propel_api 0.2.1 → 0.3.0

data/lib/generators/propel_api/resource/resource_generator.rb

@@ -4,45 +4,77 @@ require_relative '../core/named_base'
 module PropelApi
   class ResourceGenerator < PropelApi::NamedBase
     source_root File.expand_path("../templates", __dir__)
+
   
   desc <<~DESC
     Generate a complete API resource with model, migration, controller, and routes
     
-    ASSOCIATION EXAMPLES:
+    BASIC USAGE:
+      rails generate propel_api:resource Product name:string price:decimal
+      → Creates model, migration, controller, routes, tests, and fixtures
+      → Requires confirmation if multi-tenancy attributes are missing
     
-    Standard belongs_to/has_many (automatic):
-      rails generate propel_api Article title:string user:references category:references
-      → Article belongs_to :user, :category
-      → User/Category has_many :articles, dependent: :destroy
+    MULTI-TENANT RESOURCES (RECOMMENDED):
+      rails generate propel_api:resource Product name:string organization:references agency:references
+      → Includes multi-tenancy associations for proper data isolation
+      → organization:references (required) - isolates data by organization
+      → agency:references (optional) - sub-organization grouping
     
-         Polymorphic associations:
-       rails generate propel_api Comment content:text commentable:references
-       → Comment belongs_to :commentable, polymorphic: true
-       
-       rails generate propel_api Attachment name:string resource_parent:references  
-       → Attachment belongs_to :resource, polymorphic: true
+    POLYMORPHIC ASSOCIATIONS:
+      rails generate propel_api:resource Comment content:text commentable:polymorphic
+      → Comment belongs_to :commentable, polymorphic: true
+      → Auto-discovers available parent models for fixtures/seeds
+      → No quotes needed! (also supports commentable:references:polymorphic)
+      
+      rails generate propel_api:resource Comment content:text commentable:polymorphic --parents commentable:Post,Photo,Video
+      → Generates fixtures and seeds with specified polymorphic parent types
+      → Ensures realistic test data and development seeds
+      
+      LEGACY SYNTAX (still supported):
+      rails generate propel_api:resource Comment content:text "commentable:references{polymorphic}"
     
-         
+    SKIP CONFIRMATIONS:
+      rails generate propel_api:resource Tag name:string --skip-tenancy
+      → No confirmation prompts about missing multi-tenancy attributes
     
-    Skip associations entirely:
-      rails generate propel_api Article title:string user:references --skip-associations
+    SKIP ASSOCIATIONS:
+      rails generate propel_api:resource Article title:string user:references --skip-associations
       → No associations generated (manual setup required)
   DESC
   
   argument :attributes, type: :array, default: [], banner: "field:type field:type"
   
+  def initialize(args = [], local_options = {}, config = {})
+    # Process attributes to handle our custom polymorphic syntax
+    processed_args = args.dup
+    if processed_args.length > 1
+      # Convert user-friendly polymorphic syntax to Rails format
+      processed_args[1..-1] = processed_args[1..-1].map do |attr|
+        convert_polymorphic_syntax(attr)
+      end
+    end
+    
+    super(processed_args, local_options, config)
+  end
+  
   class_option :skip_associations,
                type: :boolean,
                desc: "Skip automatic association generation"
                
   class_option :skip_tenancy,
                type: :boolean,
-               desc: "Skip multi-tenancy foundation (organization and agency)"
+               default: false,
+               desc: "Skip warnings about missing multi-tenancy attributes (organization/agency)"
                
   class_option :with_comments,
                type: :boolean,
                default: false,
                desc: "Include usage comments in generated controller"
+               
+  class_option :parents,
+               type: :hash,
+               default: {},
+               desc: "Specify parent types for polymorphic associations (e.g., --parents commentable:Post,Photo,Video)"
 
   def create_migration
     initialize_propel_api_settings
@@ -90,7 +122,20 @@ module PropelApi
         say "No migration file found for #{table_name}", :yellow
       end
     else
-      generate :migration, "create_#{table_name}", *migration_attributes
+      # Check for tenancy and warn if missing (unless warnings are disabled)
+      check_tenancy_attributes_and_warn unless options[:skip_tenancy]
+      
+      # Build migration arguments from processed attributes
+      # This ensures our custom polymorphic syntax is converted to Rails format
+      migration_args = attributes.map do |attr|
+        if attr.type == :references && attr.respond_to?(:polymorphic?) && attr.polymorphic?
+          "#{attr.name}:references{polymorphic}"
+        else
+          "#{attr.name}:#{attr.type}"
+        end
+      end
+      
+      generate :migration, "create_#{table_name}", *migration_args
       # Post-process migration to make non-organization references nullable
       update_migration_constraints
     end
@@ -256,6 +301,98 @@ module PropelApi
     @relationship_inferrer
   end
 
+  def check_tenancy_attributes_and_warn
+    # Check configuration first - this enforces organizational standards
+    return unless should_check_tenancy_by_config?
+    
+    # Analyze what's missing based on configuration
+    missing_attributes = analyze_missing_tenancy_attributes
+    
+    # Only proceed if there are missing attributes
+    return if missing_attributes.empty?
+    
+    # Show warning about missing tenancy attributes
+    say "\n" + "="*80, :yellow
+    say "⚠️  MULTI-TENANCY CONFIRMATION REQUIRED", :yellow
+    say "="*80, :yellow
+    
+    # Show what's missing based on configuration
+    say "\n📋 This resource is missing required tenancy attributes:", :red
+    missing_attributes.each do |attr|
+      say "   • #{attr}:references (required by system policy)", :red
+    end
+    
+    # Show recommended command with missing attributes
+    missing_attrs = missing_attributes.map { |attr| "#{attr}:references" }.join(' ')
+    say "\n💡 Recommended command:", :green
+    say "   rails g propel_api:resource #{class_name} #{formatted_attributes} #{missing_attrs}", :green
+    
+    say "\n" + "="*80, :yellow
+    
+    # Require confirmation to proceed without tenancy
+    unless yes?("\n🚨 Do you want to continue WITHOUT required tenancy attributes? (y/N)")
+      say "\n✋ Generation cancelled. Please add the required tenancy attributes.", :red
+      say "💡 To skip this confirmation in the future: --skip-tenancy", :blue
+      exit 1
+    end
+    
+    say "\n🚨 Proceeding without required tenancy! This may violate system policies.", :yellow
+    
+    say ""
+  end
+
+  def should_check_tenancy_by_config?
+    # First check: Is tenancy enforcement enabled in configuration?
+    return false unless PropelApi.configuration.enforce_tenancy
+    
+    # Second check: Should this specific model be checked?
+    return should_have_tenancy_by_heuristics?
+  end
+  
+  def should_have_tenancy_by_heuristics?
+    # Skip tenancy warnings for certain model types that typically don't need it
+    # This provides a fallback when configuration doesn't specify exceptions
+    skip_tenancy_models = %w[
+      Organization Agency User
+    ]
+    
+    # Skip if this is one of the models that doesn't typically need tenancy
+    return false if skip_tenancy_models.include?(class_name)
+    
+    # Skip if this looks like a join table or through table
+    return false if table_name.include?('_') && table_name.split('_').length == 2
+    
+    # Skip if this is clearly a polymorphic join (like comments, attachments, etc.)
+    polymorphic_attributes = attributes.select { |attr| attr.respond_to?(:polymorphic?) && attr.polymorphic? }
+    return false if polymorphic_attributes.any? && attributes.length <= 3
+    
+    # Otherwise, assume it needs tenancy
+    true
+  end
+  
+  def analyze_missing_tenancy_attributes
+    # Get configured required tenancy attributes
+    required_attrs = PropelApi.configuration.required_tenancy_attributes || []
+    
+    # Check which attributes are present in the generator arguments
+    present_attrs = attributes.select { |attr| attr.type == :references }.map { |attr| attr.name.to_sym }
+    
+    # Find missing required attributes
+    missing_attrs = required_attrs - present_attrs
+    
+    missing_attrs
+  end
+
+  def formatted_attributes
+    attributes.map { |attr| 
+      if attr.type == :references && attr.respond_to?(:polymorphic?) && attr.polymorphic?
+        "\"#{attr.name}:references{polymorphic}\""
+      else
+        "#{attr.name}:#{attr.type}"
+      end
+    }.join(' ')
+  end
+
   def apply_inverse_relationships
     return unless @relationship_inferrer.should_generate_associations?
     return if behavior == :revoke
@@ -358,55 +495,17 @@ module PropelApi
     file_name.pluralize
   end
 
-  def migration_attributes
-    # Always include organization (required) and agency (optional) for multi-tenancy
-    # unless --skip-tenancy flag is used
-    if options[:skip_tenancy]
-      # Only include what the developer explicitly specified
-      attributes.map { |attr| "#{attr.name}:#{attr.type}" }
-    else
-      # Include multi-tenancy foundation by default
-      standard_attributes = ["organization:references", "agency:references"]
-      
-      # Add user-specified attributes, but skip organization and agency if they're already specified
-      user_attributes = attributes.map { |attr| "#{attr.name}:#{attr.type}" }
-      user_attributes.reject! { |attr| attr.start_with?("organization:") || attr.start_with?("agency:") }
-      
-      # Combine standard and user attributes
-      standard_attributes + user_attributes
-    end
-  end
 
   def permitted_param_names
-    if options[:skip_tenancy]
-      # Only include what the developer explicitly specified
-      attributes.map do |attr|
-        # Convert references to foreign key names for permitted params
-        # e.g., organization:references becomes organization_id
-        if attr.type == :references
-          "#{attr.name}_id"
-        else
-          attr.name
-        end
-      end
-    else
-      # Always include organization_id (required) and agency_id (optional) for multi-tenancy
-      standard_params = ["organization_id", "agency_id"]
-      
-      # Add user-specified attributes, but skip organization and agency if they're already specified
-      user_params = attributes.map do |attr|
-        # Convert references to foreign key names for permitted params
-        # e.g., organization:references becomes organization_id
-        if attr.type == :references
-          "#{attr.name}_id"
-        else
-          attr.name
-        end
+    # Include exactly what the developer specified
+    attributes.map do |attr|
+      # Convert references to foreign key names for permitted params
+      # e.g., organization:references becomes organization_id
+      if attr.type == :references
+        "#{attr.name}_id"
+      else
+        attr.name
       end
-      user_params.reject! { |param| param == "organization_id" || param == "agency_id" }
-      
-      # Combine standard and user params
-      standard_params + user_params
     end
   end
 
@@ -488,8 +587,12 @@ module PropelApi
     content = File.read(migration_file)
     
     # Update references to be nullable except for organization
+    # BUT preserve polymorphic references as-is (they should have polymorphic: true, not foreign_key: true)
     # organization:references should remain: null: false, foreign_key: true
-    # All other references should become: null: true, foreign_key: true
+    # All other non-polymorphic references should become: null: true, foreign_key: true
+    # Polymorphic references should remain: null: true/false, polymorphic: true
+    
+    # First pass: Handle regular references (with foreign_key: true)
     updated_content = content.gsub(/t\.references :(\w+), null: false, foreign_key: true/) do |match|
       reference_name = $1
       if reference_name == 'organization'
@@ -499,6 +602,18 @@ module PropelApi
       end
     end
     
+    # Second pass: Ensure polymorphic references stay polymorphic (don't change polymorphic: true lines)
+    # This is a safety check - Rails should generate polymorphic: true correctly,
+    # but if somehow foreign_key: true got generated for polymorphic fields, fix it
+    polymorphic_attrs = attributes.select { |attr| attr.type == :references && attr.respond_to?(:polymorphic?) && attr.polymorphic? }
+    polymorphic_attrs.each do |attr|
+      # If we find a polymorphic attribute that somehow got foreign_key: true, fix it
+      polymorphic_with_fk_pattern = /t\.references :#{attr.name}, null: (true|false), foreign_key: true/
+      if updated_content.match?(polymorphic_with_fk_pattern)
+        updated_content = updated_content.gsub(polymorphic_with_fk_pattern, "t.references :#{attr.name}, null: true, polymorphic: true")
+      end
+    end
+    
     # Write the updated migration back to file
     File.write(migration_file, updated_content)
   end
@@ -530,5 +645,32 @@ module PropelApi
     # 2. Newer migrations exist but none have been executed
     true
   end
+
+  private
+
+  # Convert user-friendly polymorphic syntax to Rails' expected format
+  def convert_polymorphic_syntax(attr_string)
+    # Handle different polymorphic syntaxes:
+    # commentable:polymorphic -> commentable:references{polymorphic}
+    # commentable:references:polymorphic -> commentable:references{polymorphic}
+    # commentable:references{polymorphic} -> commentable:references{polymorphic} (unchanged)
+    
+    return attr_string unless attr_string.include?(':')
+    
+    parts = attr_string.split(':')
+    field_name = parts[0]
+    
+    # Check for our new polymorphic syntaxes
+    if parts.length == 2 && parts[1] == 'polymorphic'
+      # commentable:polymorphic -> commentable:references{polymorphic}
+      return "#{field_name}:references{polymorphic}"
+    elsif parts.length == 3 && parts[1] == 'references' && parts[2] == 'polymorphic'
+      # commentable:references:polymorphic -> commentable:references{polymorphic}
+      return "#{field_name}:references{polymorphic}"
+    else
+      # Leave unchanged (regular attributes or legacy {polymorphic} syntax)
+      return attr_string
+    end
+  end
   end
 end

data/lib/generators/propel_api/templates/config/propel_api.rb.tt

@@ -6,7 +6,7 @@
 
 module PropelApi
   class Configuration
-    attr_accessor :adapter, :namespace, :version
+    attr_accessor :adapter, :namespace, :version, :enforce_tenancy, :required_tenancy_attributes
     attr_reader :attribute_filter
     
     def initialize
@@ -15,6 +15,10 @@ module PropelApi
       @namespace = 'api'         # Default API namespace
       @version = 'v1'           # Default API version
       
+      # Multi-tenancy configuration - simple boolean
+      @enforce_tenancy = true   # true = enforce tenancy (default), false = no checking
+      @required_tenancy_attributes = [:organization, :agency]  # Required when enforce_tenancy is true
+      
       # Initialize the configurable attribute filter
       @attribute_filter = PropelApi::AttributeFilter.new
     end
@@ -132,6 +136,27 @@ PropelApi.configure do |config|
   # API version: 'v1', 'v2', etc. or nil for no versioning
   config.version = <%= @api_version ? "'#{@api_version}'" : 'nil' %>
   
+  # Multi-tenancy enforcement configuration
+  # Simple boolean: enforce tenancy requirements or not
+  config.enforce_tenancy = true  # Default: enforce tenancy (require confirmation if missing)
+  
+  # Define which tenancy attributes are required for your system
+  config.required_tenancy_attributes = [:organization, :agency]  # Both required by default
+  
+  # Examples of different tenancy configurations:
+  #
+  # Organization-only tenancy:
+  # config.required_tenancy_attributes = [:organization]
+  #
+  # Agency-only tenancy:  
+  # config.required_tenancy_attributes = [:agency]
+  #
+  # Extended enterprise multi-tenancy:
+  # config.required_tenancy_attributes = [:organization, :agency, :department]
+  #
+  # Single-tenant application (no tenancy checking):
+  # config.enforce_tenancy = false
+  
   # Customize attribute filtering for your project's naming conventions
   # Examples:
   # 

data/lib/generators/propel_api/templates/controllers/api_controller_graphiti.rb

@@ -41,7 +41,7 @@ class <%= api_controller_class_name %> < ApplicationController
     if resource_instance.save
       respond_with(resource_instance, status: :created)
     else
-      respond_with(resource_instance.errors, status: :unprocessable_entity)
+      respond_with(resource_instance.errors, status: :unprocessable_content)
     end
   end
 
@@ -54,7 +54,7 @@ class <%= api_controller_class_name %> < ApplicationController
     if resource_instance.update_attributes
       respond_with(resource_instance)
     else
-      respond_with(resource_instance.errors, status: :unprocessable_entity)
+      respond_with(resource_instance.errors, status: :unprocessable_content)
     end
   end
 

data/lib/generators/propel_api/templates/controllers/api_controller_propel_facets.rb

@@ -40,7 +40,7 @@ class <%= api_controller_class_name %> < ApplicationController
     if @resource.save
       render json: { data: resource_json(@resource) }, status: :created
     else
-      render json: { errors: @resource.errors }, status: :unprocessable_entity
+      render json: { errors: @resource.errors }, status: :unprocessable_content
     end
   end
 
@@ -48,7 +48,7 @@ class <%= api_controller_class_name %> < ApplicationController
     if @resource.update(resource_params)
       render json: { data: resource_json(@resource) }
     else
-      render json: { errors: @resource.errors }, status: :unprocessable_entity
+      render json: { errors: @resource.errors }, status: :unprocessable_content
     end
   end
 
@@ -73,6 +73,9 @@ class <%= api_controller_class_name %> < ApplicationController
 
     # Organization scoping method with support for self-signup
   def for_organization(model_class)
+    # Skip tenancy if controller explicitly opts out
+    return model_class if respond_to?(:skip_tenancy?) && skip_tenancy?
+    
     return render_organization_context_error unless current_organization_id
 
     # Special case: Organization model should only show user's own organization
@@ -80,6 +83,9 @@ class <%= api_controller_class_name %> < ApplicationController
       return model_class.where(id: current_organization_id)
     end
     
+    # Skip if model doesn't have organization_id column
+    return model_class unless model_class.column_names.include?('organization_id')
+    
     # Start with organization scoping
     scoped_query = model_class.for_organization(current_organization_id)
     
@@ -89,7 +95,10 @@ class <%= api_controller_class_name %> < ApplicationController
 
   # Build parameters for resource creation with security-first flow
   def build_creation_params
-    return {} unless validate_organization_context
+    # Skip organization validation if controller opts out or model doesn't have organization_id
+    unless (respond_to?(:skip_tenancy?) && skip_tenancy?) || !resource_class.column_names.include?('organization_id')
+      return {} unless validate_organization_context
+    end
     
     params = resource_params
     
@@ -141,7 +150,8 @@ class <%= api_controller_class_name %> < ApplicationController
   # FIRST: Security validation of any provided tenancy context (fail-fast)
   def validate_provided_tenancy_context(params)
     # If organization_id is provided, verify user has access to it
-    if params[:organization_id].present?
+    # Only validate if model actually has organization_id column
+    if params[:organization_id].present? && resource_class.column_names.include?('organization_id')
       unless params[:organization_id].to_i == current_organization_id
         render json: { 
           error: 'Unauthorized organization access',
@@ -185,7 +195,8 @@ class <%= api_controller_class_name %> < ApplicationController
     # Auto-assign organization_id if missing and not required to be explicit
     if params[:organization_id].blank? && !require_organization_id?
       # Special case: Organization model doesn't get organization_id assigned
-      unless resource_class == Organization
+      # Only assign if model has organization_id column
+      if resource_class != Organization && resource_class.column_names.include?('organization_id')
         params[:organization_id] = current_organization_id
       end
     end
@@ -201,8 +212,6 @@ class <%= api_controller_class_name %> < ApplicationController
     params
   end
 
-
-
   # Check if agency tenancy is enabled
   def agency_tenancy_enabled?
     # Check PropelAuthentication configuration (owns tenancy models)
@@ -238,7 +247,8 @@ class <%= api_controller_class_name %> < ApplicationController
     errors = {}
     
     # Validate organization_id is present (after security check and auto-assignment)
-    if params[:organization_id].blank?
+    # Only validate if model actually has organization_id column
+    if resource_class.column_names.include?('organization_id') && params[:organization_id].blank?
       if require_organization_id?
         errors[:organization_id] = ["is required - set require_organization_id = false to enable auto-assignment"]
       else
@@ -262,7 +272,7 @@ class <%= api_controller_class_name %> < ApplicationController
     
     # Return validation errors if any
     if errors.any?
-      render json: { errors: errors }, status: :unprocessable_entity
+      render json: { errors: errors }, status: :unprocessable_content
       return {}
     end
     
@@ -281,7 +291,7 @@ class <%= api_controller_class_name %> < ApplicationController
   def pagy_metadata(pagy)
     {
       current_page: pagy.page,
-      per_page: pagy.items,
+      per_page: pagy.limit,
       total_pages: pagy.pages,
       total_count: pagy.count,
       next_page: pagy.next,

data/lib/generators/propel_api/templates/controllers/example_controller.rb.tt

@@ -42,7 +42,7 @@ module Api
     #   if @resource.save
     #     render json: { data: resource_json(@resource) }, status: :created
     #   else
-    #     render json: { errors: @resource.errors }, status: :unprocessable_entity
+    #     render json: { errors: @resource.errors }, status: :unprocessable_content
     #   end
     # end
   end
@@ -82,7 +82,7 @@ module Api
     #   if resource_instance.save
     #     respond_with(resource_instance, status: :created)
     #   else
-    #     respond_with(resource_instance.errors, status: :unprocessable_entity)
+    #     respond_with(resource_instance.errors, status: :unprocessable_content)
     #   end
     # end
   end

data/lib/generators/propel_api/templates/scaffold/facet_controller_template.rb.tt

@@ -10,15 +10,40 @@ class <%= controller_class_name_with_namespace %>Controller < <%= api_controller
   # Define which parameters are allowed for <%= class_name %> creation/updates
   # This uses the StrongParamsHelper concern from the base controller
 <% end -%>
-  permitted_params <%= permitted_param_names.map { |param| 
-    # If param already contains colon (JSON field syntax), use as-is
-    # Otherwise add colon prefix for regular fields
-    if param.to_s.include?(':')
-      param  # Already formatted as "field: {}" for JSON fields
-    else
-      ":#{param}"  # Add colon prefix for regular fields
+  permitted_params <% 
+    # Generate permitted parameters using shared polymorphic support
+    param_list = []
+    
+    # Add attribute-based params using polymorphic support
+    attributes.each do |attr|
+      if attr.type == :json
+        param_list << "#{attr.name}: {}"
+      elsif attr.type == :references
+        # Use Rails' built-in polymorphic detection
+        if attr.respond_to?(:polymorphic?) && attr.polymorphic?
+          param_list << ":#{attr.name}_id"
+          param_list << ":#{attr.name}_type" 
+        else
+          param_list << ":#{attr.name}_id"
+        end
+      else
+        param_list << ":#{attr.name}"
+      end
     end
-  }.join(', ') %>
+
+     # Add multi-tenancy params unless skipped
+    if has_organization_reference?
+      param_list += [":organization_id"]
+    end
+
+    if has_agency_reference?
+      param_list += [":agency_id"]
+    end
+    
+    # Remove organization/agency duplicates if they were user-specified
+    param_list.uniq!
+    
+    -%><%= param_list.join(', ') %>
 
 <% if options[:with_comments] -%>
   # Connect facets to actions - customize as needed for your <%= class_name.downcase %> model
@@ -84,7 +109,7 @@ class <%= controller_class_name_with_namespace %>Controller < <%= api_controller
   #   if @resource.save
   #     render json: { data: resource_json(@resource) }, status: :created
   #   else
-  #     render json: { errors: @resource.errors }, status: :unprocessable_entity
+  #     render json: { errors: @resource.errors }, status: :unprocessable_content
   #   end
   # end
   #

data/lib/generators/propel_api/templates/scaffold/facet_model_template.rb.tt

@@ -3,7 +3,7 @@
 class <%= class_name %> < ApplicationRecord
 
   # Validations
-<% unless options[:skip_tenancy] -%>
+<% if has_organization_reference? -%>
   # Multi-tenancy: Organization is always required
   validates :organization, presence: true
   
@@ -45,24 +45,28 @@ class <%= class_name %> < ApplicationRecord
 <% end -%>
 
 # Associations
-<% unless options[:skip_tenancy] -%>
+<% if has_organization_reference? -%>
   # Multi-tenancy: Always include organization and agency for data isolation
   # User/Agent associations are only added when explicitly specified as generator arguments
   belongs_to :organization
+<% end -%>
+<% if has_agency_reference? -%>
   belongs_to :agency
+<% end -%>
+<% if has_organization_reference? || has_agency_reference? -%>
   
 <% end -%>
 <% if defined?(relationship_inferrer) && relationship_inferrer.should_generate_associations? -%>
 <% relationship_inferrer.belongs_to_relationships.each do |relationship| -%>
 <% # Skip organization and agency if tenancy is included (they're already added above) -%>
-<% unless !options[:skip_tenancy] && (relationship.include?('organization') || relationship.include?('agency')) -%>
+<% unless (has_organization_reference? && relationship.include?('organization')) || (has_agency_reference? && relationship.include?('agency')) -%>
   <%= relationship %>
 <% end -%>
 <% end -%>
 <% elsif !options[:skip_associations] -%>
 <% attributes.select { |attr| attr.type == :references }.each do |attribute| -%>
 <% # Skip organization and agency if tenancy is included (they're already added above) -%>
-<% unless !options[:skip_tenancy] && (attribute.name == 'organization' || attribute.name == 'agency') -%>
+<% unless (has_organization_reference? && attribute.name == 'organization') || (has_agency_reference? && attribute.name == 'agency') -%>
 <% if attribute.name == 'organization' -%>
   belongs_to :organization
 <% else -%>
@@ -134,9 +138,11 @@ json_facet :details, fields: [:id<%
     all_fields << "#{reference.name}_id".to_sym
   end
   
-  # Add tenancy references if not skipped
-  unless options[:skip_tenancy]
+  # Add tenancy references if present
+  if has_organization_reference?
     all_fields << :organization_id
+  end
+  if has_agency_reference?
     all_fields << :agency_id
   end
   
@@ -145,8 +151,11 @@ json_facet :details, fields: [:id<%
   
   # Generate include for nested objects (reference associations)
   reference_associations = detail_attributes.select { |attr| attr.type == :references }.map(&:name)
-  unless options[:skip_tenancy]
-    reference_associations += %w[organization agency]
+  if has_organization_reference?
+    reference_associations += %w[organization]
+  end
+  if has_agency_reference?
+    reference_associations += %w[agency]
   end
   reference_associations.uniq!
   

data/lib/generators/propel_api/templates/scaffold/graphiti_controller_template.rb.tt

@@ -55,7 +55,7 @@ class <%= controller_class_name_with_namespace %>Controller < <%= api_controller
   #   if resource_instance.save
   #     respond_with(resource_instance, status: :created)
   #   else
-  #     respond_with(resource_instance.errors, status: :unprocessable_entity)
+  #     respond_with(resource_instance.errors, status: :unprocessable_content)
   #   end
   # end
   #