RubyGems - paramoid - Versions diffs - 1.0.0 → 2.0.0 - Mend

paramoid 1.0.0 → 2.0.0

Files changed (14) hide show

checksums.yaml +4 -4
data/lib/paramoid/base.rb +49 -21
data/lib/paramoid/controller.rb +3 -0
data/lib/paramoid/list.rb +11 -2
data/lib/paramoid/object.rb +87 -9
data/lib/paramoid/version.rb +3 -1
data/lib/paramoid.rb +0 -1
data/spec/paramoid/base_spec.rb +11 -6
data/spec/paramoid/complex_spec.rb +168 -0
data/spec/paramoid/controller_spec.rb +5 -2
data/spec/paramoid/object_spec.rb +28 -8
data/spec/spec_helper.rb +1 -0
data/spec/support/params.rb +35 -0
metadata +12 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f528551c46f70a5d476cb1ddbbeb9e59687a7153112c8962a026ed896b6ba343
-  data.tar.gz: ebd4e70f7a7987afcc282db3ef47fbda33841be91e97d98e85874bc039c8047d
+  metadata.gz: 81d4e4ce0a1c77990eeadd7e01f7450307bab477bfdbd4d307f7240521ceab3a
+  data.tar.gz: cbc6586cd42d5aa4c96ef197d689b24add85b79d3841835a85b6f85ef54a8c51
 SHA512:
-  metadata.gz: d4ab2dfeb44387a4c6bcf7de2aa05832d8efd792e4cefdf867039bc51b1c044554575b005f2b7c10b7fe82d7bfc1e5db0dab6dda4d34fd59256ea52c7721fff8
-  data.tar.gz: 43ab66b64849be0b6b5879705f58ed4a337729c15d0aa7313d8db9e6671356fa936b6f06d1e0e955b17d9b4386ef9382aabd386adfd839847aff5df886d2d64a
+  metadata.gz: c42ab24874cbd59db1f5891e7cd96e57ab6151d4e916b0bcd33289aefe97b326d77d4301337471555dcba9ca7c2814a7aa0cf7ecf8b0bb1e414ca3430aabf491
+  data.tar.gz: fa359b7d150eaa6f22c7bcbfea4b8760a51c1e140be713d31e98ba057c47a8af470ed161af4cb3683008c22ffb0afaf732826ef32f64ea07bf202520ff9fb2ef

data/lib/paramoid/base.rb CHANGED Viewed

@@ -1,51 +1,83 @@
 module Paramoid
+  # The base class for Paramoid.
+  # @example
+  #   class MyParamoidSanitizer < Paramoid::Base
+  #     def initialize(user = nil)
+  #       param :name, as: :first_name
+  #       param :age, transformer: ->(age) { age.to_i }
+  #       group :address do
+  #         param :street
+  #         param :city
+  #         param :state
+  #         param :zip
+  #       end
+  #     end
+  #   end
   class Base
     # @param [ActionController::Parameters] params
     def sanitize(params)
       params = params.permit(*permitted_params)
-      scalar_params.transform_params!(params)
-      params = default_params.merge(params)
+      context.transform_params!(params)
+      context.apply_defaults!(params)
       ensure_required_params!(params)
     end
+    def permitted_params
+      scalar_params.to_params
+    end
     protected
     # @param [Symbol] name
     # @param [Symbol] as
     # @param [Lambda | NilClass] transformer
-    def group!(name, as: nil, transformer: nil)
-      key = as || name
-      data = Object.new(name, key, nested: List.new, transformer: transformer)
-      context << data
-      return unless block_given?
+    def group(name, as: nil, transformer: nil, &block)
+      _nest_rule(name, as: as, transformer: transformer, nesting_type: :object, &block)
+    end
-      old_context = context
-      @context = data
-      yield
-      @context = old_context
+    def list(name, as: nil, transformer: nil, &block)
+      _nest_rule(name, as: as, transformer: transformer, nesting_type: :list, &block)
     end
-    alias list! group!
-    alias array! group!
+    alias array list
     # @param [Array<Symbol>] names
-    def params!(*names, required: false)
-      names.each { |name| param! name, required: required }
+    def params(*names, required: false)
+      names.each { |name| param name, required: required }
     end
-    def param!(name, as: nil, transformer: nil, default: nil, required: false)
+    def param(name, as: nil, transformer: nil, default: nil, required: false)
       key = as || name
       data = Object.new(name, key, nested: nil, default: default, transformer: transformer, required: required)
       context << data
     end
-    def default!(name, value)
+    def default(name, value)
       data = Object.new(name, name, nested: nil, default: value)
       context << data
     end
+    alias param! param
+    alias params! params
+    alias group! group
+    alias default! default
+    alias array! array
+    alias list! list
     private
+    def _nest_rule(name, nesting_type:, as: nil, transformer: nil)
+      key = as || name
+      data = Object.new(name, key, nested: List.new, nesting_type: nesting_type, transformer: transformer)
+      context << data
+      return unless block_given?
+      old_context = context
+      @context = data
+      yield
+      @context = old_context
+    end
     def context
       @context ||= scalar_params
     end
@@ -68,10 +100,6 @@ module Paramoid
       @transformers ||= {}.with_indifferent_access
     end
-    def permitted_params
-      scalar_params.to_params
-    end
     def transformed_keys
       @transformed_keys ||= scalar_params
     end

data/lib/paramoid/controller.rb CHANGED Viewed

@@ -1,6 +1,9 @@
 require 'action_controller'
 module Paramoid
+  # This module provides a `sanitize_params!` method that
+  # can be used in controllers to sanitize incoming parameters using
+  # the defined sanitizer class.
   module Controller
     extend ActiveSupport::Concern

data/lib/paramoid/list.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
 module Paramoid
   class List < Array
     def to_params
@@ -12,13 +14,20 @@ module Paramoid
       end
     end
+    def apply_defaults!(params)
+      each do |params_data|
+        params = params_data.apply_defaults! params
+      end
+      params
+    end
     def to_defaults
       inject({}) { |a, b| a.merge!(b.to_defaults) }
     end
-    def ensure_required_params!(params)
+    def ensure_required_params!(params, path: [])
       each do |params_data|
-        params_data.ensure_required_params! params
+        params_data.ensure_required_params! params, path: path
       end
     end
   end

data/lib/paramoid/object.rb CHANGED Viewed

@@ -1,4 +1,5 @@
 module Paramoid
+  # rubocop:disable Metrics/ClassLength
   class Object
     # @return [Symbol] the parameter name
     attr_reader :name
@@ -19,19 +20,18 @@ module Paramoid
     # @param [Object] default
     # @param [Lambda, NilClass] transformer
     # @param [TrueClass, FalseClass] required
-    def initialize(name, alias_name, nested: nil, transformer: nil, default: nil, required: false)
+    def initialize(name, alias_name, nested: nil, nesting_type: nil, transformer: nil, default: nil, required: false)
       @name = name
       @alias = alias_name
       @nested = nested
       @default = default
       @transformer = transformer
       @required = required
+      @nesting_type = nesting_type
     end
     # @param [Array, Hash] params
     def transform_params!(params)
-      return if @alias == @name
       if params.is_a?(Array)
         params.each { |param| transform_params!(param) }
         return
@@ -39,6 +39,8 @@ module Paramoid
       return unless params.key?(@name)
+      params[@name] = @transformer.call(params[@name]) if @transformer.respond_to?(:call)
       @nested.transform_params!(params[@name]) if nested?
       params[@alias] = params.delete(@name) unless @alias == @name
     end
@@ -51,6 +53,7 @@ module Paramoid
       end
     end
+    # @return [Hash] the required params
     def to_required_params
       if nested?
         @nested.to_required_params
@@ -59,21 +62,83 @@ module Paramoid
       end
     end
-    def ensure_required_params!(params)
-      if @required
-        raise ActionController::ParameterMissing, output_key unless params&.key?(output_key)
-        raise ActionController::ParameterMissing, output_key if params[output_key].nil?
+    # @param [Hash] params
+    # @param [Array<Symbol>] path
+    # @raise [ActionController::ParameterMissing] if one of the required params is missing
+    def ensure_required_params!(params, path: [])
+      if params.is_a?(Array)
+        params.flatten.each do |param|
+          ensure_required_params!(param, path: path)
+        end
+        return params
+      end
+      current_path = [*path, @name]
+      _raise_on_missing_parameter!(params, output_key, current_path) if @required
+      return params unless nested?
+      ensure_required_nested_params!(params, current_path)
+    end
+    def ensure_required_nested_params!(params, current_path)
+      return params if current_path.size > 1 && params.nil?
+      @nested.ensure_required_params!(params ? params[output_key] : nil, path: current_path)
+      params
+    end
+    # @param [Hash] params
+    # @return [Hash] the params with the default values
+    def apply_defaults!(params)
+      return apply_nested_defaults!(params) if nested?
+      return params unless @default
+      return params if @nesting_type == :list && !params
+      params ||= {}
+      apply_scalar_defaults!(params)
+      params
+    end
+    def apply_scalar_defaults!(params)
+      if params.is_a?(Array)
+        params.map! { |param| apply_scalar_defaults!(param) }
+      else
+        params[output_key] ||= @default
       end
+      params
+    end
+    def apply_nested_defaults!(params)
+      return params unless params
-      @nested.ensure_required_params!(params[output_key]) if nested?
+      params ||= @nesting_type == :list ? [] : {}
+      return apply_nested_param_default_when_available!(params, output_key) unless params.is_a?(Array)
+      params.map! do |param|
+        apply_nested_param_default_when_available!(param, output_key)
+      end
       params
     end
+    def apply_nested_param_default_when_available!(param, key)
+      return param unless param[key]
+      result = @nested.apply_defaults!(param[key])
+      param[key] = result if result
+      param
+    end
     def to_defaults
       if nested?
         nested_defaults = @nested.to_defaults
-        (nested_defaults.present? ? { output_key => @nested.to_defaults } : {}).with_indifferent_access
+        (nested_defaults.present? ? { output_key => nested_defaults } : {}).with_indifferent_access
       else
         (@default ? { output_key => @default } : {}).with_indifferent_access
       end
@@ -90,5 +155,18 @@ module Paramoid
     def nested?
       !@nested.nil?
     end
+    private
+    def _raise_on_missing_parameter!(params, key, current_path)
+      return if params.nil?
+      return if _param_exist?(params, key)
+      raise ActionController::ParameterMissing, current_path.join('.')
+    end
+    def _param_exist?(params, key)
+      params&.key?(key) && !params[key].nil?
+    end
   end
 end

data/lib/paramoid/version.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+# Frozen_string_literal: true
 module Paramoid
-  VERSION = '1.0.0'
+  VERSION = '2.0.0'
 end

data/lib/paramoid.rb CHANGED Viewed

@@ -6,7 +6,6 @@ module Paramoid
   autoload :Object
   autoload :List
   autoload :Base
-  # autoload :Controller
 end
 require 'paramoid/controller'

data/spec/paramoid/base_spec.rb CHANGED Viewed

@@ -1,5 +1,8 @@
+# frozen_string_literal: true
 require 'spec_helper'
+# rubocop:disable Metrics/BlockLength
 describe PersonParamsSanitizer, type: :controller do
   let(:params) do
     ActionController::Parameters.new(params_hash)
@@ -15,8 +18,7 @@ describe PersonParamsSanitizer, type: :controller do
         current_user_id: 2,
         first_name: 'John',
         last_name: 'Doe',
-        # TODO: Implement transformers
-        # email: 'Hello@MyCustomMAIL.COM',
+        email: 'Hello@MyCustomMAIL.COM',
         role: 'some_role',
         unwanted: 'hello',
         an_object_filtered: { name: 'value' },
@@ -38,13 +40,12 @@ describe PersonParamsSanitizer, type: :controller do
     end
     it 'keeps only allowed params' do
-      expect(sanitized).to eq(
+      expect(sanitized.to_unsafe_h).to eq(
         {
           'current_user_id' => 2,
           'first_name' => 'John',
           'last_name' => 'Doe',
-          # TODO: Implement transformers
-          # 'email' => 'hello@mycustommail.com',
+          'email' => 'hello@mycustommail.com',
           'some_default' => 1,
           'an_array_unfiltered' => [1, 2, 3, 4, 5]
         }
@@ -56,7 +57,10 @@ describe PersonParamsSanitizer, type: :controller do
         {}
       end
       it 'raises an error' do
-        expect { sanitized }.to raise_error(ActionController::ParameterMissing)
+        expect { sanitized }.to raise_error(
+          ActionController::ParameterMissing,
+          /param is missing or the value is empty( or invalid)?: current_user_id/
+        )
       end
     end
@@ -78,3 +82,4 @@ describe PersonParamsSanitizer, type: :controller do
     end
   end
 end
+# rubocop:enable Metrics/BlockLength

data/spec/paramoid/complex_spec.rb ADDED Viewed

@@ -0,0 +1,168 @@
+# frozen_string_literal: true
+require 'spec_helper'
+# rubocop:disable Metrics/BlockLength
+describe ComplexParamsSanitizer, type: :controller do
+  let(:params) do
+    ActionController::Parameters.new(params_hash)
+  end
+  subject { described_class.new(user) }
+  let(:sanitized) { subject.sanitize(params) }
+  describe 'when params are valid' do
+    let(:user) { double(admin?: false) }
+    let(:params_hash) do
+      {
+        unwanted: 1,
+        name: 'some_name',
+        buyer: {
+          payment_method: {
+            id: 1
+          }
+        }
+      }
+    end
+    let(:params) do
+      ActionController::Parameters.new(params_hash)
+    end
+    it 'filters out unwanted params' do
+      expect(sanitized).not_to have_key(:unwanted)
+    end
+    it 'has the default values of existing objects' do
+      expect(sanitized.to_unsafe_h).to eq(
+        {
+          'buyer' => { 'payment_method' => { 'uuid' => 1 } },
+          'total' => 0,
+          'name' => 'some_name'
+        }
+      )
+    end
+    context 'when a nested object has at least a value' do
+      let(:params_hash) do
+        {
+          unwanted: 1,
+          name: 'some_name',
+          buyer: {
+            payment_method: {
+              id: 1
+            }
+          },
+          person: {},
+          items: [{}, { sub_items: [{ id: 5 }] }]
+        }
+      end
+      it 'has the default value for those' do
+        expect(sanitized.to_unsafe_h).to eq(
+          {
+            'buyer' => { 'payment_method' => { 'uuid' => 1 } },
+            'total' => 0,
+            'name' => 'some_name',
+            'items' => [
+              { 'price' => 0 },
+              { 'price' => 0, 'sub_items' => [{ 'price' => 0, 'id' => 5 }] }
+            ],
+            'person_attributes' => { 'role' => :user }
+          }
+        )
+      end
+      context 'and the required parameter is missing' do
+        let(:params_hash) do
+          {
+            unwanted: 1,
+            name: 'some_name',
+            buyer: {
+              payment_method: {
+                id: 1
+              }
+            },
+            person: {},
+            items: [{}, { sub_items: [{ price: 5 }] }]
+          }
+        end
+        it 'raises an error' do
+          expect { sanitized }.to raise_error(
+            ActionController::ParameterMissing,
+            /param is missing or the value is empty( or invalid)?: items.sub_items.id/
+          )
+        end
+      end
+    end
+  end
+  describe 'when params all parameters are set' do
+    let(:user) { double(admin?: true) }
+    let(:params_hash) do
+      {
+        name: 'some_name',
+        unwanted: 1,
+        buyer: {
+          payment_method: {
+            id: 1
+          }
+        },
+        items: [{ id: 5, name: 'some_name', discount: 10 }],
+        total: 100,
+        person: { id: 1, full_name: 'some_name' }
+      }
+    end
+    let(:params) do
+      ActionController::Parameters.new(params_hash)
+    end
+    it 'returns permitted params' do
+      expect(subject.permitted_params).to eq(
+        [
+          :total, :name,
+          { buyer: [{ payment_method: [:id] }],
+            items: [:id, :name, :price, :discount, { sub_items: [:id, :price] }],
+            person: %i[id full_name role] }
+        ]
+      )
+    end
+    it 'has the default values correctly nested' do
+      expect(sanitized.to_unsafe_h).to eq(
+        {
+          'buyer' => { 'payment_method' => { 'uuid' => 1 } },
+          'items' => [
+            { 'price' => 0, 'name' => 'some_name', 'discount' => 0.1, 'id' => 5 }
+          ],
+          'total' => 100,
+          'name' => 'some_name',
+          'person_attributes' => { 'role' => :admin, 'id' => 1, 'full_name' => 'some_name' }
+        }
+      )
+    end
+  end
+  describe 'when required params are missing' do
+    let(:user) { double(admin?: false) }
+    let(:params_hash) do
+      {
+        name: 'some_name',
+        buyer: {
+          payment_method: {}
+        }
+      }
+    end
+    it 'raises an error' do
+      expect { sanitized }.to raise_error(
+        ActionController::ParameterMissing,
+        /param is missing or the value is empty( or invalid)?: buyer.payment_method.id/
+      )
+    end
+  end
+end
+# rubocop:enable Metrics/BlockLength

data/spec/paramoid/controller_spec.rb CHANGED Viewed

@@ -1,13 +1,15 @@
+# frozen_string_literal: true
 require 'spec_helper'
+# rubocop:disable Metrics/BlockLength
 describe 'controllers' do
   let(:params_hash) do
     {
       current_user_id: 2,
       first_name: 'John',
       last_name: 'Doe',
-      # TODO: Implement transformers
-      # email: 'Hello@MyCustomMAIL.COM',
+      email: 'Hello@MyCustomMAIL.COM',
       role: 'some_role',
       unwanted: 'hello',
       an_object_filtered: { name: 'value' },
@@ -41,3 +43,4 @@ describe 'controllers' do
     end
   end
 end
+# rubocop:enable Metrics/BlockLength

data/spec/paramoid/object_spec.rb CHANGED Viewed

@@ -1,5 +1,8 @@
+# frozen_string_literal: true
 require 'spec_helper'
+# rubocop:disable Metrics/BlockLength
 describe Paramoid::Object do
   let(:name) { :some_param }
   let(:alias_name) { :some_param }
@@ -27,6 +30,7 @@ describe Paramoid::Object do
     end
   end
+  # FIXME: deprecate to_defaults
   describe '#to_defaults' do
     it 'returns an empty value' do
       expect(subject.to_defaults).to eq({})
@@ -94,30 +98,46 @@ describe Paramoid::Object do
         expect do
           subject.ensure_required_params!(params)
         end.to raise_error(ActionController::ParameterMissing,
-                           'param is missing or the value is empty: some_param')
+                           /param is missing or the value is empty( or invalid)?: some_param/)
       end
     end
     context 'when it\'s nested' do
       let(:nested) { described_class.new(:nested, nil, required: true) }
-      it 'raises an error' do
-        expect do
-          subject.ensure_required_params!(params)
-        end.to raise_error(ActionController::ParameterMissing,
-                           'param is missing or the value is empty: nested')
+      context 'and some_param is present, but nested is required' do
+        let(:params_hash) { { 'not_this_param' => 'some_value', 'some_param' => {} } }
+        it 'raises an error' do
+          expect do
+            subject.ensure_required_params!(params)
+          end.to raise_error(ActionController::ParameterMissing,
+                             /param is missing or the value is empty( or invalid)?: some_param.nested/)
+        end
       end
-      context 'and it\'s required' do
+      context 'and some_param is required' do
         let(:required) { true }
         it 'raises an error on the parent param' do
           expect do
             subject.ensure_required_params!(params)
           end.to raise_error(ActionController::ParameterMissing,
-                             'param is missing or the value is empty: some_param')
+                             /param is missing or the value is empty( or invalid)?: some_param/)
+        end
+      end
+      context 'when params is nil' do
+        let(:params) { nil }
+        it 'skips the check' do
+          expect do
+            subject.ensure_required_params!(params)
+          end.not_to raise_error(ActionController::ParameterMissing,
+                                 'param is missing or the value is empty: some_param.nested')
         end
       end
     end
   end
 end
+# rubocop:enable Metrics/BlockLength

data/spec/spec_helper.rb CHANGED Viewed

@@ -1,3 +1,4 @@
+require 'logger'
 require 'action_controller'
 require 'rspec'
 require 'paramoid'

data/spec/support/params.rb CHANGED Viewed

@@ -21,3 +21,38 @@ class PersonParamsSanitizer < Paramoid::Base
     end
   end
 end
+class ComplexParamsSanitizer < Paramoid::Base
+  def initialize(user = nil)
+    group :person, as: :person_attributes do
+      params :id, :full_name
+      if user.admin?
+        param :role, default: :admin
+      else
+        default :role, :user
+      end
+    end
+    group :buyer do
+      group :payment_method do
+        param :id, required: true, as: :uuid
+      end
+    end
+    array :items do
+      params :id, :name
+      default :price, 0
+      param :discount, transformer: ->(data) { data&.to_f / 100 } if user.admin?
+      array :sub_items do
+        param :id, required: true
+        default :price, 0
+      end
+    end
+    default :total, 0
+    param :name, required: true
+  end
+end

metadata CHANGED Viewed

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: paramoid
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Mònade
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
 date: 2022-05-28 00:00:00.000000000 Z
@@ -19,7 +19,7 @@ dependencies:
         version: '5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
+        version: '9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
+        version: '9'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
         version: '5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
+        version: '9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: '5'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '8'
+        version: '9'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -93,6 +93,7 @@ files:
 - lib/paramoid/object.rb
 - lib/paramoid/version.rb
 - spec/paramoid/base_spec.rb
+- spec/paramoid/complex_spec.rb
 - spec/paramoid/controller_spec.rb
 - spec/paramoid/object_spec.rb
 - spec/spec_helper.rb
@@ -102,7 +103,7 @@ homepage: https://rubygems.org/gems/paramoid
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -110,19 +111,20 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.33
-signing_key:
+rubygems_version: 3.4.6
+signing_key:
 specification_version: 4
 summary: Getting paranoid about your Rails application params? Try paramoid!
 test_files:
 - spec/paramoid/base_spec.rb
+- spec/paramoid/complex_spec.rb
 - spec/paramoid/controller_spec.rb
 - spec/paramoid/object_spec.rb
 - spec/spec_helper.rb