ransack 2.4.0 → 2.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5cd517575121b1f2c1041501645a95680a4efbe82c0b2d6c74e079d080cda29
-  data.tar.gz: f927c47bfc28f15d7a24eb2761ae1d003ff18912c1c91e7716ed2628f9012ccc
+  metadata.gz: 2c8153add4e8f7cc4123bb1c6b7f8b6f4db1fdbb65c2d8498a61ef7fc98eea53
+  data.tar.gz: 1bae6d37282b621109534060b7c32ecbff7c02366cff88d271d48607ca6fd4cb
 SHA512:
-  metadata.gz: be9485ce5f692f990c7b8c5b59c961311783fafb845c3580dbd0d08eb62e24c1067da75e98f24cd4553e7db21a15531ca2943c1633566995a6e7c64d6310d2f2
-  data.tar.gz: 3fbca263c9e5f399695e9cc69e50762fc72875860ad495c04368ff84d90c68100d5ca1b6db22aa17a5c2c52efccd4d99bc0c29b5485ae6608390a606fd35ac18
+  metadata.gz: ec86fcdc8b81a73c77f3da4e3e9eb2ce7480cae4ce948d64c55d5514d836474fe0c60c727be5d1bca39814afdc96c8bd997e2d245d557689badea217fce67f92
+  data.tar.gz: 6526a66311015b73c4132d7c1b95b2006526cf929c47cb5aec91fc79287f07eb0df85a47d22e47d2b88547796501ce8ecb57c81c044e0113f716e45e516b151d

data/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+---
+
+tidelift: rubygems/ransack

data/.github/SECURITY.md

@@ -0,0 +1,12 @@
+# Security Policy
+
+## Supported Versions
+
+At the moment, only the latest major.minor release stream is supported with
+security updates.
+
+## Reporting a Vulnerability
+
+Please use the Tidelift security contact to [report a security
+vulnerability](https://tidelift.com/security).  Tidelift will coordinate the fix
+and disclosure.

data/.github/workflows/test.yml

@@ -0,0 +1,120 @@
+name: test
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  sqlite3:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        rails:
+          - v6.1.0.rc2
+          - v6.0.3
+          - 6-0-stable
+          - 5-2-stable
+          - v5.2.4
+        ruby:
+          - 2.7.2
+          - 2.6.6
+    env:
+      DB: sqlite3
+      RAILS: ${{ matrix.rails }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rspec
+
+  mysql:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        rails:
+          - v6.1.0.rc2
+          - v6.0.3
+          - 6-0-stable
+          - 5-2-stable
+          - v5.2.4
+        ruby:
+          - 2.7.2
+          - 2.6.6
+    env:
+      DB: mysql
+      RAILS: ${{ matrix.rails }}
+      MYSQL_USERNAME: root
+      MYSQL_PASSWORD: root
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Startup MySQL
+        run: |
+          sudo systemctl start mysql.service
+      - name: Setup databases
+        run: |
+          mysql --user=root --password=root --host=127.0.0.1 -e 'create database ransack collate utf8_general_ci;';
+          mysql --user=root --password=root --host=127.0.0.1 -e 'use ransack;show variables like "%character%";show variables like "%collation%";';
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rspec
+
+  postgres:
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix:
+        rails:
+          - v6.1.0.rc2
+          - v6.0.3
+          - 6-0-stable
+          - 5-2-stable
+          - v5.2.4
+        ruby:
+          - 2.7.2
+          - 2.6.6
+    env:
+      DB: postgres
+      RAILS: ${{ matrix.rails }}
+      DATABASE_USERNAME: postgres
+      DATABASE_PASSWORD: postgres
+      DATABASE_HOST: 127.0.0.1
+    services:
+      postgres:
+        image: postgres
+        ports:
+          - 5432:5432
+        env:
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_HOST_AUTH_METHOD: trust
+        # Set health checks to wait until postgres has started
+        options: >-
+          --health-cmd pg_isready
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Setup databases
+        run: |
+          psql -h localhost -p 5432 -W postgres -c 'create database ransack;' -U postgres;
+      - name: Install dependencies
+        run: bundle install
+      - name: Run tests
+        run: bundle exec rspec

data/CHANGELOG.md

@@ -1,5 +1,9 @@
 # Change Log
 
+* Add `ActiveRecord::Base.ransack!` which raises error if passed unknown condition
+
+  *Aaron Lipman*
+
 ## 2.4.0 - 2020-11-27
 
 *

data/CONTRIBUTING.md

@@ -115,9 +115,6 @@ Here's a quick guide:
         $ git config --global user.email "contributor@example.com"
 
 10. Commit your changes (`git commit -am 'Add feature/fix bug/improve docs'`).
-   If your pull request only contains documentation changes, please remember
-   to add `[skip ci]` to the beginning of your commit message so the Travis
-   test suite doesn't :runner: needlessly.
 
 11. If necessary, rebase your commits into logical chunks, without errors. To
    interactively rebase and cherry-pick from, say, the last 10 commits:

data/README.md

@@ -1,10 +1,6 @@
 # ![Ransack](./logo/ransack-h.png "Ransack")
 
-**MAINTAINER WANTED** 
-
-Please see the [Maintainer wanted issue](https://github.com/activerecord-hackery/ransack/issues/1159) if you are interested.
-
-[![Build Status](https://travis-ci.org/activerecord-hackery/ransack.svg)](https://travis-ci.org/activerecord-hackery/ransack)
+[![Build Status](https://github.com/activerecord-hackery/ransack/workflows/test/badge.svg)](https://github.com/activerecord-hackery/ransack/actions)
 [![Gem Version](https://badge.fury.io/rb/ransack.svg)](http://badge.fury.io/rb/ransack)
 [![Code Climate](https://codeclimate.com/github/activerecord-hackery/ransack/badges/gpa.svg)](https://codeclimate.com/github/activerecord-hackery/ransack)
 [![Backers on Open Collective](https://opencollective.com/ransack/backers/badge.svg)](#backers) [![Sponsors on Open Collective](https://opencollective.com/ransack/sponsors/badge.svg)](#sponsors)
@@ -21,7 +17,7 @@ instead.
 
 ## Getting started
 
-Ransack is compatible with Rails 6.0, 5.0, 5.1 and 5.2 on Ruby 2.3 and later.
+Ransack is supported for Rails 6.1, 6.0, 5.2 on Ruby 2.6.6 and later.
 
 In your Gemfile, for the last officially released gem:
 
@@ -45,27 +41,14 @@ gem 'ransack', github: 'activerecord-hackery/ransack'
 
 ## Usage
 
-Ransack can be used in one of two modes, simple or advanced.
-
-### Simple Mode
-
-This mode works much like MetaSearch, for those of you who are familiar with
-it, and requires very little setup effort.
-
-If you're coming from MetaSearch, things to note:
-
-  1. The default param key for search params is now `:q`, instead of `:search`.
-  This is primarily to shorten query strings, though advanced queries (below)
-  will still run afoul of URL length limits in most browsers and require a
-  switch to HTTP POST requests. This key is [configurable](https://github.com/activerecord-hackery/ransack/wiki/Configuration).
+Ransack can be used in one of two modes, simple or advanced. For
+searching/filtering not requiring complex boolean logic, Ransack's simple
+mode should meet your needs.
 
-  2. `form_for` is now `search_form_for`, and validates that a Ransack::Search
-  object is passed to it.
+If you're coming from MetaSearch (Ransack's predecessor), refer to the
+[Updating From MetaSearch](#updating-from-metasearch) section
 
-  3. Common ActiveRecord::Relation methods are no longer delegated by the
-  search object. Instead, you will get your search results (an
-  ActiveRecord::Relation in the case of the ActiveRecord adapter) via a call to
-  `Ransack#result`.
+### Simple Mode
 
 #### In your controller
 
@@ -88,6 +71,20 @@ def index
 end
 ```
 
+##### Default search parameter
+
+Ransack uses a default `:q` param key for search params. This may be changed by
+setting the `search_key` option in a Ransack initializer file (typically
+`config/initializers/ransack.rb`):
+
+```
+Ransack.configure do |c|
+  # Change default search parameter key name.
+  # Default key name is :q
+  c.search_key = :query
+end
+```
+
 #### In your view
 
 The two primary Ransack view helpers are `search_form_for` and `sort_link`,
@@ -254,6 +251,20 @@ the order indicator arrow by passing `hide_indicator: true` in the sort link:
   default_order: { last_name: 'asc', first_name: 'desc' }) %>
 ```
 
+#### PostgreSQL's sort option
+
+The `NULLS FIRST` and `NULLS LAST` options can be used to determine whether nulls appear before or after non-null values in the sort ordering.
+
+You may want to configure it like this:
+
+```rb
+Ransack.configure do |c|
+  c.postgres_fields_sort_option = :nulls_first # or :nulls_last
+end
+```
+
+See this feature: https://www.postgresql.org/docs/13/queries-order.html
+
 ### Advanced Mode
 
 "Advanced" searches (ab)use Rails' nested attributes functionality in order to
@@ -674,6 +685,43 @@ Trying it out in `rails console`:
 
 That's it! Now you know how to whitelist/blacklist various elements in Ransack.
 
+### Handling unknown predicates or attributes
+
+By default, Ransack will ignore any unknown predicates or attributes:
+
+```ruby
+Article.ransack(unknown_attr_eq: 'Ernie').result.to_sql
+=> SELECT "articles".* FROM "articles"
+```
+
+Ransack may be configured to raise an error if passed an unknown predicate or
+attributes, by setting the `ignore_unknown_conditions` option to `false` in your
+Ransack initializer file at `config/initializers/ransack.rb`:
+
+```ruby
+Ransack.configure do |c|
+  # Raise errors if a query contains an unknown predicate or attribute.
+  # Default is true (do not raise error on unknown conditions).
+  c.ignore_unknown_conditions = false
+end
+```
+
+```ruby
+Article.ransack(unknown_attr_eq: 'Ernie')
+# ArgumentError (Invalid search term unknown_attr_eq)
+```
+
+As an alternative to setting a global configuration option, the `.ransack!`
+class method also raises an error if passed an unknown condition:
+
+```ruby
+Article.ransack!(unknown_attr_eq: 'Ernie')
+# ArgumentError: Invalid search term unknown_attr_eq
+```
+
+This is equivilent to the `ignore_unknown_conditions` configuration option,
+except it may be applied on a case-by-case basis.
+
 ### Using Scopes/Class Methods
 
 Continuing on from the preceding section, searching by scopes requires defining
@@ -870,6 +918,28 @@ en:
         title: Old Ransack Namespaced Title
 ```
 
+### Updating From MetaSearch
+
+Ransack works much like MetaSearch, for those of you who are familiar with
+it, and requires very little setup effort.
+
+If you're coming from MetaSearch, things to note:
+
+  1. The default param key for search params is now `:q`, instead of `:search`.
+  This is primarily to shorten query strings, though advanced queries (below)
+  will still run afoul of URL length limits in most browsers and require a
+  switch to HTTP POST requests. This key is
+  [configurable](default-search-parameter) via setting the `search_key` option
+  in your Ransack intitializer file.
+
+  2. `form_for` is now `search_form_for`, and validates that a Ransack::Search
+  object is passed to it.
+
+  3. Common ActiveRecord::Relation methods are no longer delegated by the
+  search object. Instead, you will get your search results (an
+  ActiveRecord::Relation in the case of the ActiveRecord adapter) via a call to
+  `Ransack#result`.
+
 ## Mongoid
 
 Mongoid support has been moved to its own gem at [ransack-mongoid](https://github.com/activerecord-hackery/ransack-mongoid).

data/lib/ransack/adapters/active_record/base.rb

@@ -18,6 +18,10 @@ module Ransack
           Search.new(self, params, options)
         end
 
+        def ransack!(params = {}, options = {})
+          ransack(params, options.merge(ignore_unknown_conditions: false))
+        end
+
         def ransacker(name, opts = {}, &block)
           self._ransackers = _ransackers.merge name.to_s => Ransacker
             .new(self, name, opts, &block)

data/lib/ransack/adapters/active_record/context.rb

@@ -42,6 +42,13 @@ module Ransack
               if scope_or_sort.is_a?(Symbol)
                 relation = relation.send(scope_or_sort)
               else
+                case Ransack.options[:postgres_fields_sort_option]
+                when :nulls_first
+                  scope_or_sort = scope_or_sort.direction == :asc ? "#{scope_or_sort.to_sql} NULLS FIRST" : "#{scope_or_sort.to_sql} NULLS LAST"
+                when :nulls_last
+                  scope_or_sort = scope_or_sort.direction == :asc ? "#{scope_or_sort.to_sql} NULLS LAST" : "#{scope_or_sort.to_sql} NULLS FIRST"
+                end
+
                 relation = relation.order(scope_or_sort)
               end
             end

data/lib/ransack/configuration.rb

@@ -33,7 +33,8 @@ module Ransack
       :up_arrow => '▼'.freeze,
       :down_arrow => '▲'.freeze,
       :default_arrow => nil,
-      :sanitize_scope_args => true
+      :sanitize_scope_args => true,
+      :postgres_fields_sort_option => nil
     }
 
     def configure
@@ -141,6 +142,21 @@ module Ransack
       self.options[:sanitize_scope_args] = boolean
     end
 
+    # The `NULLS FIRST` and `NULLS LAST` options can be used to determine
+    # whether nulls appear before or after non-null values in the sort ordering.
+    #
+    # User may want to configure it like this:
+    #
+    # Ransack.configure do |c|
+    #   c.postgres_fields_sort_option = :nulls_first # or :nulls_last
+    # end
+    #
+    # See this feature: https://www.postgresql.org/docs/13/queries-order.html
+    #
+    def postgres_fields_sort_option=(setting)
+      self.options[:postgres_fields_sort_option] = setting
+    end
+
     # By default, Ransack displays sort order indicator arrows in sort links.
     # The default may be globally overridden in an initializer file like
     # `config/initializers/ransack.rb` as follows:

data/lib/ransack/search.rb

@@ -30,6 +30,7 @@ module Ransack
         )
       @scope_args = {}
       @sorts ||= []
+      @ignore_unknown_conditions = options[:ignore_unknown_conditions] == false ? false : true
       build(params.with_indifferent_access)
     end
 
@@ -45,7 +46,7 @@ module Ransack
           base.send("#{key}=", value)
         elsif @context.ransackable_scope?(key, @context.object)
           add_scope(key, value)
-        elsif !Ransack.options[:ignore_unknown_conditions]
+        elsif !Ransack.options[:ignore_unknown_conditions] || !@ignore_unknown_conditions
           raise ArgumentError, "Invalid search term #{key}"
         end
       end

data/lib/ransack/version.rb

@@ -1,3 +1,3 @@
 module Ransack
-  VERSION = '2.4.0'
+  VERSION = '2.4.1'
 end

data/spec/ransack/adapters/active_record/base_spec.rb

@@ -122,6 +122,10 @@ module Ransack
             expect { Person.ransack('') }.to_not raise_error
           end
 
+          it 'raises exception if ransack! called with unknown condition' do
+            expect { Person.ransack!(unknown_attr_eq: 'Ernie') }.to raise_error
+          end
+
           it 'does not modify the parameters' do
             params = { name_eq: '' }
             expect { Person.ransack(params) }.not_to change { params }

data/spec/ransack/configuration_spec.rb

@@ -173,5 +173,15 @@ module Ransack
         .to eq false
       end
     end
+
+    it "PG's sort option", if: ::ActiveRecord::Base.connection.adapter_name == "PostgreSQL" do
+      default = Ransack.options.clone
+
+      Ransack.configure { |c| c.postgres_fields_sort_option = :nulls_first }
+
+      expect(Ransack.options[:postgres_fields_sort_option]).to eq :nulls_first
+
+      Ransack.options = default
+    end
   end
 end

data/spec/ransack/search_spec.rb

@@ -232,7 +232,7 @@ module Ransack
       context 'with an invalid condition' do
         subject { Search.new(Person, unknown_attr_eq: 'Ernie') }
 
-        context 'when ignore_unknown_conditions is false' do
+        context 'when ignore_unknown_conditions configuration option is false' do
           before do
             Ransack.configure { |c| c.ignore_unknown_conditions = false }
           end
@@ -240,13 +240,39 @@ module Ransack
           specify { expect { subject }.to raise_error ArgumentError }
         end
 
-        context 'when ignore_unknown_conditions is true' do
+        context 'when ignore_unknown_conditions configuration option is true' do
           before do
             Ransack.configure { |c| c.ignore_unknown_conditions = true }
           end
 
           specify { expect { subject }.not_to raise_error }
         end
+
+        subject(:with_ignore_unknown_conditions_false) {
+          Search.new(Person,
+            { unknown_attr_eq: 'Ernie' },
+            { ignore_unknown_conditions: false }
+          )
+        }
+
+        subject(:with_ignore_unknown_conditions_true) {
+          Search.new(Person,
+            { unknown_attr_eq: 'Ernie' },
+            { ignore_unknown_conditions: true }
+          )
+        }
+
+        context 'when ignore_unknown_conditions search parameter is absent' do
+          specify { expect { subject }.not_to raise_error }
+        end
+
+        context 'when ignore_unknown_conditions search parameter is false' do
+          specify { expect { with_ignore_unknown_conditions_false }.to raise_error ArgumentError }
+        end
+
+        context 'when ignore_unknown_conditions search parameter is true' do
+          specify { expect { with_ignore_unknown_conditions_true }.not_to raise_error }
+        end
       end
 
       it 'does not modify the parameters' do
@@ -507,6 +533,27 @@ module Ransack
         @s.sorts = 'id asc'
         expect(@s.result.first.id).to eq 1
       end
+
+      it "PG's sort option", if: ::ActiveRecord::Base.connection.adapter_name == "PostgreSQL" do
+        default = Ransack.options.clone
+
+        s = Search.new(Person, s: 'name asc')
+        expect(s.result.to_sql).to eq "SELECT \"people\".* FROM \"people\" ORDER BY \"people\".\"name\" ASC"
+
+        Ransack.configure { |c| c.postgres_fields_sort_option = :nulls_first }
+        s = Search.new(Person, s: 'name asc')
+        expect(s.result.to_sql).to eq "SELECT \"people\".* FROM \"people\" ORDER BY \"people\".\"name\" ASC NULLS FIRST"
+        s = Search.new(Person, s: 'name desc')
+        expect(s.result.to_sql).to eq "SELECT \"people\".* FROM \"people\" ORDER BY \"people\".\"name\" DESC NULLS LAST"
+
+        Ransack.configure { |c| c.postgres_fields_sort_option = :nulls_last }
+        s = Search.new(Person, s: 'name asc')
+        expect(s.result.to_sql).to eq "SELECT \"people\".* FROM \"people\" ORDER BY \"people\".\"name\" ASC NULLS LAST"
+        s = Search.new(Person, s: 'name desc')
+        expect(s.result.to_sql).to eq "SELECT \"people\".* FROM \"people\" ORDER BY \"people\".\"name\" DESC NULLS FIRST"
+
+        Ransack.options = default
+      end
     end
 
     describe '#method_missing' do

data/spec/support/schema.rb

@@ -6,6 +6,8 @@ when 'mysql', 'mysql2'
   ActiveRecord::Base.establish_connection(
     adapter:  'mysql2',
     database: 'ransack',
+    username: ENV.fetch("MYSQL_USERNAME") { "root" },
+    password: ENV.fetch("MYSQL_PASSWORD") { "" },
     encoding: 'utf8'
   )
 when 'pg', 'postgres', 'postgresql'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ransack
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.4.1
 platform: ruby
 authors:
 - Ernie Miller
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-11-27 00:00:00.000000000 Z
+date: 2020-12-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -66,8 +66,10 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/FUNDING.yml"
+- ".github/SECURITY.md"
+- ".github/workflows/test.yml"
 - ".gitignore"
-- ".travis.yml"
 - CHANGELOG.md
 - CONTRIBUTING.md
 - Gemfile

data/.travis.yml

@@ -1,47 +0,0 @@
-branches: master
-
-language: ruby
-
-rvm:
-  - 2.6.6
-
-services:
-  - mysql
-
-env:
-  - RAILS=v6.1.0.rc1 DB=sqlite3
-  - RAILS=v6.1.0.rc1 DB=mysql
-  - RAILS=v6.1.0.rc1 DB=postgres
-
-  - RAILS=v6.0.3 DB=sqlite3
-  - RAILS=v6.0.3 DB=mysql
-  - RAILS=v6.0.3 DB=postgres
-
-  - RAILS=6-0-stable DB=sqlite3
-  - RAILS=6-0-stable DB=mysql
-  - RAILS=6-0-stable DB=postgres
-
-  - RAILS=5-2-stable DB=sqlite3
-  - RAILS=5-2-stable DB=mysql
-  - RAILS=5-2-stable DB=postgres
-
-  - RAILS=v5.2.4 DB=sqlite3
-  - RAILS=v5.2.4 DB=mysql
-  - RAILS=v5.2.4 DB=postgres
-
-before_script:
-  - if [ "$DB" = "mysql" ];
-    then
-      mysql -e 'create database ransack collate utf8_general_ci;';
-      mysql -e 'use ransack;show variables like "%character%";show variables like "%collation%";';
-    fi
-
-  - if [ "$DB" = "postgres" ];
-    then
-      psql -c 'create database ransack;' -U postgres;
-    fi
-
-addons:
-  code_climate:
-    repo_token: 8b701c4364d51a0217105e08c06922d600cec3d9e60d546a89e3ddfe46e0664e
-  postgresql: "9.6"