plutonium 0.37.0 → 0.39.0

data/lib/plutonium/query/filters/association.rb

@@ -12,10 +12,15 @@ module Plutonium
       # @example With multiple selection
       #   filter :tags, with: :association, class_name: Tag, multiple: true
       #
+      # @example With custom scope
+      #   filter :user, with: :association, class_name: User, scope: ->(s) { s.active }
+      #
       class Association < Filter
-        def initialize(class_name: nil, multiple: false, **)
+        def initialize(class_name: nil, resource_class: nil, scope: nil, multiple: false, **)
           super(**)
-          @association_class = class_name
+          @class_name = class_name
+          @resource_class = resource_class
+          @scope_proc = scope
           @multiple = multiple
         end
 
@@ -41,7 +46,24 @@ module Plutonium
         private
 
         def association_class
-          @association_class || key.to_s.classify.constantize
+          @association_class ||= resolve_class_name || detect_class_from_reflection || infer_class_from_key
+        end
+
+        def resolve_class_name
+          return nil unless @class_name
+
+          @class_name.is_a?(String) ? @class_name.constantize : @class_name
+        end
+
+        def detect_class_from_reflection
+          return nil unless @resource_class
+
+          reflection = @resource_class.reflect_on_association(key)
+          reflection&.klass
+        end
+
+        def infer_class_from_key
+          key.to_s.classify.constantize
         end
       end
     end

data/lib/plutonium/resource/controller.rb

@@ -1,5 +1,6 @@
 require "action_controller"
 require "pagy"
+require_relative "../routing/mapper_extensions"
 
 module Plutonium
   module Resource
@@ -19,7 +20,7 @@ module Plutonium
         # https://github.com/ddnexus/pagy/blob/master/docs/extras/headers.md#headers
         after_action { pagy_headers_merge(@pagy) if @pagy }
 
-        helper_method :current_parent, :resource_record!, :resource_record?, :resource_param_key, :resource_class
+        helper_method :current_parent, :current_nested_association, :resource_record!, :resource_record?, :resource_param_key, :resource_class
 
         # Use class_attribute for proper inheritance
         class_attribute :_resource_class, instance_accessor: false
@@ -39,9 +40,22 @@ module Plutonium
         def resource_class
           return _resource_class if _resource_class
 
+          base_name = name.to_s.gsub(/^#{current_package}::/, "").gsub(/Controller$/, "")
+          singularized_name = base_name.singularize.camelize
+
           # Use singularize + camelize to respect custom inflections
-          name.to_s.gsub(/^#{current_package}::/, "").gsub(/Controller$/, "").singularize.camelize.constantize
+          singularized_name.constantize
         rescue NameError
+          # Check if inflection is the issue (e.g., PostMetadata -> PostMetadatum)
+          if base_name != singularized_name && base_name.camelize.safe_constantize
+            raise NameError, <<~MSG.squish
+              Failed to determine the resource class for #{name}.
+              Rails singularized "#{base_name}" to "#{singularized_name}", but "#{base_name.camelize}" exists.
+              Add an inflection rule to config/initializers/inflections.rb.
+              See: https://radioactive-labs.github.io/plutonium-core/guides/troubleshooting
+            MSG
+          end
+
           raise NameError, "Failed to determine the resource class. Please call `controller_for(MyResource)` in #{name}."
         end
         # memoize_unless_reloading :resource_class
@@ -49,13 +63,29 @@ module Plutonium
 
       private
 
+      # Override to prepend parent label for nested resources in the browser tab title.
+      # e.g., "John Doe › Authored Comments"
+      def set_page_title(page_title)
+        @page_title = if current_parent
+          "#{current_parent.to_label} › #{page_title}"
+        else
+          page_title
+        end
+      end
+
       def resource_class
-        self.class.resource_class
+        if current_parent
+          # Nested route: resource_class must come from route config
+          current_resource_route_config&.dig(:resource_class) or
+            raise "No resource_class found in route config for nested route"
+        else
+          self.class.resource_class
+        end
       end
 
       def resource_record_relation
         @resource_record_relation ||= begin
-          resource_route_config = current_engine.routes.resource_route_config_for(resource_class.model_name.plural)[0]
+          resource_route_config = current_resource_route_config
           if resource_route_config[:route_type] == :resource
             current_authorized_scope
           elsif params[:id]
@@ -66,6 +96,33 @@ module Plutonium
         end
       end
 
+      def current_resource_route_config
+        @current_resource_route_config ||= if current_parent
+          current_engine.routes.resource_route_config_lookup["#{current_parent.class.model_name.plural}/#{current_nested_association}"]
+        else
+          current_engine.routes.resource_route_config_for(resource_class.model_name.plural)[0]
+        end
+      end
+
+      # Extracts the association name from the current nested route
+      # e.g., for route /posts/:post_id/nested_comments, returns :comments
+      # @return [Symbol, nil] The association name
+      def current_nested_association
+        return unless parent_route_param
+
+        # Extract from request path: find the nested_* segment after the parent param
+        # e.g., /posts/123/nested_comments/456 => "comments"
+        # Note: Strip format extension (.json, .xml, etc.) from the segment
+        prefix = Plutonium::Routing::NESTED_ROUTE_PREFIX
+        path_segments = request.path.split("/")
+        nested_segment = path_segments.find { |seg| seg.start_with?(prefix) }
+        return unless nested_segment
+
+        # Remove prefix and any format extension (e.g., "nested_versions.json" -> "versions")
+        association_name = nested_segment.delete_prefix(prefix).sub(/\.\w+\z/, "")
+        association_name.to_sym
+      end
+
       def resource_record!
         @resource_record ||= resource_record_relation.first!
       end
@@ -77,7 +134,10 @@ module Plutonium
       # Returns the submitted resource parameters
       # @return [Hash] The submitted resource parameters
       def submitted_resource_params
-        @submitted_resource_params ||= build_form(resource_class.new).extract_input(params, view_context:)[resource_param_key.to_sym].compact
+        # Use existing record (cloned) for context during param extraction, or new instance for create
+        # Pass form_action: false to prevent form from trying to generate URL (cloned record has id: nil)
+        extraction_record = resource_record?&.dup || resource_class.new
+        @submitted_resource_params ||= build_form(extraction_record, form_action: false).extract_input(params, view_context:)[resource_param_key.to_sym].compact
       end
 
       # Returns the resource parameters, including scoped and parent parameters
@@ -93,9 +153,9 @@ module Plutonium
       end
 
       # Returns the resource parameter key
-      # @return [Symbol] The resource parameter key
+      # @return [Symbol] The resource parameter key (for form params)
       def resource_param_key
-        resource_class.model_name.singular_route_key
+        resource_class.model_name.param_key
       end
 
       # Creates a resource context
@@ -146,12 +206,30 @@ module Plutonium
         @parent_route_param ||= request.path_parameters.keys.reverse.find { |key| /_id$/.match? key }
       end
 
-      # Returns the parent input parameter
+      # Returns the parent input parameter (the belongs_to association name on the child)
+      # Finds the belongs_to association on the child that matches the parent's foreign key
       # @return [Symbol, nil] The parent input parameter
       def parent_input_param
         return unless current_parent
 
-        resource_class.reflect_on_all_associations(:belongs_to).find { |assoc| assoc.klass.name == current_parent.class.name }&.name&.to_sym
+        unless current_nested_association
+          raise "parent exists but current_nested_association is nil - routing misconfiguration"
+        end
+
+        parent_assoc = current_parent.class.reflect_on_association(current_nested_association)
+        unless parent_assoc
+          raise "#{current_parent.class} does not have association :#{current_nested_association}"
+        end
+
+        # Try inverse_of first (if explicitly set)
+        return parent_assoc.inverse_of.name.to_sym if parent_assoc.inverse_of
+
+        # Fall back to finding belongs_to by foreign key
+        foreign_key = parent_assoc.foreign_key.to_s
+        child_assoc = resource_class.reflect_on_all_associations(:belongs_to).find do |assoc|
+          assoc.foreign_key.to_s == foreign_key && assoc.klass == current_parent.class
+        end
+        child_assoc&.name&.to_sym
       end
 
       # Ensures the method is a GET request
@@ -195,6 +273,10 @@ module Plutonium
       # @return [Array] The URL arguments
       def resource_url_args_for(*, **kwargs)
         kwargs[:parent] = current_parent unless kwargs.key?(:parent)
+        # Pass the current association when in a nested context
+        if kwargs[:parent] && !kwargs.key?(:association) && current_nested_association
+          kwargs[:association] = current_nested_association
+        end
         super
       end
     end

data/lib/plutonium/resource/controllers/authorizable.rb

@@ -108,11 +108,16 @@ module Plutonium
           authorized_scope(resource_class.all, context: current_policy_context)
         end
 
-        # Sets the policy context scope value to the current parent if available
+        # Returns the policy context for the current resource
+        # Separates parent scoping (nested routes) from entity scoping (multi-tenancy)
         #
-        # @return [Hash] default context for the current resource's policy
+        # @return [Hash] context containing parent, parent_association, and entity_scope
         def current_policy_context
-          {entity_scope: current_parent || entity_scope_for_authorize}
+          {
+            parent: current_parent,
+            parent_association: current_nested_association,
+            entity_scope: entity_scope_for_authorize
+          }
         end
 
         # Authorizes the current action for the given record of the current resource
@@ -130,7 +135,15 @@ module Plutonium
         #
         # @return [Array<Symbol>] the list of permitted attributes for the current action
         def permitted_attributes
-          @permitted_attributes ||= current_policy.send_with_report(:"permitted_attributes_for_#{action_name}").freeze
+          @permitted_attributes ||= permitted_attributes_for(action_name)
+        end
+
+        # Returns the list of permitted attributes for a specific action on the current resource
+        #
+        # @param action [String, Symbol] the action to get permitted attributes for
+        # @return [Array<Symbol>] the list of permitted attributes for the action
+        def permitted_attributes_for(action)
+          current_policy.send_with_report(:"permitted_attributes_for_#{action}").freeze
         end
 
         # Returns the list of permitted associations for the current resource

data/lib/plutonium/resource/controllers/crud_actions.rb

@@ -12,7 +12,7 @@ module Plutonium
         # GET /resources(.{format})
         def index
           authorize_current! resource_class
-          set_page_title resource_class.model_name.human.pluralize.titleize
+          set_page_title helpers.nestable_resource_name_plural(resource_class)
 
           setup_index_action!
 
@@ -53,7 +53,7 @@ module Plutonium
 
           respond_to do |format|
             if params[:pre_submit]
-              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form)) }
+              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form(action: :new))) }
               format.html { render :new, status: :unprocessable_content }
             elsif resource_record!.save
               format.turbo_stream do
@@ -71,7 +71,8 @@ module Plutonium
                   location: redirect_url_after_submit
               end
             else
-              format.any(:html, :turbo_stream) { render :new, formats: [:html], status: :unprocessable_content }
+              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form(action: :new))), status: :unprocessable_content }
+              format.html { render :new, status: :unprocessable_content }
               format.any do
                 @errors = resource_record!.errors
                 render "errors", status: :unprocessable_content
@@ -99,7 +100,7 @@ module Plutonium
 
           respond_to do |format|
             if params[:pre_submit]
-              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form)) }
+              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form(action: :edit))) }
               format.html { render :edit, status: :unprocessable_content }
             elsif resource_record!.save
               format.turbo_stream do
@@ -115,7 +116,8 @@ module Plutonium
                 render :show, status: :ok, location: redirect_url_after_submit
               end
             else
-              format.any(:html, :turbo_stream) { render :edit, formats: [:html], status: :unprocessable_content }
+              format.turbo_stream { render turbo_stream: turbo_stream.replace("resource-form", view_context.render(build_form(action: :edit))), status: :unprocessable_content }
+              format.html { render :edit, status: :unprocessable_content }
               format.any do
                 @errors = resource_record!.errors
                 render "errors", status: :unprocessable_content

data/lib/plutonium/resource/controllers/interactive_actions.rb

@@ -62,6 +62,9 @@ module Plutonium
                 format.html do
                   redirect_to return_url, status: :see_other
                 end
+                format.any do
+                  render :show, status: :ok, location: return_url
+                end
               else
                 format.any(:html, :turbo_stream) do
                   render :interactive_record_action, formats: [:html], status: :unprocessable_content
@@ -117,6 +120,9 @@ module Plutonium
                 format.html do
                   redirect_to return_url, status: :see_other
                 end
+                format.any do
+                  head :no_content, location: return_url
+                end
               else
                 format.any(:html, :turbo_stream) do
                   render :interactive_resource_action, formats: [:html], status: :unprocessable_content
@@ -166,6 +172,9 @@ module Plutonium
                 format.html do
                   redirect_to return_url, status: :see_other
                 end
+                format.any do
+                  head :no_content, location: return_url
+                end
               else
                 format.any(:html, :turbo_stream) do
                   render :interactive_bulk_action, formats: [:html], status: :unprocessable_content

data/lib/plutonium/resource/controllers/presentable.rb

@@ -24,16 +24,18 @@ module Plutonium
         end
 
         def submittable_attributes
-          @submittable_attributes ||= begin
-            submittable_attributes = permitted_attributes
-            if current_parent && !submit_parent?
-              submittable_attributes -= [parent_input_param, :"#{parent_input_param}_id"]
-            end
-            if scoped_to_entity? && !submit_scoped_entity?
-              submittable_attributes -= [scoped_entity_param_key, :"#{scoped_entity_param_key}_id"]
-            end
-            submittable_attributes
+          @submittable_attributes ||= submittable_attributes_for(action_name)
+        end
+
+        def submittable_attributes_for(action)
+          submittable_attributes = permitted_attributes_for(action)
+          if current_parent && !submit_parent?
+            submittable_attributes -= [parent_input_param, :"#{parent_input_param}_id"]
+          end
+          if scoped_to_entity? && !submit_scoped_entity?
+            submittable_attributes -= [scoped_entity_param_key, :"#{scoped_entity_param_key}_id"]
           end
+          submittable_attributes
         end
 
         def build_collection
@@ -44,8 +46,10 @@ module Plutonium
           current_definition.detail_class.new(resource_record!, resource_fields: presentable_attributes, resource_associations: permitted_associations, resource_definition: current_definition)
         end
 
-        def build_form(record = resource_record!)
-          current_definition.form_class.new(record, resource_fields: submittable_attributes, resource_definition: current_definition)
+        def build_form(record = resource_record!, action: action_name, form_action: nil, **)
+          form_options = {resource_fields: submittable_attributes_for(action), resource_definition: current_definition, **}
+          form_options[:action] = form_action unless form_action.nil?
+          current_definition.form_class.new(record, **form_options)
         end
 
         def present_parent? = false

data/lib/plutonium/resource/policy.rb

@@ -8,11 +8,82 @@ module Plutonium
     class Policy < ::ActionPolicy::Base
       authorize :user, allow_nil: false
       authorize :entity_scope, allow_nil: true
+      authorize :parent, optional: true
+      authorize :parent_association, optional: true
 
       relation_scope do |relation|
-        next relation unless entity_scope
+        default_relation_scope(relation)
+      end
+
+      # Wraps apply_scope to verify default_relation_scope was called.
+      # This prevents accidental multi-tenancy leaks when overriding relation_scope.
+      def apply_scope(relation, type:, **options)
+        @_default_relation_scope_applied = false
+        result = super
+        verify_default_relation_scope_applied! if type == :active_record_relation
+        result
+      end
 
-        relation.associated_with(entity_scope)
+      # Explicitly skip the default relation scope verification.
+      #
+      # Call this when you intentionally want to bypass parent/entity scoping.
+      # This should be rare - consider using a separate portal instead.
+      #
+      # @example Skipping default scoping (use sparingly)
+      #   relation_scope do |relation|
+      #     skip_default_relation_scope!
+      #     relation.where(featured: true)  # No parent/entity scoping
+      #   end
+      def skip_default_relation_scope!
+        @_default_relation_scope_applied = true
+      end
+
+      # Applies Plutonium's default scoping (parent or entity) to a relation.
+      #
+      # This method MUST be called in any custom relation_scope to ensure proper
+      # parent/entity scoping. Failure to call it will raise an error.
+      #
+      # @example Overriding inherited scope while keeping default scoping
+      #   # Parent policy has custom filtering you want to replace
+      #   class AdminPostPolicy < PostPolicy
+      #     relation_scope do |relation|
+      #       # Replace inherited scope but keep Plutonium's parent/entity scoping
+      #       default_relation_scope(relation)
+      #     end
+      #   end
+      #
+      # @example Adding filtering on top of default scoping
+      #   relation_scope do |relation|
+      #     default_relation_scope(relation).where(published: true)
+      #   end
+      #
+      # @param relation [ActiveRecord::Relation] The relation to scope
+      # @return [ActiveRecord::Relation] The scoped relation
+      def default_relation_scope(relation)
+        @_default_relation_scope_applied = true
+
+        if parent || parent_association
+          unless parent && parent_association
+            raise ArgumentError, "parent and parent_association must both be provided together"
+          end
+
+          # Parent association scoping (nested routes)
+          # The parent was already entity-scoped during authorization, so children
+          # accessed through the parent don't need additional entity scoping
+          assoc_reflection = parent.class.reflect_on_association(parent_association)
+          if assoc_reflection.collection?
+            # has_many: merge with the association's scope
+            parent.public_send(parent_association).merge(relation)
+          else
+            # has_one: scope by foreign key
+            relation.where(assoc_reflection.foreign_key => parent.id)
+          end
+        elsif entity_scope
+          # Entity scoping (multi-tenancy)
+          relation.associated_with(entity_scope)
+        else
+          relation
+        end
       end
 
       # Sends a method and raises an error if the method is not implemented.
@@ -162,6 +233,18 @@ module Plutonium
         record.instance_of?(Class) ? record : record.class
       end
 
+      # Verifies that default_relation_scope was called during scope application.
+      # Raises an error if it wasn't, preventing accidental multi-tenancy leaks.
+      def verify_default_relation_scope_applied!
+        return if @_default_relation_scope_applied
+
+        raise <<~MSG.squish
+          #{self.class.name} did not call `default_relation_scope` in its relation_scope.
+          This can cause multi-tenancy leaks. Either call `default_relation_scope(relation)`
+          or `super(relation)` in your relation_scope block.
+        MSG
+      end
+
       # Autodetects the permitted fields for a given method.
       #
       # @param method_name [Symbol] The name of the method.

data/lib/plutonium/resource/record/routes.rb

@@ -12,10 +12,40 @@ module Plutonium
         end
 
         class_methods do
+          # Returns metadata for has_many associations that can be routed
+          # @return [Array<Hash>] Array of hashes with :name, :klass, :plural keys
+          def routable_has_many_associations
+            return @routable_has_many_associations if defined?(@routable_has_many_associations) && !Rails.env.local?
+
+            @routable_has_many_associations = reflect_on_all_associations(:has_many).map do |assoc|
+              {name: assoc.name, klass: assoc.klass, plural: assoc.klass.model_name.plural}
+            end
+          end
+
+          # Returns metadata for has_one associations that can be routed
+          # @return [Array<Hash>] Array of hashes with :name, :klass, :plural keys
+          def routable_has_one_associations
+            return @routable_has_one_associations if defined?(@routable_has_one_associations) && !Rails.env.local?
+
+            @routable_has_one_associations = reflect_on_all_associations(:has_one)
+              .reject { |assoc| assoc.options[:through] }
+              .map do |assoc|
+                {name: assoc.name, klass: assoc.klass, plural: assoc.klass.model_name.plural}
+              end
+          end
+
+          # @deprecated Use routable_has_many_associations instead
           def has_many_association_routes
             return @has_many_association_routes if defined?(@has_many_association_routes) && !Rails.env.local?
 
-            @has_many_association_routes = reflect_on_all_associations(:has_many).map { |assoc| assoc.klass.model_name.plural }
+            @has_many_association_routes = routable_has_many_associations.map { |info| info[:plural] }
+          end
+
+          # @deprecated Use routable_has_one_associations instead
+          def has_one_association_routes
+            return @has_one_association_routes if defined?(@has_one_association_routes) && !Rails.env.local?
+
+            @has_one_association_routes = routable_has_one_associations.map { |info| info[:plural] }
           end
 
           def all_nested_attributes_options

data/lib/plutonium/routing/mapper_extensions.rb

@@ -2,6 +2,9 @@
 
 module Plutonium
   module Routing
+    # Prefix used for nested resource routes to disambiguate from user-defined routes
+    NESTED_ROUTE_PREFIX = "nested_"
+
     # MapperExtensions module provides additional functionality for route mapping in Plutonium applications.
     #
     # This module extends the functionality of Rails' routing mapper to support Plutonium-specific features,
@@ -77,10 +80,43 @@ module Plutonium
       # @param resource [Class] The parent resource class.
       # @return [void]
       def define_nested_resource_routes(resource)
-        nested_configs = route_set.resource_route_config_for(*resource.has_many_association_routes)
-        nested_configs.each do |nested_config|
-          resources "nested_#{nested_config[:route_name]}", **nested_config[:route_options] do
-            instance_exec(&nested_config[:block]) if nested_config[:block]
+        # has_many associations use plural routes
+        resource.routable_has_many_associations.each do |assoc_info|
+          base_config = route_set.resource_route_config_for(assoc_info[:plural])[0]
+          next unless base_config
+
+          # Register with association-based key: "parent_plural/association_name"
+          nested_key = "#{resource.model_name.plural}/#{assoc_info[:name]}"
+          nested_config = base_config.merge(
+            association_name: assoc_info[:name],
+            resource_class: assoc_info[:klass]
+          )
+          route_set.resource_route_config_lookup[nested_key] = nested_config
+
+          resources "#{NESTED_ROUTE_PREFIX}#{assoc_info[:name]}", **base_config[:route_options].except(:path) do
+            instance_exec(&base_config[:block]) if base_config[:block]
+          end
+        end
+
+        # has_one associations use singular routes
+        resource.routable_has_one_associations.each do |assoc_info|
+          base_config = route_set.resource_route_config_for(assoc_info[:plural])[0]
+          next unless base_config
+
+          # Register with association-based key and singular route type
+          nested_key = "#{resource.model_name.plural}/#{assoc_info[:name]}"
+          nested_config = base_config.merge(
+            route_type: :resource,
+            association_name: assoc_info[:name],
+            resource_class: assoc_info[:klass]
+          )
+          route_set.resource_route_config_lookup[nested_key] = nested_config
+
+          resource "#{NESTED_ROUTE_PREFIX}#{assoc_info[:name]}", **base_config[:route_options].except(:path) do
+            original_collection = method(:collection)
+            define_singleton_method(:collection) { |&_| } # no-op for singular resources
+            instance_exec(&base_config[:block]) if base_config[:block]
+            define_singleton_method(:collection, original_collection)
           end
         end
       end
@@ -91,8 +127,9 @@ module Plutonium
       def define_member_interactive_actions
         member do
           get "record_actions/:interactive_action", action: :interactive_record_action,
-            as: :record_action
-          post "record_actions/:interactive_action", action: :commit_interactive_record_action
+            as: :interactive_record_action
+          post "record_actions/:interactive_action", action: :commit_interactive_record_action,
+            as: :commit_interactive_record_action
         end
       end
 
@@ -102,12 +139,14 @@ module Plutonium
       def define_collection_interactive_actions
         collection do
           get "bulk_actions/:interactive_action", action: :interactive_bulk_action,
-            as: :bulk_action
-          post "bulk_actions/:interactive_action", action: :commit_interactive_bulk_action
+            as: :interactive_bulk_action
+          post "bulk_actions/:interactive_action", action: :commit_interactive_bulk_action,
+            as: :commit_interactive_bulk_action
 
           get "resource_actions/:interactive_action", action: :interactive_resource_action,
-            as: :resource_action
-          post "resource_actions/:interactive_action", action: :commit_interactive_resource_action
+            as: :interactive_resource_action
+          post "resource_actions/:interactive_action", action: :commit_interactive_resource_action,
+            as: :commit_interactive_resource_action
         end
       end
 

data/lib/plutonium/routing/route_set_extensions.rb

@@ -83,6 +83,8 @@ module Plutonium
       end
 
       # @return [Hash] A lookup table for resource route configurations.
+      # Keys are either plural names (e.g., "profiles") for top-level routes
+      # or "parent_plural/child_plural" (e.g., "users/profiles") for nested routes.
       def resource_route_config_lookup
         @resource_route_config_lookup ||= {}
       end
@@ -107,6 +109,7 @@ module Plutonium
       # @return [Hash] The complete resource configuration.
       def create_resource_config(resource, route_name, concern_name, options = {}, &block)
         {
+          resource_class: resource,
           route_type: options[:singular] ? :resource : :resources,
           route_name: route_name,
           concern_name: concern_name,