RubyGems - propel_api - Versions diffs - 0.3.2 → 0.3.3 - Mend

propel_api 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

data/lib/generators/propel_api/templates/tests/integration_test_template.rb.tt CHANGED Viewed

@@ -114,7 +114,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
 <% elsif attribute.name.to_s.match?(/password/) -%>
       <%= attribute.name %>: "password123"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-      <%= attribute.name %>: "https://workflow.example.com"<%= ',' if index < attributes.length - 1 %>
+      <%= attribute.name %>: "https://workflow.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') && attribute.name.to_s.match?(/_parent_type$/) -%>
       <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
@@ -205,7 +205,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
     # Password fields should NOT be returned in API responses for security
     assert_not_includes created_<%= singular_table_name %>.keys, '<%= attribute.name %>', "Password fields should be filtered from API responses"
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-    assert_equal "https://workflow.example.com", created_<%= singular_table_name %>['<%= attribute.name %>']
+    assert_equal "https://workflow.com", created_<%= singular_table_name %>['<%= attribute.name %>']
 <% else -%>
     assert_equal "Workflow Test <%= attribute.name.humanize %>", created_<%= singular_table_name %>['<%= attribute.name %>']
 <% end -%>
@@ -408,7 +408,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
 <% elsif attribute.name.include?('email') -%>
         <%= attribute.name %>: "pagination#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-        <%= attribute.name %>: "https://pagination#{i}.example.com"<%= ',' if index < attributes.length - 1 %>
+        <%= attribute.name %>: "https://pagination#{i}.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') -%>
         <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
@@ -460,6 +460,589 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
   end
 <% end -%>
+  # === FILTERING AND SORTING TESTS ===
+<% # Generate filtering tests only if we have filterable attributes -%>
+<% filterable_attributes = attributes.reject { |attr|
+     attr.name.match?(/password|token|secret|key|salt|encrypted|digest|hash|auth/i) ||
+     attr.name.match?(/_at$/) ||
+     attr.name.match?(/_id$/) ||
+     attr.type == :references
+   } -%>
+<% if filterable_attributes.any? -%>
+  test "basic field filtering" do
+<% if class_name == 'Organization' -%>
+    # Test against existing fixture data (acme_org)
+    # The API only returns the current user's organization due to multi-tenancy
+    # Test exact match filtering against fixture data
+    get <%= api_route_helper %>_url,
+        params: { name_eq: "Acme Corporation" },
+        headers: @auth_headers
+    assert_response :success
+    exact_response = JSON.parse(response.body)
+    assert_equal 1, exact_response['data'].size, "Should find exactly 1 organization with name = 'Acme Corporation'"
+    assert_equal "Acme Corporation", exact_response['data'][0]['name'], "Should return the correct record"
+    # Test contains filtering against fixture data
+    get <%= api_route_helper %>_url,
+        params: { name_contains: "Acme" },
+        headers: @auth_headers
+    assert_response :success
+    contains_response = JSON.parse(response.body)
+    assert_equal 1, contains_response['data'].size, "Should find exactly 1 organization containing 'Acme'"
+    assert_equal "Acme Corporation", contains_response['data'][0]['name']
+    # Test starts_with filtering
+    get <%= api_route_helper %>_url,
+        params: { name_starts_with: "Acme" },
+        headers: @auth_headers
+    assert_response :success
+    starts_response = JSON.parse(response.body)
+    assert_equal 1, starts_response['data'].size, "Should find exactly 1 organization starting with 'Acme'"
+    assert_equal "Acme Corporation", starts_response['data'][0]['name']
+    # Test ends_with filtering
+    get <%= api_route_helper %>_url,
+        params: { name_ends_with: "Corporation" },
+        headers: @auth_headers
+    assert_response :success
+    ends_response = JSON.parse(response.body)
+    assert_equal 1, ends_response['data'].size, "Should find exactly 1 organization ending with 'Corporation'"
+    assert_equal "Acme Corporation", ends_response['data'][0]['name']
+    # Test 'in' filtering
+    get <%= api_route_helper %>_url,
+        params: { name_in: "Acme Corporation" },
+        headers: @auth_headers
+    assert_response :success
+    in_response = JSON.parse(response.body)
+    assert_equal 1, in_response['data'].size, "Should find exactly 1 organization with name in list"
+    returned_names = in_response['data'].map { |item| item['name'] }
+    assert_equal ["Acme Corporation"], returned_names, "Should return the correct record"
+<% else -%>
+    # Create test data with known values for filtering
+<% filterable_attributes.select { |attr| [:string, :text].include?(attr.type) }.first(1).each do |attr| -%>
+<% if attr.name.match?(/email|mail/i) -%>
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "green_apple_test@example.com")
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "black_cherry_test@example.com")
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "red_grape_test@example.com")
+<% else -%>
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "Green Apple")
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "Black Cherry")
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": "Red Grape")
+<% end -%>
+    # Test exact match filtering
+<% if attr.name.match?(/email|mail/i) -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_eq: "green_apple_test@example.com" },
+        headers: @auth_headers
+    assert_response :success
+    exact_response = JSON.parse(response.body)
+    assert_equal 1, exact_response['data'].size, "Should find exactly 1 <%= singular_table_name %> with <%= attr.name %> = 'green_apple_test@example.com'"
+    assert_equal "green_apple_test@example.com", exact_response['data'][0]['<%= attr.name %>'], "Should return the correct record"
+<% else -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_eq: "Green Apple" },
+        headers: @auth_headers
+    assert_response :success
+    exact_response = JSON.parse(response.body)
+    assert_equal 1, exact_response['data'].size, "Should find exactly 1 <%= singular_table_name %> with <%= attr.name %> = 'Green Apple'"
+    assert_equal "Green Apple", exact_response['data'][0]['<%= attr.name %>'], "Should return the correct record"
+<% end -%>
+    # Test contains filtering
+<% if attr.name.match?(/email|mail/i) -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_contains: "apple" },
+        headers: @auth_headers
+    assert_response :success
+    contains_response = JSON.parse(response.body)
+    assert_equal 1, contains_response['data'].size, "Should find exactly 1 <%= singular_table_name %> containing 'apple'"
+    assert_equal "green_apple_test@example.com", contains_response['data'][0]['<%= attr.name %>']
+<% else -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_contains: "Apple" },
+        headers: @auth_headers
+    assert_response :success
+    contains_response = JSON.parse(response.body)
+    assert_equal 1, contains_response['data'].size, "Should find exactly 1 <%= singular_table_name %> containing 'Apple'"
+    assert_equal "Green Apple", contains_response['data'][0]['<%= attr.name %>']
+<% end -%>
+    # Test starts_with filtering
+<% if attr.name.match?(/email|mail/i) -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_starts_with: "black" },
+        headers: @auth_headers
+    assert_response :success
+    starts_response = JSON.parse(response.body)
+    assert_equal 1, starts_response['data'].size, "Should find exactly 1 <%= singular_table_name %> starting with 'black'"
+    assert_equal "black_cherry_test@example.com", starts_response['data'][0]['<%= attr.name %>']
+<% else -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_starts_with: "Black" },
+        headers: @auth_headers
+    assert_response :success
+    starts_response = JSON.parse(response.body)
+    assert_equal 1, starts_response['data'].size, "Should find exactly 1 <%= singular_table_name %> starting with 'Black'"
+    assert_equal "Black Cherry", starts_response['data'][0]['<%= attr.name %>']
+<% end -%>
+    # Test ends_with filtering
+<% if attr.name.match?(/email|mail/i) -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_ends_with: "test@example.com" },
+        headers: @auth_headers
+    assert_response :success
+    ends_response = JSON.parse(response.body)
+    assert_equal 3, ends_response['data'].size, "Should find exactly 3 <%= table_name %> ending with 'test@example.com'"
+    # All three test records end with test@example.com
+<% else -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_ends_with: "Grape" },
+        headers: @auth_headers
+    assert_response :success
+    ends_response = JSON.parse(response.body)
+    assert_equal 1, ends_response['data'].size, "Should find exactly 1 <%= singular_table_name %> ending with 'Grape'"
+    assert_equal "Red Grape", ends_response['data'][0]['<%= attr.name %>']
+<% end -%>
+    # Test 'in' filtering
+<% if attr.name.match?(/email|mail/i) -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_in: "green_apple_test@example.com,black_cherry_test@example.com" },
+        headers: @auth_headers
+    assert_response :success
+    in_response = JSON.parse(response.body)
+    assert_equal 2, in_response['data'].size, "Should find exactly 2 <%= table_name %> with <%= attr.name %> in list"
+    returned_<%= attr.name.pluralize %> = in_response['data'].map { |item| item['<%= attr.name %>'] }.sort
+    assert_equal ["black_cherry_test@example.com", "green_apple_test@example.com"], returned_<%= attr.name.pluralize %>, "Should return the correct records"
+<% else -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_in: "Green Apple,Black Cherry" },
+        headers: @auth_headers
+    assert_response :success
+    in_response = JSON.parse(response.body)
+    assert_equal 2, in_response['data'].size, "Should find exactly 2 <%= table_name %> with <%= attr.name %> in list"
+    returned_<%= attr.name.pluralize %> = in_response['data'].map { |item| item['<%= attr.name %>'] }.sort
+    assert_equal ["Black Cherry", "Green Apple"], returned_<%= attr.name.pluralize %>, "Should return the correct records"
+<% end -%>
+    # Clean up test data to avoid interference with other tests
+    [<%= singular_table_name %>_1, <%= singular_table_name %>_2, <%= singular_table_name %>_3].each do |record|
+      record.destroy if record.persisted?
+    end
+<% end -%>
+<% end -%>
+  end
+<% end -%>
+<% # Test numeric filtering if we have numeric attributes -%>
+<% numeric_attributes = filterable_attributes.select { |attr| [:integer, :decimal, :float].include?(attr.type) } -%>
+<% if numeric_attributes.any? -%>
+  test "numeric field filtering" do
+<% numeric_attributes.first(1).each do |attr| -%>
+    # Create test data with known numeric values that don't overlap with fixtures
+    # Fixtures typically have values 1, 2, 3 - we use 100, 200, 300, 400 to avoid conflicts
+    unique_id = SecureRandom.hex(4)
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": 100)
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": 200)
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": 300)
+    <%= singular_table_name %>_4 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": 400)
+    # Test greater than
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_gt: "250" },
+        headers: @auth_headers
+    assert_response :success
+    gt_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_ids = [<%= singular_table_name %>_1.id, <%= singular_table_name %>_2.id, <%= singular_table_name %>_3.id, <%= singular_table_name %>_4.id]
+    test_records_gt = gt_response['data'].select { |item| test_ids.include?(item['id']) }
+    assert_equal 2, test_records_gt.size, "Should find exactly 2 test <%= table_name %> with <%= attr.name %> > 250"
+    gt_values = test_records_gt.map { |item| item['<%= attr.name %>'] }.sort
+<% if attr.type == :decimal || attr.type == :float -%>
+    # Rails serializes decimal/float fields as strings in JSON to preserve precision
+    assert_equal ["300.0", "400.0"], gt_values, "Should return test records with <%= attr.name %> > 250 (as strings)"
+<% else -%>
+    assert_equal [300, 400], gt_values, "Should return test records with <%= attr.name %> > 250"
+<% end -%>
+    # Test less than or equal
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_lte: "250" },
+        headers: @auth_headers
+    assert_response :success
+    lte_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_lte = lte_response['data'].select { |item| test_ids.include?(item['id']) }
+    assert_equal 2, test_records_lte.size, "Should find exactly 2 test <%= table_name %> with <%= attr.name %> <= 250"
+    lte_values = test_records_lte.map { |item| item['<%= attr.name %>'] }.sort
+<% if attr.type == :decimal || attr.type == :float -%>
+    # Rails serializes decimal/float fields as strings in JSON to preserve precision
+    assert_equal ["100.0", "200.0"], lte_values, "Should return test records with <%= attr.name %> <= 250 (as strings)"
+<% else -%>
+    assert_equal [100, 200], lte_values, "Should return test records with <%= attr.name %> <= 250"
+<% end -%>
+    # Test range filtering
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_range: "150,350" },
+        headers: @auth_headers
+    assert_response :success
+    range_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_range = range_response['data'].select { |item| test_ids.include?(item['id']) }
+    assert_equal 2, test_records_range.size, "Should find exactly 2 test <%= table_name %> with <%= attr.name %> between 150 and 350"
+    range_values = test_records_range.map { |item| item['<%= attr.name %>'] }.sort
+<% if attr.type == :decimal || attr.type == :float -%>
+    # Rails serializes decimal/float fields as strings in JSON to preserve precision
+    assert_equal ["200.0", "300.0"], range_values, "Should return test records with <%= attr.name %> in range 150-350 (as strings)"
+<% else -%>
+    assert_equal [200, 300], range_values, "Should return test records with <%= attr.name %> in range 150-350"
+<% end -%>
+    # Test 'in' filtering for numeric values
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_in: "100,300,999" },
+        headers: @auth_headers
+    assert_response :success
+    in_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_in = in_response['data'].select { |item| test_ids.include?(item['id']) }
+    assert_equal 2, test_records_in.size, "Should find exactly 2 test <%= table_name %> with <%= attr.name %> in [100,300,999]"
+    in_values = test_records_in.map { |item| item['<%= attr.name %>'] }.sort
+<% if attr.type == :decimal || attr.type == :float -%>
+    # Rails serializes decimal/float fields as strings in JSON to preserve precision
+    assert_equal ["100.0", "300.0"], in_values, "Should return test records with <%= attr.name %> in list (as strings)"
+<% else -%>
+    assert_equal [100, 300], in_values, "Should return test records with <%= attr.name %> in list"
+<% end -%>
+    # Clean up test data to avoid interference with other tests
+    [<%= singular_table_name %>_1, <%= singular_table_name %>_2, <%= singular_table_name %>_3, <%= singular_table_name %>_4].each do |record|
+      record.destroy if record.persisted?
+    end
+<% end -%>
+  end
+<% end -%>
+<% # Test boolean filtering if we have boolean attributes -%>
+<% boolean_attributes = filterable_attributes.select { |attr| attr.type == :boolean } -%>
+<% if boolean_attributes.any? -%>
+  test "boolean field filtering" do
+<% boolean_attributes.first(1).each do |attr| -%>
+    # Create test data with known boolean values
+    <%= singular_table_name %>_true = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": true)
+    <%= singular_table_name %>_false = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": false)
+    # Test filtering for true values
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_eq: "true" },
+        headers: @auth_headers
+    assert_response :success
+    true_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_ids = [<%= singular_table_name %>_true.id, <%= singular_table_name %>_false.id]
+    test_records_true = true_response['data'].select { |item| test_ids.include?(item['id']) }
+    true_count = test_records_true.count { |item| item['<%= attr.name %>'] == true }
+    assert_equal 1, true_count, "Should find exactly 1 test <%= singular_table_name %> with <%= attr.name %> = true"
+    # Test filtering for false values
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_eq: "false" },
+        headers: @auth_headers
+    assert_response :success
+    false_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_false = false_response['data'].select { |item| test_ids.include?(item['id']) }
+    false_count = test_records_false.count { |item| item['<%= attr.name %>'] == false }
+    assert_equal 1, false_count, "Should find exactly 1 test <%= singular_table_name %> with <%= attr.name %> = false"
+    # Clean up test data to avoid interference with other tests
+    [<%= singular_table_name %>_true, <%= singular_table_name %>_false].each do |record|
+      record.destroy if record.persisted?
+    end
+<% end -%>
+  end
+<% end -%>
+<% # Test datetime filtering if we have datetime attributes -%>
+<% datetime_attributes = filterable_attributes.select { |attr| [:datetime, :date, :time].include?(attr.type) } -%>
+<% if datetime_attributes.any? -%>
+  test "datetime field filtering" do
+<% datetime_attributes.first(1).each do |attr| -%>
+    # Create test data with known datetime values that don't overlap with fixtures
+    # Use dates far in the future to avoid conflicts with fixture data
+    base_time = Time.parse("2030-06-15 14:30:00 UTC")
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": base_time - 2.days)
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": base_time - 1.day)
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= attr.name %>": base_time + 1.day)
+    # Test 'before' filtering
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_before: base_time.iso8601 },
+        headers: @auth_headers
+    assert_response :success
+    before_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_ids = [<%= singular_table_name %>_1.id, <%= singular_table_name %>_2.id, <%= singular_table_name %>_3.id]
+    test_records_before = before_response['data'].select { |item| test_ids.include?(item['id']) }
+    before_count = test_records_before.count { |item| item['<%= attr.name %>'].present? && Time.parse(item['<%= attr.name %>']) < base_time }
+    assert_equal 2, before_count, "Should find exactly 2 test <%= table_name %> with <%= attr.name %> before #{base_time}"
+    # Test 'after' filtering
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_after: base_time.iso8601 },
+        headers: @auth_headers
+    assert_response :success
+    after_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_after = after_response['data'].select { |item| test_ids.include?(item['id']) }
+    after_count = test_records_after.count { |item| item['<%= attr.name %>'].present? && Time.parse(item['<%= attr.name %>']) > base_time }
+    assert_equal 1, after_count, "Should find exactly 1 test <%= singular_table_name %> with <%= attr.name %> after #{base_time}"
+    # Test 'year' filtering
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_year: "2030" },
+        headers: @auth_headers
+    assert_response :success
+    year_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_year = year_response['data'].select { |item| test_ids.include?(item['id']) }
+    year_count = test_records_year.count { |item| item['<%= attr.name %>'].present? && Time.parse(item['<%= attr.name %>']).year == 2030 }
+    assert_equal 3, year_count, "Should find exactly 3 test <%= table_name %> with <%= attr.name %> in year 2030"
+    # Test 'month' filtering
+    get <%= api_route_helper %>_url,
+        params: { <%= attr.name %>_month: "6" },
+        headers: @auth_headers
+    assert_response :success
+    month_response = JSON.parse(response.body)
+    # Filter for only our test records to avoid fixture interference
+    test_records_month = month_response['data'].select { |item| test_ids.include?(item['id']) }
+    month_count = test_records_month.count { |item| item['<%= attr.name %>'].present? && Time.parse(item['<%= attr.name %>']).month == 6 }
+    assert_equal 3, month_count, "Should find exactly 3 test <%= table_name %> with <%= attr.name %> in month 6"
+    # Clean up test data to avoid interference with other tests
+    [<%= singular_table_name %>_1, <%= singular_table_name %>_2, <%= singular_table_name %>_3].each do |record|
+      record.destroy if record.persisted?
+    end
+<% end -%>
+  end
+<% end -%>
+  test "sorting functionality" do
+<% if class_name == 'Organization' -%>
+    # Test sorting with existing fixture data
+    # Due to multi-tenancy, we only have access to the current user's organization
+    # Test ascending sort
+    get <%= api_route_helper %>_url,
+        params: { order_by: "name" },
+        headers: @auth_headers
+    assert_response :success
+    asc_response = JSON.parse(response.body)
+    assert asc_response['data'].size >= 1, "Should have at least 1 record for sorting test"
+    # Test that the single organization is returned and properly formatted
+    organization_data = asc_response['data'][0]
+    assert_equal "Acme Corporation", organization_data['name'], "Should return the correct organization name"
+    assert organization_data.key?('id'), "Should include organization ID"
+    assert organization_data.key?('website'), "Should include organization website"
+    # Test descending sort
+    get <%= api_route_helper %>_url,
+        params: { order_by: "-name" },
+        headers: @auth_headers
+    assert_response :success
+    desc_response = JSON.parse(response.body)
+    assert desc_response['data'].size >= 1, "Should have at least 1 record for descending sort test"
+    # Test that the single organization is returned (descending sort of 1 item is the same as ascending)
+    organization_data_desc = desc_response['data'][0]
+    assert_equal "Acme Corporation", organization_data_desc['name'], "Should return the correct organization name"
+<% elsif filterable_attributes.any? -%>
+<% sortable_attr = filterable_attributes.first -%>
+    # Create test data for sorting
+<% if sortable_attr.name.match?(/email|mail/i) -%>
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": "red_grape_test@example.com")
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": "green_apple_test@example.com")
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": "black_cherry_test@example.com")
+<% else -%>
+    <%= singular_table_name %>_1 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": <% if [:string, :text].include?(sortable_attr.type) %>"Red Grape"<% elsif [:integer, :decimal, :float].include?(sortable_attr.type) %>30<% elsif sortable_attr.type == :boolean %>true<% else %>"red_grape_value"<% end %>)
+    <%= singular_table_name %>_2 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": <% if [:string, :text].include?(sortable_attr.type) %>"Green Apple"<% elsif [:integer, :decimal, :float].include?(sortable_attr.type) %>10<% elsif sortable_attr.type == :boolean %>false<% else %>"green_apple_value"<% end %>)
+    <%= singular_table_name %>_3 = create_<%= singular_table_name %>_for_filtering("<%= sortable_attr.name %>": <% if [:string, :text].include?(sortable_attr.type) %>"Black Cherry"<% elsif [:integer, :decimal, :float].include?(sortable_attr.type) %>20<% elsif sortable_attr.type == :boolean %>true<% else %>"black_cherry_value"<% end %>)
+<% end -%>
+    # Test ascending sort
+    get <%= api_route_helper %>_url,
+        params: { order_by: "<%= sortable_attr.name %>" },
+        headers: @auth_headers
+    assert_response :success
+    asc_response = JSON.parse(response.body)
+    assert asc_response['data'].size >= 3, "Should have at least 3 records for sorting test"
+    # Extract sorted values (only from our test records)
+    test_ids = [<%= singular_table_name %>_1.id, <%= singular_table_name %>_2.id, <%= singular_table_name %>_3.id]
+    test_records = asc_response['data'].select { |item| test_ids.include?(item['id']) }
+    asc_values = test_records.map { |item| item['<%= sortable_attr.name %>'] }
+<% if sortable_attr.name.match?(/email|mail/i) -%>
+    assert_equal ["black_cherry_test@example.com", "green_apple_test@example.com", "red_grape_test@example.com"], asc_values, "Records should be sorted by <%= sortable_attr.name %> in ascending order"
+<% elsif [:string, :text].include?(sortable_attr.type) -%>
+    assert_equal ["Black Cherry", "Green Apple", "Red Grape"], asc_values, "Records should be sorted by <%= sortable_attr.name %> in ascending order"
+<% elsif [:integer, :decimal, :float].include?(sortable_attr.type) -%>
+    assert_equal [10, 20, 30], asc_values, "Records should be sorted by <%= sortable_attr.name %> in ascending order"
+<% else -%>
+    assert_equal asc_values.sort, asc_values, "Records should be sorted by <%= sortable_attr.name %> in ascending order"
+<% end -%>
+    # Test descending sort
+    get <%= api_route_helper %>_url,
+        params: { order_by: "-<%= sortable_attr.name %>" },
+        headers: @auth_headers
+    assert_response :success
+    desc_response = JSON.parse(response.body)
+    test_records_desc = desc_response['data'].select { |item| test_ids.include?(item['id']) }
+    desc_values = test_records_desc.map { |item| item['<%= sortable_attr.name %>'] }
+<% if sortable_attr.name.match?(/email|mail/i) -%>
+    assert_equal ["red_grape_test@example.com", "green_apple_test@example.com", "black_cherry_test@example.com"], desc_values, "Records should be sorted by <%= sortable_attr.name %> in descending order"
+<% elsif [:string, :text].include?(sortable_attr.type) -%>
+    assert_equal ["Red Grape", "Green Apple", "Black Cherry"], desc_values, "Records should be sorted by <%= sortable_attr.name %> in descending order"
+<% elsif [:integer, :decimal, :float].include?(sortable_attr.type) -%>
+    assert_equal [30, 20, 10], desc_values, "Records should be sorted by <%= sortable_attr.name %> in descending order"
+<% else -%>
+    assert_equal asc_values.sort.reverse, desc_values, "Records should be sorted by <%= sortable_attr.name %> in descending order"
+<% end -%>
+<% else -%>
+    # No filterable attributes available for sorting test
+    get <%= api_route_helper %>_url, headers: @auth_headers
+    assert_response :success
+    response_data = JSON.parse(response.body)
+    assert response_data['data'].is_a?(Array), "Should return array of records"
+<% end -%>
+  end
+  test "filtering security - should reject sensitive field filtering" do
+    # Test that sensitive field filtering is rejected/ignored
+    get <%= api_route_helper %>_url,
+        params: {
+          password_eq: "hack_attempt",
+          token_contains: "secret",
+          encrypted_data_eq: "malicious"
+        },
+        headers: @auth_headers
+    assert_response :success
+    # Should succeed but ignore the sensitive filters
+    security_response = JSON.parse(response.body)
+    assert security_response['data'].is_a?(Array), "Should return normal results, ignoring sensitive filters"
+  end
+  test "filtering error handling" do
+    # Test invalid operator
+    get <%= api_route_helper %>_url,
+        params: { invalid_field_invalid_op: "value" },
+        headers: @auth_headers
+    assert_response :success  # Should succeed but ignore invalid filter
+    # Test malformed range
+<% if filterable_attributes.select { |attr| [:integer, :decimal, :float].include?(attr.type) }.any? -%>
+<% numeric_attr = filterable_attributes.select { |attr| [:integer, :decimal, :float].include?(attr.type) }.first -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= numeric_attr.name %>_range: "invalid_range" },
+        headers: @auth_headers
+    assert_response :success  # Should succeed but ignore malformed filter
+<% end -%>
+    # Test empty filter values
+<% if filterable_attributes.any? -%>
+<% test_attr = filterable_attributes.first -%>
+    get <%= api_route_helper %>_url,
+        params: { <%= test_attr.name %>_eq: "" },
+        headers: @auth_headers
+    assert_response :success
+<% end -%>
+  end
+  private
+  def create_<%= singular_table_name %>_for_filtering(**attributes)
+    # Use unique identifiers to avoid conflicts with existing test data
+    unique_id = SecureRandom.hex(4)
+    base_attributes = {
+<% attributes.each_with_index do |attribute, index| -%>
+<% if attribute.type == :references -%>
+      <%= attribute.name %>: @<%= attribute.name %><%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.to_s.end_with?('_type') -%>
+      <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
+<% elsif [:string, :text].include?(attribute.type) -%>
+<% if attribute.name.match?(/email|email_address|mail/i) -%>
+      <%= attribute.name %>: "test_<%= attribute.name %>_#{unique_id}@example.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.match?(/password/i) -%>
+      <%= attribute.name %>: "password123"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.match?(/\A(url|website|web_address|domain|domain_name)\z/i) || attribute.name.match?(/_url$|_link$/i) -%>
+      <%= attribute.name %>: "https://test_<%= attribute.name %>_#{unique_id}.com"<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.name.match?(/username/i) -%>
+      <%= attribute.name %>: "test_<%= attribute.name %>_#{unique_id}"<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "Test <%= attribute.name.humanize %> #{unique_id}"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% elsif attribute.type == :integer -%>
+      <%= attribute.name %>: 1<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :boolean -%>
+      <%= attribute.name %>: false<%= ',' if index < attributes.length - 1 %>
+<% elsif attribute.type == :decimal || attribute.type == :float -%>
+      <%= attribute.name %>: 1.0<%= ',' if index < attributes.length - 1 %>
+<% elsif [:datetime, :date, :time].include?(attribute.type) -%>
+      <%= attribute.name %>: Time.current<%= ',' if index < attributes.length - 1 %>
+<% else -%>
+      <%= attribute.name %>: "test_value"<%= ',' if index < attributes.length - 1 %>
+<% end -%>
+<% end -%>
+<% # Add password_confirmation if password field exists but password_confirmation doesn't -%>
+<% if attributes.any? { |attr| attr.name.match?(/password/i) && !attr.name.match?(/confirmation/i) } && !attributes.any? { |attr| attr.name.match?(/password_confirmation/i) } -%>
+      password_confirmation: "password123"
+<% end -%>
+    }.merge(attributes)
+    <%= class_name %>.create!(base_attributes)
+  end
   # === ERROR HANDLING WORKFLOW TESTS ===
   test "error handling workflow" do
@@ -544,7 +1127,40 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
     unique_id = "#{Time.current.to_i}_#{SecureRandom.hex(6)}"
     test_params = { email_address: "tenancy_test_#{unique_id}@example.com", username: "tenancy_test_#{unique_id}", password: "password123" }
 <% else -%>
-    test_params = { title: "Test <%= class_name %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> }
+    test_params = { <%
+    # Use appropriate field name based on model type
+    case class_name
+    when 'Agency', 'Organization'
+      field_name = 'name'
+      field_value = "Test #{class_name}"
+    when 'Agent'
+      field_name = 'title'
+      field_value = "Test #{class_name}"
+    else
+      # Default to title for other models, but check if name field exists
+      if attributes.any? { |attr| attr.name == 'name' && attr.type == :string }
+        field_name = 'name'
+        field_value = "Test #{class_name}"
+      elsif attributes.any? { |attr| attr.name == 'title' && attr.type == :string }
+        field_name = 'title'
+        field_value = "Test #{class_name}"
+      else
+        # Fallback to first string attribute if no name/title found
+        string_attr = attributes.find { |attr| attr.type == :string && !['organization', 'agency', 'user', 'agent'].include?(attr.name) }
+        if string_attr
+          field_name = string_attr.name
+          field_value = if string_attr.name.match?(/email/)
+            "test@example.com"
+          else
+            "Test #{string_attr.name.humanize}"
+          end
+        else
+          field_name = 'name'  # Final fallback
+          field_value = "Test #{class_name}"
+        end
+      end
+    end
+%><%= field_name %>: "<%= field_value %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> }
 <% end -%>
 <% end -%>
@@ -613,7 +1229,24 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
          headers: @auth_headers
 <% else -%>
     post <%= api_route_helper %>_url,
-         params: { data: { organization_id: @organization.id, agency_id: 99999, title: "Test <%= class_name %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> } },
+         params: { data: { organization_id: @organization.id, agency_id: 99999, <%=
+            # Use appropriate field name for security tests
+            case class_name
+            when 'Agency', 'Organization'
+              'name'
+            when 'Agent'
+              'title'
+            else
+              # Check which field the model actually has
+              if attributes.any? { |attr| attr.name == 'name' && attr.type == :string }
+                'name'
+              elsif attributes.any? { |attr| attr.name == 'title' && attr.type == :string }
+                'title'
+              else
+                'name'  # Fallback
+              end
+            end
+          %>: "Test <%= class_name %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> } },
          headers: @auth_headers
 <% end -%>
@@ -632,7 +1265,24 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
          headers: @auth_headers
 <% else -%>
     post <%= api_route_helper %>_url,
-         params: { data: { organization_id: 99999, title: "Test <%= class_name %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> } },
+         params: { data: { organization_id: 99999, <%=
+            # Use appropriate field name for security tests
+            case class_name
+            when 'Agency', 'Organization'
+              'name'
+            when 'Agent'
+              'title'
+            else
+              # Check which field the model actually has
+              if attributes.any? { |attr| attr.name == 'name' && attr.type == :string }
+                'name'
+              elsif attributes.any? { |attr| attr.name == 'title' && attr.type == :string }
+                'title'
+              else
+                'name'  # Fallback
+              end
+            end
+          %>: "Test <%= class_name %>"<% polymorphic_associations.each do |assoc| -%>, <%= assoc[:field_name] %>_id: @<%= assoc[:field_name] %>.id, <%= assoc[:field_name] %>_type: @<%= assoc[:field_name] %>.class.name<% end -%> } },
          headers: @auth_headers
 <% end -%>
@@ -708,7 +1358,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
 <% elsif attribute.name.include?('password') -%>
       <%= attribute.name %>: "org1_secure_password"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-      <%= attribute.name %>: "https://org1.example.com"<%= ',' if index < attributes.length - 1 %>
+      <%= attribute.name %>: "https://org1.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') && attribute.name.to_s.match?(/_parent_type$/) -%>
       <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
@@ -775,7 +1425,7 @@ class <%= class_name %>ApiTest < ActionDispatch::IntegrationTest
 <% elsif attribute.name.include?('password') -%>
       <%= attribute.name %>: "org2_secure_password"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-      <%= attribute.name %>: "https://org2.example.com"<%= ',' if index < attributes.length - 1 %>
+      <%= attribute.name %>: "https://org2.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') && attribute.name.to_s.match?(/_parent_type$/) -%>
       <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
@@ -952,7 +1602,7 @@ if attributes.any? { |attr| attr.type == :references && attr.name == 'user' } &&
 <% elsif attribute.name.include?('email') -%>
       <%= attribute.name %>: "concurrent@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-      <%= attribute.name %>: "https://concurrent.example.com"<%= ',' if index < attributes.length - 1 %>
+      <%= attribute.name %>: "https://concurrent.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') && attribute.name.to_s.match?(/_parent_type$/) -%>
       <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>
@@ -1088,7 +1738,7 @@ if attributes.any? { |attr| attr.type == :references && attr.name == 'user' } &&
 <% elsif attribute.name.include?('email') -%>
         <%= attribute.name %>: "bulk#{i}@example.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.match?(/\A(url|website|web_address|domain|domain_name)\z/i) -%>
-        <%= attribute.name %>: "https://bulk#{i}.example.com"<%= ',' if index < attributes.length - 1 %>
+        <%= attribute.name %>: "https://bulk#{i}.com"<%= ',' if index < attributes.length - 1 %>
 <% elsif attribute.name.to_s.end_with?('_type') && attribute.name.to_s.match?(/_parent_type$/) -%>
         <%= attribute.name %>: @<%= attribute.name.gsub('_type', '') %>.class.name<%= ',' if index < attributes.length - 1 %>
 <% else -%>