hash, attachments = prepare_update_params
+      save_updated(params_hash, attachments)
     rescue ArgumentError => e
       render_invalid_relationship_error(e)
     rescue JSONAPI::Exceptions::ParameterNotAllowed => e
       render_parameter_not_allowed_error(e)
     rescue ActiveSupport::MessageVerifier::InvalidSignature => e
-      render_invalid_signed_id_error(e)
+      render_signed_id_error(e)
     end
     def destroy
       authorize_resource_action!(@resource, action: :destroy)
-      resource_id = @resource.id
-      resource_type_name = resource_type
-      if @resource.destroy
-        emit_resource_event(:deleted, @resource, resource_id:, resource_type: resource_type_name)
-        head :no_content
-      else
-        render_validation_errors(@resource)
-      end
-    end
-    def build_resource_from_params
-      params_hash = deserialize_params(:create)
-      attachment_params = extract_active_storage_params_from_hash(params_hash, model_class)
-      # Remove attachment params from regular params
-      attachment_params.each_key { |key| params_hash.delete(key.to_s) }
-      model_class.new(params_hash)
-    end
-    def deserialize_params(action = :update, model_class: nil)
-      params_hash = raw_jsonapi_data
-      target_model_class = model_class || self.model_class
-      deserializer = JSONAPI::Deserializer.new(params_hash, model_class: target_model_class, action:)
-      deserializer.to_model_attributes
-    end
-    def render_invalid_signed_id_error(error)
-      render_jsonapi_error(
-        status: 400,
-        title: "Invalid Signed ID",
-        detail: "Invalid signed blob ID provided: #{error.message}"
-      )
-    end
-    def determine_sti_class_for_create(_subtype = nil)
-      # Check the type directly from the payload
-      type_from_payload = raw_jsonapi_data&.dig(:type)
-      return model_class unless type_from_payload
-      # If the payload type differs from the controller's type,
-      # resolve the class for the specific type.
-      if type_from_payload == params[:resource_type]
-        model_class
-      else
-        resource_class = JSONAPI::ResourceLoader.find(type_from_payload)
-        resource_class.model_class
-      end
-    rescue JSONAPI::ResourceLoader::MissingResourceClass
-      model_class
-    end
-    def determine_sti_resource_class_for_create(_subtype = nil)
-      type_from_payload = raw_jsonapi_data&.dig(:type)
-      return @resource_class unless type_from_payload
-      if type_from_payload == params[:resource_type]
-        @resource_class
-      else
-        JSONAPI::ResourceLoader.find(type_from_payload)
-      end
-    rescue JSONAPI::ResourceLoader::MissingResourceClass
-      @resource_class
+      @resource.destroy
+      emit_resource_event(:deleted, @resource)
+      head :no_content
     end
     private
-    def load_jsonapi_resource
-      return unless params[:resource_type].present?
-      set_resource_name
-      set_resource_class
-      set_resource if %i[show update destroy].include?(action_name.to_sym)
-    end
-    def raw_jsonapi_data
-      # Access raw params to get relationships and meta before permit filters them
-      raw_data = params[:data] || params["data"]
-      return {} unless raw_data
-      # Convert to hash with symbolized keys, preserving nested structure including meta
-      # Use to_unsafe_h to get all params including unpermitted ones like meta
-      if raw_data.is_a?(ActionController::Parameters)
-        JSONAPI::ParamHelpers.deep_symbolize_params(raw_data.to_unsafe_h)
-      else
-        JSONAPI::ParamHelpers.deep_symbolize_params(raw_data)
-      end
-    end
-    def validate_filter_param
-      filters = parse_filter_param
-      return if filters.empty?
-      invalid_filters = find_invalid_filter_fields(filters)
-      return if invalid_filters.empty?
-      render_parameter_errors(
-        invalid_filters,
-        title: "Invalid Filter",
-        detail_proc: ->(filter_name) { "Invalid filter requested: #{filter_name}" },
-        source_proc: ->(filter_name) { { parameter: "filter[#{filter_name}]" } }
-      )
-    end
-    def find_invalid_filter_fields(filters)
-      filters.keys.reject do |filter_name|
-        valid_filter_path?(filter_name.to_s, @resource_class, model_class)
-      end
-    end
-    def valid_filter_path?(filter_name, resource_cls, model_cls)
-      path_parts = filter_name.split(".")
-      validate_filter_parts(path_parts, resource_cls, model_cls)
-    end
-    def validate_filter_parts(path_parts, resource_cls, model_cls, allow_related_columns: false)
-      return false if path_parts.empty?
-      if path_parts.length == 1
-        filter_name = path_parts.first
-        return true if resource_cls.permitted_filters.map(&:to_s).include?(filter_name)
-        if allow_related_columns
-          column_filter = parse_column_filter_name(filter_name)
-          return true if column_filter && model_cls.column_for_attribute(column_filter[:column])
-          return true if model_cls.column_names.include?(filter_name)
-          return true if model_cls.respond_to?(filter_name.to_sym)
-        end
-        return false
-      end
-      relationship_name, *remaining_parts = path_parts
-      return false unless relationship_allowed_for_filtering?(resource_cls, relationship_name)
-      association = model_cls.reflect_on_association(relationship_name.to_sym)
-      return false unless association
-      return valid_polymorphic_filter_parts?(remaining_parts) if association.polymorphic?
-      related_model = association.klass
-      related_resource_cls = JSONAPI::Resource.resource_for_model(related_model)
-      return false unless related_resource_cls
-      validate_filter_parts(
-        remaining_parts,
-        related_resource_cls,
-        related_model,
-        allow_related_columns: true
-      )
-    end
-    def relationship_allowed_for_filtering?(resource_cls, relationship_name)
-      permitted_through = resource_cls.permitted_filters_through
-      permitted_through.include?(relationship_name.to_sym) ||
-        permitted_through.map(&:to_s).include?(relationship_name.to_s)
-    end
-    def valid_polymorphic_filter_parts?(parts)
-      return false if parts.empty? || parts.length > 1
-      attribute_name = parts.first
-      match = attribute_name.match(/\A(.+)_(eq|match|lt|lte|gt|gte)\z/)
-      base_name = match ? match[1] : attribute_name
-      %w[id type].include?(base_name)
-    end
-    def parse_column_filter_name(filter_name)
-      match = filter_name.match(/\A(.+)_(eq|match|lt|lte|gt|gte)\z/)
-      return nil unless match
-      { column: match[1], operator: match[2].to_sym }
-    end
-    def validate_sort_param
-      sorts = parse_sort_param
-      return if sorts.empty?
-      valid_fields = valid_sort_fields_for_resource(@resource_class, model_class)
-      invalid_fields = invalid_sort_fields_for_columns(sorts, valid_fields)
-      return if invalid_fields.empty?
-      render_parameter_errors(
-        invalid_fields,
-        title: "Invalid Sort Field",
-        detail_proc: ->(field) { "Invalid sort field requested: #{field}" },
-        source_proc: ->(_field) { { parameter: "sort" } }
-      )
-    end
-    def validate_include_param
-      includes = parse_include_param
-      return if includes.empty?
-      invalid_paths = find_invalid_include_paths(includes)
-      return if invalid_paths.empty?
-      render_parameter_errors(
-        invalid_paths,
-        title: "Invalid Include Path",
-        detail_proc: ->(path) { "Invalid include path requested: #{path}" },
-        source_proc: ->(_path) { { parameter: "include" } }
-      )
-    end
-    def find_invalid_include_paths(includes)
-      permitted_relationships = @resource_class.relationship_names.map(&:to_s)
-      invalid_paths = []
-      includes.each do |include_path|
-        invalid_paths << include_path unless valid_include_path?(include_path, permitted_relationships)
-      end
-      invalid_paths
-    end
-    def valid_include_path?(include_path, permitted_relationships)
-      path_parts = include_path.split(".")
-      first_association = path_parts.first
-      return false unless permitted_relationships.include?(first_association)
-      valid_nested_path?(path_parts)
-    end
-    def valid_nested_path?(path_parts)
-      current_class = model_class
-      path_parts.each do |association_name|
-        # Check for ActiveStorage attachments
-        if self.class.active_storage_attachment?(association_name, current_class)
-          # ActiveStorage attachments point to ActiveStorage::Blob, which is a terminal relationship
-          return true
-        end
-        association = current_class.reflect_on_association(association_name.to_sym)
-        return false unless association
-        break if association.polymorphic?
-        current_class = association.klass
-      end
-      true
-    end
-    def preload_includes
-      includes = parse_include_param
-      return if includes.empty?
-      includes_hash = build_includes_hash(includes)
-      preload_resources(includes_hash)
-    rescue ActiveRecord::RecordNotFound
-      # Will be handled by set_resource
-    end
-    def build_includes_hash(includes)
-      includes_hash = {}
-      includes.each { |include_path| merge_include_path(includes_hash, include_path) }
-      includes_hash
-    end
-    def merge_include_path(includes_hash, include_path)
-      path_parts = include_path.split(".")
-      current_hash = includes_hash
-      path_parts.each_with_index do |part, index|
-        part_sym = part.to_sym
-        current_hash[part_sym] ||= {}
-        current_hash = current_hash[part_sym] if index < path_parts.length - 1
-      end
-    end
-    def preload_resources(includes_hash)
-      # Filter out ActiveStorage attachments and polymorphic associations from includes_hash
-      filtered_includes = filter_active_storage_from_includes(includes_hash, model_class)
-      filtered_includes = filter_polymorphic_from_includes(filtered_includes, model_class)
-      case action_name
-      when "index"
-        @preloaded_resources = filtered_includes.empty? ? model_class.all : model_class.all.includes(filtered_includes)
-      when "show"
-        @preloaded_resource = filtered_includes.empty? ? model_class.find(params[:id]) : model_class.includes(filtered_includes).find(params[:id])
-      end
-    end
-    def serialize_resource(resource)
-      serializer = JSONAPI::Serializer.new(resource)
-      serializer.to_hash(
-        include: parse_include_param,
-        fields: parse_fields_param,
-        document_meta: jsonapi_document_meta
-      )
-    end
-    def serialize_collection(resources)
-      includes = parse_include_param
-      fields = parse_fields_param
-      all_included = []
-      processed = Set.new
-      data = serialize_resources(resources, includes, fields, all_included, processed)
-      build_collection_response(data, all_included)
-    end
-    def serialize_resources(resources, includes, fields, all_included, processed)
-      resources.map do |resource|
-        result = serialize_single_resource(resource, includes, fields)
-        collect_included_resources(result, all_included, processed)
-        result[:data]
-      end
-    end
-    def serialize_single_resource(resource, includes, fields)
-      serializer = JSONAPI::Serializer.new(resource)
-      serializer.to_hash(include: includes, fields:, document_meta: nil)
-    end
-    def collect_included_resources(result, all_included, processed)
-      included_resources = result[:included] || []
-      included_resources.each do |included_resource|
-        add_unique_included_resource(included_resource, all_included, processed)
-      end
-    end
-    def add_unique_included_resource(included_resource, all_included, processed)
-      resource_key = "#{included_resource[:type]}-#{included_resource[:id]}"
-      return if processed.include?(resource_key)
-      all_included << included_resource
-      processed.add(resource_key)
-    end
-    def build_collection_response(data, all_included)
-      result = {
-        jsonapi: JSONAPI::Serializer.jsonapi_object,
-        data:
-      }
-      result[:included] = all_included if all_included.any?
-      pagination_meta = {}
-      if @pagination_applied
-        result[:links] = build_pagination_links
-        pagination_meta = build_pagination_meta
-      end
-      result[:meta] = jsonapi_document_meta(pagination_meta)
-      result
-    end
-    def build_pagination_links
-      page_params = parse_page_param
-      current_page = page_params["number"]&.to_i || 1
-      page_size = calculate_page_size(page_params)
-      total_pages = calculate_total_pages(page_size)
-      links = {
-        self: build_pagination_url(current_page, page_size),
-        first: build_pagination_url(1, page_size),
-        last: build_pagination_url(total_pages, page_size)
-      }
-      links[:prev] = build_pagination_url(current_page - 1, page_size) if current_page > 1
-      links[:next] = build_pagination_url(current_page + 1, page_size) if current_page < total_pages
-      links
-    end
-    def calculate_page_size(page_params)
-      size = page_params["size"]&.to_i || JSONAPI.configuration.default_page_size
-      [size, JSONAPI.configuration.max_page_size].min
-    end
-    def calculate_total_pages(page_size)
-      total_pages = (@total_count.to_f / page_size).ceil
-      total_pages.zero? ? 1 : total_pages
-    end
-    def build_pagination_url(page_number, page_size)
-      base_url = request.path
-      query_params = request.query_parameters.dup
-      query_params["page"] = { "number" => page_number, "size" => page_size }
-      query_string = build_query_string(query_params)
-      query_string.present? ? "#{base_url}?#{query_string}" : base_url
-    end
-    def build_query_string(query_params)
-      JSONAPI::ParamHelpers.build_query_string(query_params)
-    end
-    def build_pagination_meta
-      { total: @total_count }
-    end
-    def validate_resource_type!
-      # Skip validation if resource loading was skipped
-      return unless @resource_class
-      # Relationship endpoints carry related resource identifiers, so skip type
-      # validation for relationship requests.
-      return if params[:relationship_name].present?
-      requested_type = jsonapi_type
-      expected_type = resource_type
-      return if requested_type == expected_type
-      # Allow STI subtypes if posting to base endpoint
-      if model_class.respond_to?(:base_class)
-        # Check if requested type corresponds to a valid subclass
-        begin
-          requested_resource_class = JSONAPI::ResourceLoader.find(requested_type)
-          requested_model_class = requested_resource_class.model_class
-          # Allow if requested class is a subclass of the endpoint's class
-          return if requested_model_class < model_class
-        rescue JSONAPI::ResourceLoader::MissingResourceClass, NameError
-          # Fall through to error rendering
-        end
-      end
-      render_type_mismatch_error(expected_type, requested_type) and return
-    end
-    def validate_resource_id!
-      # Skip validation if resource loading was skipped
-      return unless @resource_class
-      requested_id = jsonapi_id
-      expected_id = params[:id].to_s
-      return if requested_id == expected_id
-      render_id_mismatch_error(expected_id, requested_id) and return
-    end
-    def render_type_mismatch_error(expected_type, requested_type)
-      detail = requested_type.nil? ? "Missing type member. Expected '#{expected_type}'" : "Type mismatch: expected '#{expected_type}', got '#{requested_type}'"
-      render json: {
-        errors: [
-          {
-            status: "409",
-            title: "Type Mismatch",
-            detail:,
-            source: { pointer: "/data/type" }
-          }
-        ]
-      }, status: :conflict
-    end
-    def render_id_mismatch_error(expected_id, requested_id)
-      render json: {
-        errors: [
-          {
-            status: "409",
-            title: "ID Mismatch",
-            detail: "ID mismatch: expected '#{expected_id}', got '#{requested_id}'",
-            source: { pointer: "/data/id" }
-          }
-        ]
-      }, status: :conflict
-    end
-    def resource_url(resource)
-      "/#{resource_type}/#{resource.id}"
-    end
-    def resource_type
-      params[:resource_type] || @resource_name.pluralize
-    end
-    def validate_fields_param
-      fields = parse_fields_param
-      return if fields.empty?
-      fields.each do |type, type_fields|
-        next if type_fields.nil? || type_fields.empty?
-        # Handle active_storage_blobs specially
-        if type.to_s == "active_storage_blobs"
-          invalid_fields = find_invalid_blob_fields(type_fields)
-          if invalid_fields.any?
-            render_parameter_errors(
-              invalid_fields,
-              title: "Invalid Field",
-              detail_proc: ->(field) { "Invalid field requested for active_storage_blobs: #{field}" },
-              source_proc: ->(_field) { { parameter: "fields[active_storage_blobs]" } }
-            )
-            return
-          end
-        else
-          # Only validate fields for the current resource type
-          next unless type.to_s == resource_type.to_s
-          invalid_fields = find_invalid_fields(type_fields)
-          if invalid_fields.any?
-            current_type = resource_type.to_s
-            render_parameter_errors(
-              invalid_fields,
-              title: "Invalid Field",
-              detail_proc: ->(field) { "Invalid field requested for #{current_type}: #{field}" },
-              source_proc: ->(_field) { { parameter: "fields[#{current_type}]" } }
-            )
-            return
-          end
-        end
-      end
-    end
-    def find_invalid_fields(resource_fields)
-      permitted_attributes = @resource_class.permitted_attributes.map(&:to_s)
-      resource_fields.reject { |field| permitted_attributes.include?(field.to_s) }
-    end
-    def find_invalid_blob_fields(blob_fields)
-      return [] unless defined?(::ActiveStorage)
-      permitted_attributes = JSONAPI::ActiveStorageBlobResource.permitted_attributes.map(&:to_s)
-      blob_fields.reject { |field| permitted_attributes.include?(field.to_s) }
-    end
-    def emit_resource_event(action, resource, resource_id: nil, resource_type: nil)
-      resource_id ||= resource.id
-      resource_type_name = resource_type || self.resource_type
-      changes = if action == :updated && resource.respond_to?(:previous_changes)
-                  resource.previous_changes.except("updated_at", "created_at")
-                else
-                  {}
-                end
-      JSONAPI::Instrumentation.resource_event(
-        action:,
-        resource_type: resource_type_name,
-        resource_id:,
-        changes:
-      )
+    def build_query(scope)
+      JSONAPI::CollectionQuery.new(
+        scope,
+        definition: @resource_class,
+        model_class: model_class,
+        filter_params: parse_filter_param,
+        sort_params: parse_sort_param,
+        page_params: parse_page_param,
+      ).execute
     end
   end
 end