propel_api 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 224fb8718c35e1b5d828201c8256a39eeedc0cc6f9ad096ac874f34c9a726c25
-  data.tar.gz: 6902529de75450cd89415ea357891100f2c2a2d4cc6c57ba6679257e693aaab3
+  metadata.gz: 8891f7c2c3ace04fe703d6613d1a2595e19ed7ecaf89ecf960c3000bd1b00e0d
+  data.tar.gz: c51158c13407e9b91b01eb10d27b8bb89f5c80517855737a684e6f1fba88eac3
 SHA512:
-  metadata.gz: dcd7b7a650de42cf4d0f19e51e777535e399c7f01dd0947e6ecb97854504a2e1a79abfa0341f7bb2dae4dc128cc9261b0c42060c5218aa6129c465920eeb6546
-  data.tar.gz: 5ee7eace1077821dbb23b93f719d3544447e8a72d5ba0541df8712d55b6294054d2f335aaa4d8bad43e60ea4b69d7737733e4e63bc722bde3ad5fbd2b85a1418
+  metadata.gz: c22770ffc6b60119d08f3f8d0e8d6d5f3520f9518b9cedf2c2ae0ad5dbe2e1cc5c98577cdf4639f228b66796a60dbbe901fbbaeb69ee5aaecdc96630a418a116
+  data.tar.gz: ea3cbbc43f1f827ceebb10d9e64cc56374ef8d0dbb24e015608bba00bfa1a9608d27edf343c7e2f9677ed049df906a5a1bf45af1161a85bb5d5a85646e67253c

data/CHANGELOG.md

@@ -10,6 +10,45 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Planned Features
 - GraphQL adapter support
 
+## [0.3.1] - 2025-09-11
+
+### 🎉 New Features
+- **Full Stack and API-Only Rails App Support**: Enhanced architecture for different Rails application types
+  - New dedicated `api_base_controller.rb` template for API-only applications
+  - Improved controller template organization with better separation of concerns
+  - Enhanced CSRF error handling with dedicated `PropelApiCsrfError` class
+  - Better support for both full-stack Rails apps and API-only applications
+
+### 🔧 Enhanced Polymorphic Support
+- **Improved Polymorphic Generators**: Enhanced automatic fixture and test generation with --parents flag
+  - Better polymorphic association handling in controller and model generators
+  - Automatic fixture template adoption for polymorphic relationships
+  - Enhanced agency-organization relationship support in polymorphic contexts
+- **URL/Website/Domain Support**: Enhanced template handling for URL, website, and domain fields
+  - Improved model templates for URL validation and formatting
+  - Better seed data generation for URL-type fields
+  - Enhanced test coverage for URL/domain fields in fixtures and integration tests
+
+### 🛠️ Generator Improvements  
+- **Enhanced Core Named Base**: Improved polymorphic association detection and fixture generation
+  - Better template processing for polymorphic relationships
+  - Enhanced fixture name resolution and parent type selection
+  - Improved error handling for polymorphic parent specifications
+- **Template System Enhancements**: Upgraded all ERB templates for better polymorphic handling
+  - Consistent fixture template adoption across all generators
+  - Better integration with PropelAuthentication fixture patterns
+  - Enhanced test template generation with polymorphic parameter support
+- **Controller Architecture Improvements**: Enhanced controller template system
+  - Updated Graphiti and PropelFacets controller templates for better inheritance
+  - Improved controller base class organization and method visibility
+
+### 🐛 Bug Fixes
+- **Gem Installation**: Fixed issues with gems not being included when commented out in Gemfile
+- **Integration Test Templates**: Enhanced error handling and parameter validation in generated integration tests
+
+### ⚠️ Breaking Changes
+- **REQUIRED --parents for Polymorphic**: Polymorphic associations now require explicit `--parents Parent1,Parent2` declaration. Auto-discovery fallback has been removed. Generator will block with confirmation if --parents is missing.
+
 ## [0.3.0] - 2025-01-15
 
 ### 🎉 Major Features Added

data/README.md

@@ -54,11 +54,11 @@ rails generate propel_api:resource User name:string email:string role:string
 # Resource with associations
 rails generate propel_api:resource Article title:string content:text user:references category:references
 
-# 🎉 NEW: Polymorphic associations (v0.3.0)
-rails generate propel_api:resource Comment content:text commentable:references{polymorphic} --parents commentable:Post,Video,Product
+# 🎉 NEW: Polymorphic associations (v0.3.0) - REQUIRES --parents flag
+rails generate propel_api:resource Comment content:text commentable:references{polymorphic} --parents Post,Video,Product
 
 # Polymorphic with tenancy
-rails generate propel_api:resource Review rating:integer comment:text review_parent:polymorphic --parents review_parent:Product,Agency
+rails generate propel_api:resource Review rating:integer comment:text review_parent:polymorphic --parents Product,Agency
 
 # With Graphiti adapter
 rails generate propel_api Product name:string price:decimal --adapter=graphiti
@@ -81,10 +81,10 @@ PropelApi now provides comprehensive support for polymorphic associations with a
 
 ```bash
 # Generate a Comment that can belong to Posts, Videos, or Products
-rails generate propel_api:resource Comment body:text commentable:references{polymorphic} --parents commentable:Post,Video,Product
+rails generate propel_api:resource Comment body:text commentable:references{polymorphic} --parents Post,Video,Product
 
 # Generate a Review with full tenancy support
-rails generate propel_api:resource Review rating:integer comment:text review_parent:references{polymorphic} --parents reviewable:Product,Agency
+rails generate propel_api:resource Review rating:integer comment:text review_parent:references{polymorphic} --parents Product,Agency
 ```
 
 ### Key Features
@@ -93,10 +93,10 @@ rails generate propel_api:resource Review rating:integer comment:text review_par
 - Additional support `field_name:polymorphic` instead of Rails' verbose `field_name:references{polymorphic}`
 - No need for complex quote escaping or nested syntax
 
-#### 🎯 Smart Parent Specification
-- `--parents field_name:Parent1,Parent2,Parent3` defines valid parent models
+#### 🎯 Required Parent Specification
+- `--parents Parent1,Parent2,Parent3` defines valid parent models (REQUIRED for polymorphic associations)
 - Automatically generates varied test data using different parent types
-- Validates parent models exist in your application
+- Generator will block with confirmation if --parents is not provided
 
 #### 🧪 Complete Test Coverage
 - **Model Tests**: Proper polymorphic association validation and parent type checking

data/lib/generators/propel_api/controller/controller_generator.rb

@@ -48,6 +48,11 @@ module PropelApi
                  type: :boolean,
                  default: false,
                  desc: "Include usage comments in generated controller"
+                 
+    class_option :parents,
+                 type: :hash,
+                 default: {},
+                 desc: "Specify parent types for polymorphic associations (e.g., --parents commentable:Post,Photo,Video)"
 
     def validate_model_exists
       # Ensure attributes are parsed before validation
@@ -64,6 +69,9 @@ module PropelApi
       if !options[:all_attributes] && (@attributes.nil? || @attributes.empty?) && model_file_exists
         show_auto_introspection_warning
       end      
+      # Process polymorphic parent information if provided
+      process_polymorphic_parents if options[:parents].present?
+      
       # Validate attributes if not using introspection
       validate_attributes_exist unless should_auto_introspect?
     end
@@ -110,6 +118,24 @@ module PropelApi
 
     private
 
+    def process_polymorphic_parents
+      # Convert _type attributes to polymorphic associations for template processing
+      options[:parents].each do |field_name, parent_list|
+        # Check if we have the corresponding _id and _type attributes
+        type_attr = @attributes.find { |attr| attr.name == "#{field_name}_type" }
+        id_attr = @attributes.find { |attr| attr.name == "#{field_name}_id" }
+        
+        if type_attr && id_attr
+          # Add a mock polymorphic attribute to @attributes for template processing
+          @attributes << OpenStruct.new(
+            name: field_name,
+            type: :references,
+            polymorphic?: true
+          )
+        end
+      end
+    end
+
     def route_name
       file_name.pluralize
     end

data/lib/generators/propel_api/core/named_base.rb

@@ -527,6 +527,11 @@ module PropelApi
       @attributes.any? { |attr| attr.name == 'agency' && attr.type == :references }
     end
 
+    def has_user_reference?
+      return false unless defined?(@attributes) && @attributes
+      @attributes.any? { |attr| (attr.name == 'user' && attr.type == :references) || attr.name == 'user_id' }
+    end
+
     # Polymorphic associations helper methods
     def polymorphic_parent_types
       @polymorphic_parent_types ||= parse_polymorphic_parent_types

data/lib/generators/propel_api/install/install_generator.rb

@@ -31,6 +31,12 @@ module PropelApi
       else
         say "Installing API controller with #{@adapter} adapter", :green
         say "Using namespace: #{namespace_display} version: #{version_display}", :blue
+        
+        # Create Api::BaseController first
+        create_api_base_controller
+        
+        # Optionally enhance CSRF error messages (non-breaking)
+        add_csrf_error_handling
       end
       
       case @adapter
@@ -107,6 +113,37 @@ module PropelApi
 
     private
 
+    def create_api_base_controller
+      template "controllers/api_base_controller.rb", "app/controllers/api/base_controller.rb"
+      say "Created Api::BaseController for CSRF-free API endpoints", :green
+    end
+
+    def add_csrf_error_handling
+      # Copy the error handler
+      template "errors/propel_api_csrf_error.rb", "app/errors/propel_api_csrf_error.rb"
+      
+      # Inject rescue_from into ApplicationController
+      inject_into_class "app/controllers/application_controller.rb", ApplicationController, <<-RUBY
+  # Enhanced CSRF error handling for JSON requests - added by PropelAPI
+  rescue_from ActionController::InvalidAuthenticityToken, with: :handle_propel_csrf_error
+  
+  private
+  
+  def handle_propel_csrf_error
+    if request.format.json? || request.content_type&.include?('application/json')
+      PropelApiCsrfError.handle_csrf_error_for_json(self)
+    else
+      raise ActionController::InvalidAuthenticityToken
+    end
+  end
+      RUBY
+      
+      say "Enhanced ApplicationController with helpful API guidance", :green
+    rescue => e
+      say "Could not inject CSRF error handling into ApplicationController: #{e.message}", :yellow
+      say "You can manually add the rescue_from handler if desired", :blue
+    end
+
     def copy_propel_facets_controller
       template "controllers/api_controller_propel_facets.rb", api_controller_path
       copy_example_controller

data/lib/generators/propel_api/templates/controllers/api_base_controller.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+##
+# Base controller for API endpoints ONLY
+# 
+# ⚠️  SECURITY WARNING: This controller disables CSRF protection!
+# ⚠️  ONLY use this for stateless JSON API endpoints with JWT authentication
+# ⚠️  DO NOT use this for web controllers that serve HTML or handle sessions
+# 
+# For web controllers, inherit from ApplicationController instead.
+#
+class Api::BaseController < ActionController::Base
+  # Set up and then skip CSRF protection for API endpoints (they use JWT tokens instead)
+  protect_from_forgery with: :null_session
+  skip_before_action :verify_authenticity_token
+  
+  # Disable session handling for API requests (stateless)
+  before_action :disable_session
+  before_action :ensure_json_request, if: -> { Rails.env.production? }
+  
+  # Handle common API errors
+  rescue_from ActiveRecord::RecordNotFound, with: :record_not_found
+  rescue_from ActionController::ParameterMissing, with: :parameter_missing
+  rescue_from ActiveRecord::RecordInvalid, with: :record_invalid
+  
+  private
+  
+  def disable_session
+    request.session_options[:skip] = true
+  end
+  
+  def ensure_json_request
+    unless request.format.json? || request.content_type&.include?('application/json')
+      Rails.logger.warn "Non-JSON request to API controller: #{controller_name}##{action_name}"
+      render json: { 
+        error: 'Invalid request format',
+        message: 'This endpoint only accepts JSON requests'
+      }, status: :not_acceptable
+    end
+  end
+  
+  def record_not_found(exception)
+    Rails.logger.error "API Record not found: #{exception.message}"
+    render json: { 
+      error: 'Record not found',
+      message: 'The requested resource could not be found'
+    }, status: :not_found
+  end
+  
+  def parameter_missing(exception)
+    Rails.logger.error "API Parameter missing: #{exception.message}"
+    render json: { 
+      error: 'Missing required parameters',
+      message: 'Required parameters are missing from the request'
+    }, status: :bad_request
+  end
+  
+  def record_invalid(exception)
+    Rails.logger.error "API Record invalid: #{exception.record.errors.full_messages}"
+    
+    # In development, show full validation errors for debugging
+    # In production, show generic message to prevent information disclosure
+    errors = if Rails.env.development?
+      exception.record.errors.full_messages
+    else
+      ['Validation failed - please check your input']
+    end
+    
+    render json: { 
+      error: 'Validation failed',
+      errors: errors
+    }, status: :unprocessable_content
+  end
+end
+

data/lib/generators/propel_api/templates/controllers/api_controller_graphiti.rb

@@ -1,4 +1,4 @@
-class <%= api_controller_class_name %> < ApplicationController
+class <%= api_controller_class_name %> < Api::BaseController
   include Graphiti::Rails
   include Graphiti::Responders
   include PropelAuthenticationConcern

data/lib/generators/propel_api/templates/controllers/api_controller_propel_facets.rb

@@ -1,4 +1,4 @@
-class <%= api_controller_class_name %> < ApplicationController
+class <%= api_controller_class_name %> < Api::BaseController
   include HasScope
   include Pagy::Backend
   include FacetRenderer
@@ -216,7 +216,7 @@ class <%= api_controller_class_name %> < ApplicationController
   def agency_tenancy_enabled?
     # Check PropelAuthentication configuration (owns tenancy models)
     if defined?(PropelAuthentication) && PropelAuthentication.respond_to?(:configuration)
-      PropelAuthentication.configuration.agency_tenancy
+      PropelAuthentication.configuration.agency_required?
     else
       true  # Safe default - enables agency tenancy when configuration unavailable
     end

data/lib/generators/propel_api/templates/errors/propel_api_csrf_error.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+##
+# PropelAPI CSRF Error Handler
+# Provides helpful guidance when developers send JSON requests to web controllers
+#
+class PropelApiCsrfError < StandardError
+  def self.handle_csrf_error_for_json(controller)
+    # Log security event for monitoring
+    Rails.logger.warn "CSRF bypass attempted on #{controller.controller_name}##{controller.action_name} from #{controller.request.remote_ip}"
+    
+    controller.render json: {
+      error: "CSRF token verification failed",
+      message: "This endpoint requires CSRF protection and is intended for web browser requests.",
+      hint: "For API requests, use the Propel-generated API controllers instead.",
+      note: "API controllers are CSRF-free and use JWT authentication."
+    }, status: :unprocessable_content
+  end
+end

data/lib/generators/propel_api/templates/scaffold/facet_controller_template.rb.tt

@@ -12,38 +12,46 @@ class <%= controller_class_name_with_namespace %>Controller < <%= api_controller
 <% end -%>
   permitted_params <% 
     # Generate permitted parameters using shared polymorphic support
-    param_list = []
+    regular_params = []
+    json_params = []
     
     # Add attribute-based params using polymorphic support
     attributes.each do |attr|
       if attr.type == :json
-        param_list << "#{attr.name}: {}"
+        json_params << "#{attr.name}: {}"
       elsif attr.type == :references
         # Use Rails' built-in polymorphic detection
         if attr.respond_to?(:polymorphic?) && attr.polymorphic?
-          param_list << ":#{attr.name}_id"
-          param_list << ":#{attr.name}_type" 
+          regular_params << ":#{attr.name}_id"
+          regular_params << ":#{attr.name}_type" 
         else
-          param_list << ":#{attr.name}_id"
+          regular_params << ":#{attr.name}_id"
         end
       else
-        param_list << ":#{attr.name}"
+        regular_params << ":#{attr.name}"
       end
     end
 
      # Add multi-tenancy params unless skipped
     if has_organization_reference?
-      param_list += [":organization_id"]
+      regular_params += [":organization_id"]
     end
 
     if has_agency_reference?
-      param_list += [":agency_id"]
+      regular_params += [":agency_id"]
     end
     
     # Remove organization/agency duplicates if they were user-specified
-    param_list.uniq!
+    regular_params.uniq!
     
-    -%><%= param_list.join(', ') %>
+    # Combine regular and JSON params properly
+    if json_params.any?
+      all_params = regular_params + json_params
+    else
+      all_params = regular_params
+    end
+    
+    -%><%= all_params.join(', ') %>
 
 <% if options[:with_comments] -%>
   # Connect facets to actions - customize as needed for your <%= class_name.downcase %> model

data/lib/generators/propel_api/templates/scaffold/facet_model_template.rb.tt

@@ -24,7 +24,7 @@ class <%= class_name %> < ApplicationRecord
 <% if attribute.name.to_s.match?(/\A(phone|phone_number)\z/i) -%>
   validates :<%= attribute.name %>, format: { with: /\A\+?[\d\s-\(\)]+\z/ }, allow_nil: <%= !attribute.required? %>
 <% end -%>
-<% if attribute.name.to_s.match?(/\A(url|website|web_address)\z/i) -%>
+<% if attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
   validates :<%= attribute.name %>, format: { with: URI::DEFAULT_PARSER.make_regexp(%w[http https]) }, allow_nil: <%= !attribute.required? %>
 <% end -%>
 <% if attribute.name.to_s.match?(/\Alatitude\z/i) -%>
@@ -69,12 +69,16 @@ class <%= class_name %> < ApplicationRecord
 <% unless (has_organization_reference? && attribute.name == 'organization') || (has_agency_reference? && attribute.name == 'agency') -%>
 <% if attribute.name == 'organization' -%>
   belongs_to :organization
+<% else -%>
+<% if attribute.respond_to?(:polymorphic?) && attribute.polymorphic? -%>
+  belongs_to :<%= attribute.name %>, polymorphic: true
 <% else -%>
   belongs_to :<%= attribute.name %>  # Add 'optional: true' if this should be optional
 <% end -%>
 <% end -%>
 <% end -%>
 <% end -%>
+<% end -%>
 # Add additional associations here
 # has_many :comments, dependent: :destroy
 
@@ -109,7 +113,13 @@ json_facet :short, fields: [:id<%
      attr.name.to_s !~ security_patterns &&
      attr.name.to_s.length < 20)
   end
-  short_attributes.each do |attribute| -%>, :<%= attribute.name %><% end %>]
+  
+  # Add polymorphic type fields to short facet (important for frontend handling)
+  polymorphic_type_fields = attributes.select { |attr| attr.name.end_with?('_type') && attr.type == :string }
+  # Also include polymorphic associations (which generate _type fields)
+  polymorphic_associations = attributes.select { |attr| attr.type == :references && attr.respond_to?(:polymorphic?) && attr.polymorphic? }
+  
+  short_attributes.each do |attribute| -%>, :<%= attribute.name %><% end %><% polymorphic_type_fields.each do |type_field| -%>, :<%= type_field.name %><% end %><% polymorphic_associations.each do |poly_attr| -%>, :<%= poly_attr.name %>_type<% end %>]
 json_facet :details, fields: [:id<% 
   # Include most fields except timestamps, security-sensitive, and internal Rails fields for details facet
   detail_attributes = attributes.reject do |attr|
@@ -128,6 +138,11 @@ json_facet :details, fields: [:id<%
   # Collect all field names, avoiding duplicates
   all_fields = Set.new
   
+  # Find polymorphic type fields
+  polymorphic_type_fields = attributes.select { |attr| attr.name.end_with?('_type') && attr.type == :string }
+  # Also find polymorphic associations (which generate _type fields)
+  polymorphic_associations = attributes.select { |attr| attr.type == :references && attr.respond_to?(:polymorphic?) && attr.polymorphic? }
+  
   # Add non-reference attributes
   detail_attributes.reject { |attr| attr.type == :references }.each do |attribute|
     all_fields << attribute.name.to_sym
@@ -146,6 +161,15 @@ json_facet :details, fields: [:id<%
     all_fields << :agency_id
   end
   
+  # Add polymorphic type fields to details facet (important for frontend handling)
+  polymorphic_type_fields.each do |type_field|
+    all_fields << type_field.name.to_sym
+  end
+  # Also add polymorphic association type fields
+  polymorphic_associations.each do |poly_attr|
+    all_fields << "#{poly_attr.name}_type".to_sym
+  end
+  
   # Output the unique fields
   all_fields.to_a.sort.each do |field| -%>, :<%= field %><% end -%>]<%
   

data/lib/generators/propel_api/templates/seeds/seeds_template.rb.tt

@@ -126,7 +126,7 @@ if users.count < 6
       if org_agencies.any?
         # Assign to random agency within organization
         agency = org_agencies.sample
-        Agent.create!(user: new_user, agency: agency, role: 'member')
+        Agent.create!(user: new_user, agency: agency, organization: org, role: 'member')
       end
     end
   end
@@ -171,7 +171,7 @@ end
 <% end -%>
 <% if has_agency_reference? -%>
   # Multi-tenancy: Assign agency
-  <%= singular_table_name %>_attributes[:agency] = [agency, nil].sample # 50% chance of having agency
+  <%= singular_table_name %>_attributes[:agency] = agency # Always assign agency for valid records
 <% end -%>
 <% if has_organization_reference? || has_agency_reference? -%>
   
@@ -211,7 +211,7 @@ end
   <%= singular_table_name %>_attributes[:<%= attribute.name %>] = Faker::Internet.unique.username
 <% elsif attribute.name.to_s.match?(/\A(phone|phone_number)\z/i) -%>
   <%= singular_table_name %>_attributes[:<%= attribute.name %>] = Faker::PhoneNumber.phone_number
-<% elsif attribute.name.to_s.match?(/\A(url|website|web_address)\z/i) -%>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
   <%= singular_table_name %>_attributes[:<%= attribute.name %>] = Faker::Internet.url
 <% elsif attribute.name.to_s.match?(/\A(slug)\z/i) -%>
   <%= singular_table_name %>_attributes[:<%= attribute.name %>] = Faker::Internet.slug

data/lib/generators/propel_api/templates/tests/controller_test_template.rb.tt

@@ -8,13 +8,15 @@ class <%= controller_class_name_with_namespace %>ControllerTest < ActionDispatch
     @organization = organizations(:acme_org)
     @user = users(:john_user)
     @agency = agencies(:marketing_agency)
+<% # Set up polymorphic associations using --parents specification -%>
 <% polymorphic_associations.each do |assoc| -%>
-<% assoc[:parent_types].each_with_index do |parent_type, index| -%>
-<% if index == 0 -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= parent_type.underscore == 'agency' ? ':marketing_agency' : ':one' %>)
-    @<%= assoc[:field_name] %> = @<%= parent_type.underscore %>  # Default polymorphic parent for tests
-<% else -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= index == 1 ? ':marketing_agency' : ':one' %>)
+<% if assoc[:parent_types] && assoc[:parent_types].any? -%>
+<% first_parent = assoc[:parent_types].first -%>
+    # Set up polymorphic association for <%= assoc[:field_name] %> using specified parents
+    @<%= first_parent.underscore %> = <%= first_parent.underscore.pluralize %>(<%= case first_parent.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
+    @<%= assoc[:field_name] %> = @<%= first_parent.underscore %>  # Use first specified parent type
+<% assoc[:parent_types][1..-1].each do |parent_type| -%>
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
 <% end -%>
 <% end -%>
 <% end -%>
@@ -698,6 +700,10 @@ class <%= controller_class_name_with_namespace %>ControllerTest < ActionDispatch
       <%= attribute.name %>: "test@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/password/) -%>
       <%= attribute.name %>: "password123"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+      <%= attribute.name %>: "https://example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
       <%= attribute.name %>: "Test <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
 <% end -%>

data/lib/generators/propel_api/templates/tests/fixtures_template.yml.tt

@@ -40,7 +40,7 @@ one:
   <%= attribute.name %>: test_user_1
 <% elsif attribute.name.to_s.match?(/\A(phone|phone_number)\z/i) -%>
   <%= attribute.name %>: "+1-555-0001"
-<% elsif attribute.name.to_s.match?(/\A(url|website|web_address)\z/i) -%>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
   <%= attribute.name %>: "https://example1.com"
 <% elsif attribute.name.to_s.match?(/\A(name|title|label)\z/i) -%>
   <%= attribute.name %>: "Test <%= attribute.name.humanize %> One"
@@ -144,7 +144,7 @@ two:
   <%= attribute.name %>: test_user_2
 <% elsif attribute.name.to_s.match?(/\A(phone|phone_number)\z/i) -%>
   <%= attribute.name %>: "+1-555-0002"
-<% elsif attribute.name.to_s.match?(/\A(url|website|web_address)\z/i) -%>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
   <%= attribute.name %>: "https://example2.com"
 <% elsif attribute.name.to_s.match?(/\A(name|title|label)\z/i) -%>
   <%= attribute.name %>: "Test <%= attribute.name.humanize %> Two"
@@ -248,7 +248,7 @@ three:
   <%= attribute.name %>: test_user_3
 <% elsif attribute.name.to_s.match?(/\A(phone|phone_number)\z/i) -%>
   <%= attribute.name %>: "+1-555-0003"
-<% elsif attribute.name.to_s.match?(/\A(url|website|web_address)\z/i) -%>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
   <%= attribute.name %>: "https://example3.com"
 <% elsif attribute.name.to_s.match?(/\A(name|title|label)\z/i) -%>
   <%= attribute.name %>: "Test <%= attribute.name.humanize %> Three"

data/lib/generators/propel_api/templates/tests/integration_test_template.rb.tt

@@ -2,6 +2,12 @@
 
 require "test_helper"
 
+<%
+  # Check attributes directly instead of database columns (more reliable during generation)
+  has_agency_id = attributes.any? { |attr| attr.name == 'agency' && attr.type == :references }
+  has_user_id = attributes.any? { |attr| attr.name == 'user' && attr.type == :references }
+-%>
+
 class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
   
   def setup
@@ -11,10 +17,10 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
 <% polymorphic_associations.each do |assoc| -%>
 <% assoc[:parent_types].each_with_index do |parent_type, index| -%>
 <% if index == 0 -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= parent_type.underscore == 'agency' ? ':marketing_agency' : ':one' %>)
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
     @<%= assoc[:field_name] %> = @<%= parent_type.underscore %>  # Default polymorphic parent for tests
 <% else -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= index == 1 ? ':marketing_agency' : ':one' %>)
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
 <% end -%>
 <% end -%>
 <% end -%>
@@ -26,6 +32,21 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
     @<%= singular_table_name %> = <%= table_name %>(:marketing_agency)
 <% else -%>
     @<%= singular_table_name %> = <%= table_name %>(:one)
+<% end -%>
+<% if has_user_reference? -%>
+    @user = users(:john_user)
+<% end -%>
+<% # Set up polymorphic associations using --parents specification -%>
+<% polymorphic_associations.each do |assoc| -%>
+<% if assoc[:parent_types] && assoc[:parent_types].any? -%>
+<% first_parent = assoc[:parent_types].first -%>
+    # Set up polymorphic association for <%= assoc[:field_name] %> using specified parents
+    @<%= first_parent.underscore %> = <%= first_parent.underscore.pluralize %>(<%= case first_parent.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
+    @<%= assoc[:field_name] %> = @<%= first_parent.underscore %>  # Use first specified parent type
+<% assoc[:parent_types][1..-1].each do |parent_type| -%>
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
+<% end -%>
+<% end -%>
 <% end -%>
     @token = @user.generate_jwt_token
     @auth_headers = { 'Authorization' => "Bearer #{@token}" }
@@ -66,6 +87,10 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
       <%= attribute.name %>: "workflow@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/password/) -%>
       <%= attribute.name %>: "password123"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+      <%= attribute.name %>: "https://workflow.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
       <%= attribute.name %>: "Workflow Test <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
 <% end -%>
@@ -125,7 +150,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
     
     # Verify created <%= singular_table_name %> data
     assert_equal @organization.id, created_<%= singular_table_name %>['organization']['id']
-<% unless singular_table_name == 'user' -%>
+<% if has_user_id && singular_table_name != 'user' -%>
     assert_equal @user.id, created_<%= singular_table_name %>['user']['id']
 <% end -%>
 <% attributes.each do |attribute| -%>
@@ -304,6 +329,10 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
         <%= attribute.name %>: "pagination#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.include?('email') -%>
         <%= attribute.name %>: "pagination#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+        <%= attribute.name %>: "https://pagination#{i}.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+        <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
         <%= attribute.name %>: "Pagination Test <%= attribute.name.humanize %> #{i}"<%= ',' if index < attributes.length - 1 %>
 <% end -%>
@@ -389,11 +418,6 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
     # Test 4: Tenancy context behavior based on configuration
     require_org_id = PropelAuthentication.configuration.require_organization_id
     require_user_id = PropelAuthentication.configuration.require_user_id
-<%
-  # Check attributes directly instead of database columns (more reliable during generation)
-  has_agency_id = attributes.any? { |attr| attr.name == 'agency' && attr.type == :references }
-  has_user_id = attributes.any? { |attr| attr.name == 'user' && attr.type == :references }
--%>
     
 <% if has_agency_id -%>
     # Model with agency - provide agency_id but test missing organization_id 
@@ -573,6 +597,10 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
       <%= attribute.name %>: "org1_<%= attribute.name %>@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.include?('password') -%>
       <%= attribute.name %>: "org1_secure_password"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+      <%= attribute.name %>: "https://org1.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
       <%= attribute.name %>: "Org 1 <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
 <% end -%>
@@ -619,6 +647,10 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
       <%= attribute.name %>: "org2_<%= attribute.name %>@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.include?('password') -%>
       <%= attribute.name %>: "org2_secure_password"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+      <%= attribute.name %>: "https://org2.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
       <%= attribute.name %>: "Org 2 <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
 <% end -%>
@@ -775,6 +807,10 @@ if attributes.any? { |attr| attr.type == :references && attr.name == 'user' } &&
       <%= attribute.name %>: "concurrent@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.include?('email') -%>
       <%= attribute.name %>: "concurrent@example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+      <%= attribute.name %>: "https://concurrent.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
       <%= attribute.name %>: "Concurrent Test <%= attribute.name.humanize %>"<%= ',' if index < attributes.length - 1 %>
 <% end -%>
@@ -890,6 +926,10 @@ if attributes.any? { |attr| attr.type == :references && attr.name == 'user' } &&
         <%= attribute.name %>: "bulk#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.include?('email') -%>
         <%= attribute.name %>: "bulk#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
+        <%= attribute.name %>: "https://bulk#{i}.example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+        <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
         <%= attribute.name %>: "Bulk Test <%= attribute.name.humanize %> #{i}"<%= ',' if index < attributes.length - 1 %>
 <% end -%>

data/lib/generators/propel_api/templates/tests/model_test_template.rb.tt

@@ -11,10 +11,10 @@ class <%= class_name %>Test < ActiveSupport::TestCase
 <% polymorphic_associations.each do |assoc| -%>
 <% assoc[:parent_types].each_with_index do |parent_type, index| -%>
 <% if index == 0 -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= parent_type.underscore == 'agency' ? ':marketing_agency' : ':one' %>)
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
     @<%= assoc[:field_name] %> = @<%= parent_type.underscore %>  # Default polymorphic parent for tests
 <% else -%>
-    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= index == 1 ? ':marketing_agency' : ':one' %>)
+    @<%= parent_type.underscore %> = <%= parent_type.underscore.pluralize %>(<%= case parent_type.underscore; when 'agency'; ':marketing_agency'; when 'user'; ':john_user'; when 'organization'; ':acme_org'; else; ':one'; end %>)
 <% end -%>
 <% end -%>
 <% end -%>

data/lib/propel_api.rb

@@ -1,3 +1,3 @@
 module PropelApi
-  VERSION = "0.3.0"
+  VERSION = "0.3.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: propel_api
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - Ryan Martin, Rafael Pivato, Chi Putera
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-09-10 00:00:00.000000000 Z
+date: 2025-09-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -73,9 +73,11 @@ files:
 - lib/generators/propel_api/install/install_generator.rb
 - lib/generators/propel_api/resource/resource_generator.rb
 - lib/generators/propel_api/templates/config/propel_api.rb.tt
+- lib/generators/propel_api/templates/controllers/api_base_controller.rb
 - lib/generators/propel_api/templates/controllers/api_controller_graphiti.rb
 - lib/generators/propel_api/templates/controllers/api_controller_propel_facets.rb
 - lib/generators/propel_api/templates/controllers/example_controller.rb.tt
+- lib/generators/propel_api/templates/errors/propel_api_csrf_error.rb
 - lib/generators/propel_api/templates/scaffold/facet_controller_template.rb.tt
 - lib/generators/propel_api/templates/scaffold/facet_model_template.rb.tt
 - lib/generators/propel_api/templates/scaffold/graphiti_controller_template.rb.tt