plutonium 0.14.1 → 0.15.0.pre.rc2

data/lib/plutonium/{core → resource}/controllers/crud_actions.rb

@@ -1,5 +1,5 @@
 module Plutonium
-  module Core
+  module Resource
     module Controllers
       module CrudActions
         extend ActiveSupport::Concern
@@ -10,44 +10,40 @@ module Plutonium
 
         # GET /resources(.{format})
         def index
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title resource_class.model_name.human.pluralize.titleize
 
           @search_object = current_query_object
-          base_query = policy_scope(resource_class)
+          base_query = current_authorized_scope
           base_query = @search_object.apply(base_query)
-          base_query = base_query.public_send(params[:scope].to_sym) if params[:scope].present?
+          # base_query = base_query.public_send(params[:scope].to_sym) if params[:scope].present?
           @pagy, @resource_records = pagy base_query
-          @collection = build_collection
 
           render :index
         end
 
         # GET /resources/1(.{format})
         def show
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title resource_record.to_label.titleize
 
-          @detail = build_detail
-
           render :show
         end
 
         # GET /resources/new
         def new
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title "Create #{resource_class.model_name.human.titleize}"
 
           @resource_record = resource_class.new
           maybe_apply_submitted_resource_params!
-          @form = build_form
 
           render :new
         end
 
         # POST /resources(.{format})
         def create
-          authorize resource_class
+          authorize_current! resource_class
           set_page_title "Create #{resource_class.model_name.human.titleize}"
 
           @resource_record = resource_class.new resource_params
@@ -61,7 +57,6 @@ module Plutonium
               format.any { render :show, status: :created, location: redirect_url_after_submit }
             else
               format.html do
-                @form = build_form
                 render :new, status: :unprocessable_entity
               end
               format.any do
@@ -74,18 +69,17 @@ module Plutonium
 
         # GET /resources/1/edit
         def edit
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title "Update #{resource_record.to_label.titleize}"
 
           maybe_apply_submitted_resource_params!
-          @form = build_form
 
           render :edit
         end
 
         # PATCH/PUT /resources/1(.{format})
         def update
-          authorize resource_record
+          authorize_current! resource_record
           set_page_title "Update #{resource_record.to_label.titleize}"
 
           respond_to do |format|
@@ -97,7 +91,6 @@ module Plutonium
               format.any { render :show, status: :ok, location: redirect_url_after_submit }
             else
               format.html do
-                @form = build_form
                 render :edit, status: :unprocessable_entity
               end
               format.any do
@@ -110,13 +103,13 @@ module Plutonium
 
         # DELETE /resources/1(.{format})
         def destroy
-          authorize resource_record
+          authorize_current! resource_record
 
           respond_to do |format|
             resource_record.destroy
 
             format.html do
-              redirect_to resource_url_for(resource_class),
+              redirect_to redirect_url_after_destroy,
                 notice: "#{resource_class.model_name.human} was successfully deleted."
             end
             format.json { head :no_content }
@@ -143,13 +136,13 @@ module Plutonium
 
           url = case preferred_action_after_submit
           when "show"
-            resource_url_for(resource_record) if current_policy.show?
+            resource_url_for(resource_record) if current_policy.allowed_to? :show?
           when "edit"
-            resource_url_for(resource_record, action: :edit) if current_policy.edit?
+            resource_url_for(resource_record, action: :edit) if current_policy.allowed_to? :edit?
           when "new"
-            resource_url_for(resource_class, action: :new) if current_policy.new?
+            resource_url_for(resource_class, action: :new) if current_policy.allowed_to? :new?
           when "index"
-            resource_url_for(resource_class) if current_policy.index?
+            resource_url_for(resource_class) if current_policy.allowed_to? :index?
           else
             # ensure we have a valid value
             session[:action_after_submit_preference] = "show"
@@ -157,6 +150,14 @@ module Plutonium
           url || resource_url_for(resource_record)
         end
 
+        def redirect_url_after_destroy
+          if (return_to = url_from(params[:return_to]))
+            return return_to
+          end
+
+          resource_url_for(resource_class)
+        end
+
         def preferred_action_after_submit
           @preferred_action_after_submit = begin
             if %w[new edit show index].include? params[:commit]

data/lib/plutonium/resource/controllers/defineable.rb

@@ -0,0 +1,26 @@
+using Plutonium::Refinements::ParameterRefinements
+
+module Plutonium
+  module Resource
+    module Controllers
+      module Defineable
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :current_definition, :resource_definition
+        end
+
+        private
+
+        def resource_definition(resource_class)
+          definition_class = "#{resource_class}Definition".constantize
+          definition_class.new
+        end
+
+        def current_definition
+          @current_definition ||= resource_definition resource_class
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/{core → resource}/controllers/interactive_actions.rb

@@ -1,5 +1,5 @@
 module Plutonium
-  module Core
+  module Resource
     module Controllers
       module InteractiveActions
         extend ActiveSupport::Concern
@@ -7,17 +7,17 @@ module Plutonium
         included do
           helper_method :current_interactive_action
 
-          before_action :validate_interactive_resource_action, only: %i[
+          before_action :validate_interactive_resource_action!, only: %i[
             begin_interactive_resource_record_action commit_interactive_resource_record_action
             begin_interactive_resource_collection_action commit_interactive_resource_collection_action
             begin_interactive_resource_recordless_action commit_interactive_resource_recordless_action
           ]
 
-          before_action :authorize_interactive_resource_record_action, only: %i[
+          before_action :authorize_interactive_resource_record_action!, only: %i[
             begin_interactive_resource_record_action commit_interactive_resource_record_action
           ]
 
-          before_action :authorize_interactive_resource_action, only: %i[
+          before_action :authorize_interactive_resource_action!, only: %i[
             begin_interactive_resource_collection_action commit_interactive_resource_collection_action
             begin_interactive_resource_recordless_action commit_interactive_resource_recordless_action
           ]
@@ -123,7 +123,7 @@ module Plutonium
 
         # GET /resources/actions/:interactive_action
         def begin_interactive_resource_recordless_action
-          skip_policy_scope
+          # skip_policy_scope
 
           @interaction = current_interactive_action.interaction.new interaction_params
 
@@ -136,7 +136,7 @@ module Plutonium
 
         # POST /resources/actions/:interactive_action
         def commit_interactive_resource_recordless_action
-          skip_policy_scope
+          # skip_policy_scope
 
           respond_to do |format|
             inputs = interaction_params
@@ -182,25 +182,25 @@ module Plutonium
           @interactive_resource_actions ||= current_presenter.actions.except :new, :show, :edit, :destroy
         end
 
-        def validate_interactive_resource_action
+        def validate_interactive_resource_action!
           interactive_resource_action = params[:interactive_action]&.to_sym
           unless interactive_resource_actions.key?(interactive_resource_action)
             raise ::AbstractController::ActionNotFound, "Unknown action '#{interactive_resource_action}'"
           end
         end
 
-        def authorize_interactive_resource_record_action
+        def authorize_interactive_resource_record_action!
           interactive_resource_action = params[:interactive_action]&.to_sym
-          authorize resource_record, :"#{interactive_resource_action}?"
+          authorize_current! resource_record, to: :"#{interactive_resource_action}?"
         end
 
-        def authorize_interactive_resource_action
+        def authorize_interactive_resource_action!
           interactive_resource_action = params[:interactive_action]&.to_sym
-          authorize resource_class, :"#{interactive_resource_action}?"
+          authorize_current! resource_class, to: :"#{interactive_resource_action}?"
         end
 
         def interactive_resource_collection
-          @interactive_resource_collection ||= policy_scope(resource_class).from_path_param(params.require(:ids)).all
+          @interactive_resource_collection ||= current_authorized_scope.from_path_param(params.require(:ids))
         end
 
         def interaction_params

data/lib/plutonium/resource/controllers/presentable.rb

@@ -0,0 +1,41 @@
+module Plutonium
+  module Resource
+    module Controllers
+      module Presentable
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :presentable_attributes, :present_associations?
+          helper_method :build_form, :build_detail, :build_collection
+        end
+
+        private
+
+        def presentable_attributes
+          @presentable_attributes ||= begin
+            presentable_attributes = permitted_attributes
+            presentable_attributes -= [scoped_entity_param_key, :"#{scoped_entity_param_key}_id"] if scoped_to_entity?
+            presentable_attributes -= [parent_input_param, :"#{parent_input_param}_id"] if current_parent.present?
+            presentable_attributes
+          end
+        end
+
+        def build_collection
+          current_definition.collection_class.new(@resource_records, resource_fields: presentable_attributes, resource_definition: current_definition)
+        end
+
+        def build_detail
+          current_definition.detail_class.new(resource_record, resource_fields: presentable_attributes, resource_associations: permitted_associations, resource_definition: current_definition)
+        end
+
+        def build_form(record = resource_record)
+          current_definition.form_class.new(record, resource_fields: presentable_attributes, resource_definition: current_definition)
+        end
+
+        def present_associations?
+          current_parent.nil?
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/resource/controllers/queryable.rb

@@ -0,0 +1,44 @@
+using Plutonium::Refinements::ParameterRefinements
+
+module Plutonium
+  module Resource
+    module Controllers
+      module Queryable
+        extend ActiveSupport::Concern
+
+        included do
+          helper_method :resource_query_params, :current_query_object
+        end
+
+        def resource_query_object(resource_class, params)
+          query_object_class = "#{resource_class}QueryObject".constantize
+          query_object_class.new resource_context, params
+        end
+
+        def current_query_object
+          @current_query_object ||= Plutonium::Resource::QueryObject.new(resource_context, resource_query_params) do |query_object|
+            if current_definition.search_definition
+              query_object.define_search proc { |scope, search:|
+                current_definition.search_definition.call(scope, search)
+              }
+            end
+
+            current_definition.defined_scopes.each do |key, value|
+              query_object.define_scope key, value[:block]
+            end
+
+            current_definition.defined_sorts.each do |key, value|
+              query_object.define_sorter key, value[:block]
+            end
+
+            query_object
+          end
+        end
+
+        def resource_query_params
+          (params[:q]&.nilify&.to_unsafe_h || {}).with_indifferent_access
+        end
+      end
+    end
+  end
+end

data/lib/plutonium/resource/definition.rb

@@ -0,0 +1,6 @@
+module Plutonium
+  module Resource
+    class Definition < Plutonium::Definition::Base
+    end
+  end
+end

data/lib/plutonium/resource/policy.rb

@@ -1,13 +1,19 @@
+# frozen_string_literal: true
+
 module Plutonium
   module Resource
     # Policy class to define permissions and attributes for a resource.
     # This class provides methods to check permissions for various actions
     # and to retrieve permitted attributes for these actions.
-    class Policy
-      include Plutonium::Policy::Initializer
+    class Policy < ActionPolicy::Base
+      authorize :user, allow_nil: false
+      authorize :scope, allow_nil: true
 
-      # Scope class to define the scope of the policy.
-      class Scope < Plutonium::Policy::Scope
+      relation_scope do |relation|
+        if scope.present?
+          relation = relation.associated_with(scope)
+        end
+        relation
       end
 
       # Sends a method and raises an error if the method is not implemented.
@@ -95,7 +101,7 @@ module Plutonium
       # @return [Array<Symbol>] The permitted attributes.
       def permitted_attributes_for_create
         autodetect_permitted_fields(:permitted_attributes_for_create) - [
-          context.resource_context.resource_class.primary_key.to_sym, # primary_key
+          resource_class.primary_key.to_sym, # primary_key
           :created_at, :updated_at # timestamps
         ]
       end
@@ -153,13 +159,17 @@ module Plutonium
 
       private
 
+      def resource_class
+        record.instance_of?(Class) ? record : record.class
+      end
+
       # Autodetects the permitted fields for a given method.
       #
       # @param method_name [Symbol] The name of the method.
       # @return [Array<Symbol>] The auto-detected permitted fields.
       def autodetect_permitted_fields(method_name)
         warn_about_autodetect_usage(method_name)
-        context.resource_context.resource_class.resource_field_names
+        resource_class.resource_field_names
       end
 
       # Warns about the usage of auto-detection of fields.
@@ -171,16 +181,18 @@ module Plutonium
           raise "Resource field auto-detection: #{self.class}##{method} outside development"
         end
 
-        Plutonium.logger.warn %(
-          🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
+        Plutonium.logger.warn {
+          %(
+            🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
 
-          Resource field auto-detection: #{self.class}##{method}
+            Resource field auto-detection: #{self.class}##{method}
 
-          Auto-detected resource fields result in security holes and will fail outside of development.
-          Override #{context.resource_context.resource_class}Policy or #{self.class} with your own ##{method} method.
+            Auto-detected resource fields result in security holes and will fail outside of development.
+            Override #{resource_class}Policy or #{self.class} with your own ##{method} method.
 
-          🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
-        )
+            🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨🚨
+          )
+        }
       end
     end
   end

data/lib/plutonium/resource/query_object.rb

@@ -102,7 +102,7 @@ module Plutonium
       #
       # @param context [Object] The context in which the query object is used.
       # @param params [Hash] The parameters for initialization.
-      def initialize(context, params)
+      def initialize(context, params, &)
         @context = context
 
         define_standard_queries
@@ -110,10 +110,54 @@ module Plutonium
         define_filters
         define_sorters
 
+        yield self if block_given?
+
         extract_filter_params(params)
         extract_sort_params(params)
       end
 
+      # Defines a filter with the given name and body.
+      #
+      # @param name [Symbol] The name of the filter.
+      # @param body [Proc, nil] The body of the filter.
+      def define_filter(name, body = nil, &)
+        body ||= name
+        filter_definitions[name] = build_query(body, &)
+      end
+
+      # Defines a scope with the given name and body.
+      #
+      # @param name [Symbol] The name of the scope.
+      # @param body [Proc, nil] The body of the scope.
+      def define_scope(name, body = nil)
+        body ||= name
+        scope_definitions[name] = build_query(body)
+      end
+
+      # Defines a sort with the given name and body.
+      #
+      # @param name [Symbol] The name of the sort.
+      # @param body [Proc, nil] The body of the sort.
+      def define_sorter(name, body = nil)
+        if body.nil?
+          sort_field = determine_sort_field(name)
+          body = ->(scope, direction:) { scope.order(sort_field => direction) }
+        end
+
+        sort_definitions[name] = build_query(body) do |query|
+          query.define_field_input :direction
+        end
+      end
+
+      # Defines a search filter with the given body.
+      #
+      # @param body [Proc, Symbol] The body of the search filter.
+      def define_search(body)
+        @search_filter = build_query(body) do |query|
+          query.define_field_input :search
+        end
+      end
+
       # Builds a URL with the given options for search and sorting.
       #
       # @param options [Hash] The options for building the URL.
@@ -186,48 +230,6 @@ module Plutonium
         define_search(:search) if resource_class.respond_to?(:search)
       end
 
-      # Defines a filter with the given name and body.
-      #
-      # @param name [Symbol] The name of the filter.
-      # @param body [Proc, nil] The body of the filter.
-      def define_filter(name, body = nil, &)
-        body ||= name
-        filter_definitions[name] = build_query(body, &)
-      end
-
-      # Defines a scope with the given name and body.
-      #
-      # @param name [Symbol] The name of the scope.
-      # @param body [Proc, nil] The body of the scope.
-      def define_scope(name, body = nil)
-        body ||= name
-        scope_definitions[name] = build_query(body)
-      end
-
-      # Defines a sort with the given name and body.
-      #
-      # @param name [Symbol] The name of the sort.
-      # @param body [Proc, nil] The body of the sort.
-      def define_sorter(name, body = nil)
-        if body.nil?
-          sort_field = determine_sort_field(name)
-          body = ->(scope, direction:) { scope.order(sort_field => direction) }
-        end
-
-        sort_definitions[name] = build_query(body) do |query|
-          query.define_field_input :direction
-        end
-      end
-
-      # Defines a search filter with the given body.
-      #
-      # @param body [Proc, Symbol] The body of the search filter.
-      def define_search(body)
-        @search_filter = build_query(body) do |query|
-          query.define_field_input :search
-        end
-      end
-
       # Extracts filter parameters from the given params.
       #
       # @param params [Hash] The parameters to extract.
@@ -308,14 +310,11 @@ module Plutonium
           query_params[:sort_fields] << sort.to_s unless query_params[:sort_fields].include?(sort.to_s)
 
           sort_direction = selected_sort_directions[sort]
-          if sort_direction.nil?
-            query_params[:sort_directions][sort] = "ASC"
-          elsif sort_direction == "ASC"
-            query_params[:sort_directions][sort] = "DESC"
-          else
-            query_params[:sort_fields].delete_if { |e| e == sort.to_s }
-            query_params[:sort_directions].delete(sort)
-          end
+          query_params[:sort_directions][sort] = (sort_direction == "ASC") ? "DESC" : "ASC"
+          # else
+          #   query_params[:sort_fields].delete_if { |e| e == sort.to_s }
+          #   query_params[:sort_directions].delete(sort)
+          # end
         end
       end