ransack 3.2.0 → 4.0.0

data/spec/support/schema.rb

@@ -28,7 +28,24 @@ else
   )
 end
 
-class Person < ActiveRecord::Base
+# This is just a test app with no sensitive data, so we explicitly allowlist all
+# attributes and associations for search. In general, end users should
+# explicitly authorize each model, but this shows a way to configure the
+# unrestricted default behavior of versions prior to Ransack 4.
+#
+class ApplicationRecord < ActiveRecord::Base
+  self.abstract_class = true
+
+  def self.ransackable_attributes(auth_object = nil)
+    authorizable_ransackable_attributes
+  end
+
+  def self.ransackable_associations(auth_object = nil)
+    authorizable_ransackable_associations
+  end
+end
+
+class Person < ApplicationRecord
   default_scope { order(id: :desc) }
   belongs_to :parent, class_name: 'Person', foreign_key: :parent_id
   has_many   :children, class_name: 'Person', foreign_key: :parent_id
@@ -111,9 +128,9 @@ class Person < ActiveRecord::Base
 
   def self.ransackable_attributes(auth_object = nil)
     if auth_object == :admin
-      super - ['only_sort']
+      authorizable_ransackable_attributes - ['only_sort']
     else
-      super - ['only_sort', 'only_admin']
+      authorizable_ransackable_attributes - ['only_sort', 'only_admin']
     end
   end
 
@@ -129,7 +146,7 @@ end
 class Musician < Person
 end
 
-class Article < ActiveRecord::Base
+class Article < ApplicationRecord
   belongs_to :person
   has_many :comments
   has_and_belongs_to_many :tags
@@ -182,7 +199,7 @@ end
 class StoryArticle < Article
 end
 
-class Recommendation < ActiveRecord::Base
+class Recommendation < ApplicationRecord
   belongs_to :person
   belongs_to :target_person, class_name: 'Person'
   belongs_to :article
@@ -200,22 +217,22 @@ module Namespace
   end
 end
 
-class Comment < ActiveRecord::Base
+class Comment < ApplicationRecord
   belongs_to :article
   belongs_to :person
 
   default_scope { where(disabled: false) }
 end
 
-class Tag < ActiveRecord::Base
+class Tag < ApplicationRecord
   has_and_belongs_to_many :articles
 end
 
-class Note < ActiveRecord::Base
+class Note < ApplicationRecord
   belongs_to :notable, polymorphic: true
 end
 
-class Account < ActiveRecord::Base
+class Account < ApplicationRecord
   belongs_to :agent_account, class_name: "Account"
   belongs_to :trade_account, class_name: "Account"
 end
@@ -308,7 +325,7 @@ module Schema
 end
 
 module SubDB
-  class Base < ActiveRecord::Base
+  class Base < ApplicationRecord
     self.abstract_class = true
     establish_connection(
       adapter: 'sqlite3',

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ransack
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 4.0.0
 platform: ruby
 authors:
 - Ernie Miller
@@ -12,7 +12,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-09 00:00:00.000000000 Z
+date: 2023-02-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -69,6 +69,7 @@ extra_rdoc_files: []
 files:
 - ".github/FUNDING.yml"
 - ".github/SECURITY.md"
+- ".github/workflows/codeql.yml"
 - ".github/workflows/cronjob.yml"
 - ".github/workflows/deploy.yml"
 - ".github/workflows/rubocop.yml"
@@ -139,7 +140,6 @@ files:
 - docs/static/logo/ransack.png
 - docs/static/logo/ransack.svg
 - docs/yarn.lock
-- lib/polyamorous.rb
 - lib/polyamorous/activerecord_6.1_ruby_2/join_association.rb
 - lib/polyamorous/activerecord_6.1_ruby_2/join_dependency.rb
 - lib/polyamorous/activerecord_6.1_ruby_2/reflection.rb
@@ -154,15 +154,9 @@ files:
 - lib/polyamorous/swapping_reflection_class.rb
 - lib/polyamorous/tree_node.rb
 - lib/ransack.rb
-- lib/ransack/adapters.rb
-- lib/ransack/adapters/active_record.rb
+- lib/ransack/active_record.rb
 - lib/ransack/adapters/active_record/base.rb
 - lib/ransack/adapters/active_record/context.rb
-- lib/ransack/adapters/active_record/ransack/constants.rb
-- lib/ransack/adapters/active_record/ransack/context.rb
-- lib/ransack/adapters/active_record/ransack/nodes/condition.rb
-- lib/ransack/adapters/active_record/ransack/translate.rb
-- lib/ransack/adapters/active_record/ransack/visitor.rb
 - lib/ransack/configuration.rb
 - lib/ransack/constants.rb
 - lib/ransack/context.rb
@@ -196,7 +190,6 @@ files:
 - lib/ransack/locale/zh-CN.yml
 - lib/ransack/locale/zh-TW.yml
 - lib/ransack/naming.rb
-- lib/ransack/nodes.rb
 - lib/ransack/nodes/attribute.rb
 - lib/ransack/nodes/bindable.rb
 - lib/ransack/nodes/condition.rb
@@ -230,6 +223,7 @@ files:
 - spec/ransack/helpers/form_helper_spec.rb
 - spec/ransack/nodes/condition_spec.rb
 - spec/ransack/nodes/grouping_spec.rb
+- spec/ransack/nodes/value_spec.rb
 - spec/ransack/predicate_spec.rb
 - spec/ransack/search_spec.rb
 - spec/ransack/translate_spec.rb
@@ -255,7 +249,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.4.0.dev
+rubygems_version: 3.4.6
 signing_key:
 specification_version: 4
 summary: Object-based searching for Active Record.
@@ -279,6 +273,7 @@ test_files:
 - spec/ransack/helpers/form_helper_spec.rb
 - spec/ransack/nodes/condition_spec.rb
 - spec/ransack/nodes/grouping_spec.rb
+- spec/ransack/nodes/value_spec.rb
 - spec/ransack/predicate_spec.rb
 - spec/ransack/search_spec.rb
 - spec/ransack/translate_spec.rb

data/lib/polyamorous.rb

@@ -1 +0,0 @@
-require 'polyamorous/polyamorous'

data/lib/ransack/adapters/active_record/ransack/constants.rb

@@ -1,128 +0,0 @@
-module Ransack
-  module Constants
-    DISTINCT = 'DISTINCT '.freeze
-
-    DERIVED_PREDICATES = [
-      [CONT, {
-        arel_predicate: 'matches'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v)}%" }
-        }
-      ],
-      ['not_cont'.freeze, {
-        arel_predicate: 'does_not_match'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v)}%" }
-        }
-      ],
-      ['i_cont'.freeze, {
-        arel_predicate: 'matches'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v.downcase)}%" },
-        case_insensitive: true
-        }
-      ],
-      ['not_i_cont'.freeze, {
-        arel_predicate: 'does_not_match'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v.downcase)}%" },
-        case_insensitive: true
-        }
-      ],
-      ['start'.freeze, {
-        arel_predicate: 'matches'.freeze,
-        formatter: proc { |v| "#{escape_wildcards(v)}%" }
-        }
-      ],
-      ['not_start'.freeze, {
-        arel_predicate: 'does_not_match'.freeze,
-        formatter: proc { |v| "#{escape_wildcards(v)}%" }
-        }
-      ],
-      ['end'.freeze, {
-        arel_predicate: 'matches'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v)}" }
-        }
-      ],
-      ['not_end'.freeze, {
-        arel_predicate: 'does_not_match'.freeze,
-        formatter: proc { |v| "%#{escape_wildcards(v)}" }
-        }
-      ],
-      ['true'.freeze, {
-        arel_predicate: proc { |v| v ? EQ : NOT_EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| true }
-        }
-      ],
-      ['not_true'.freeze, {
-        arel_predicate: proc { |v| v ? NOT_EQ : EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| true }
-        }
-      ],
-      ['false'.freeze, {
-        arel_predicate: proc { |v| v ? EQ : NOT_EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| false }
-        }
-      ],
-      ['not_false'.freeze, {
-        arel_predicate: proc { |v| v ? NOT_EQ : EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| false }
-        }
-      ],
-      ['present'.freeze, {
-        arel_predicate: proc { |v| v ? NOT_EQ_ALL : EQ_ANY },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| [nil, ''.freeze].freeze }
-        }
-      ],
-      ['blank'.freeze, {
-        arel_predicate: proc { |v| v ? EQ_ANY : NOT_EQ_ALL },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| [nil, ''.freeze].freeze }
-        }
-      ],
-      ['null'.freeze, {
-        arel_predicate: proc { |v| v ? EQ : NOT_EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| nil }
-        }
-      ],
-      ['not_null'.freeze, {
-        arel_predicate: proc { |v| v ? NOT_EQ : EQ },
-        compounds: false,
-        type: :boolean,
-        validator: proc { |v| BOOLEAN_VALUES.include?(v) },
-        formatter: proc { |v| nil } }
-      ]
-    ].freeze
-
-  module_function
-    # replace % \ to \% \\
-    def escape_wildcards(unescaped)
-      case ActiveRecord::Base.connection.adapter_name
-      when "Mysql2".freeze
-        # Necessary for MySQL
-        unescaped.to_s.gsub(/([\\%_])/, '\\\\\\1')
-      when "PostgreSQL".freeze
-        # Necessary for PostgreSQL
-        unescaped.to_s.gsub(/([\\%_.])/, '\\\\\\1')
-      else
-        unescaped
-      end
-    end
-  end
-end

data/lib/ransack/adapters/active_record/ransack/context.rb

@@ -1,56 +0,0 @@
-require 'ransack/visitor'
-
-module Ransack
-  class Context
-    attr_reader :arel_visitor
-
-    class << self
-
-      def for_class(klass, options = {})
-        if klass < ActiveRecord::Base
-          Adapters::ActiveRecord::Context.new(klass, options)
-        end
-      end
-
-      def for_object(object, options = {})
-        case object
-        when ActiveRecord::Relation
-          Adapters::ActiveRecord::Context.new(object.klass, options)
-        end
-      end
-
-    end # << self
-
-    def initialize(object, options = {})
-      @object = relation_for(object)
-      @klass = @object.klass
-      @join_dependency = join_dependency(@object)
-      @join_type = options[:join_type] || Polyamorous::OuterJoin
-      @search_key = options[:search_key] || Ransack.options[:search_key]
-      @associations_pot = {}
-      @tables_pot = {}
-      @lock_associations = []
-
-      @base = @join_dependency.instance_variable_get(:@join_root)
-    end
-
-    def bind_pair_for(key)
-      @bind_pairs ||= {}
-
-      @bind_pairs[key] ||= begin
-        parent, attr_name = get_parent_and_attribute_name(key.to_s)
-        [parent, attr_name] if parent && attr_name
-      end
-    end
-
-    def klassify(obj)
-      if Class === obj && ::ActiveRecord::Base > obj
-        obj
-      elsif obj.respond_to? :klass
-        obj.klass
-      else
-        raise ArgumentError, "Don't know how to klassify #{obj.inspect}"
-      end
-    end
-  end
-end

data/lib/ransack/adapters/active_record/ransack/nodes/condition.rb

@@ -1,61 +0,0 @@
-module Ransack
-  module Nodes
-    class Condition
-
-      def arel_predicate
-        attributes.map { |attribute|
-          association = attribute.parent
-          if negative? && attribute.associated_collection?
-            query = context.build_correlated_subquery(association)
-            context.remove_association(association)
-            if self.predicate_name == 'not_null' && self.value
-              query.where(format_predicate(attribute))
-              Arel::Nodes::In.new(context.primary_key, Arel.sql(query.to_sql))
-            else
-              query.where(format_predicate(attribute).not)
-              Arel::Nodes::NotIn.new(context.primary_key, Arel.sql(query.to_sql))
-            end
-          else
-            format_predicate(attribute)
-          end
-        }.reduce(combinator_method)
-      end
-
-      private
-
-        def combinator_method
-          combinator === Constants::OR ? :or : :and
-        end
-
-        def format_predicate(attribute)
-          arel_pred = arel_predicate_for_attribute(attribute)
-          arel_values = formatted_values_for_attribute(attribute)
-          predicate = attr_value_for_attribute(attribute).public_send(arel_pred, arel_values)
-
-          if in_predicate?(predicate)
-            predicate.right = predicate.right.map do |pr|
-              casted_array?(pr) ? format_values_for(pr) : pr
-            end
-          end
-
-          predicate
-        end
-
-        def in_predicate?(predicate)
-          return unless defined?(Arel::Nodes::Casted)
-          predicate.class == Arel::Nodes::In || predicate.class == Arel::Nodes::NotIn
-        end
-
-        def casted_array?(predicate)
-          predicate.value.is_a?(Array) && predicate.is_a?(Arel::Nodes::Casted)
-        end
-
-        def format_values_for(predicate)
-          predicate.value.map do |val|
-            val.is_a?(String) ? Arel::Nodes.build_quoted(val) : val
-          end
-        end
-
-    end
-  end
-end

data/lib/ransack/adapters/active_record/ransack/translate.rb

@@ -1,8 +0,0 @@
-module Ransack
-  module Translate
-
-    def self.i18n_key(klass)
-      klass.model_name.i18n_key
-    end
-  end
-end

data/lib/ransack/adapters/active_record/ransack/visitor.rb

@@ -1,47 +0,0 @@
-module Ransack
-  class Visitor
-    def visit_and(object)
-      nodes = object.values.map { |o| accept(o) }.compact
-      return nil unless nodes.size > 0
-
-      if nodes.size > 1
-        Arel::Nodes::Grouping.new(Arel::Nodes::And.new(nodes))
-      else
-        nodes.first
-      end
-    end
-
-    def quoted?(object)
-      case object
-      when Arel::Nodes::SqlLiteral, Bignum, Fixnum
-        false
-      else
-        true
-      end
-    end
-
-    def visit_Ransack_Nodes_Sort(object)
-      if object.valid?
-        if object.attr.is_a?(Arel::Attributes::Attribute)
-          object.attr.send(object.dir)
-        else
-          ordered(object)
-        end
-      else
-        scope_name = :"sort_by_#{object.name}_#{object.dir}"
-        scope_name if object.context.object.respond_to?(scope_name)
-      end
-    end
-
-    private
-
-      def ordered(object)
-        case object.dir
-        when 'asc'.freeze
-          Arel::Nodes::Ascending.new(object.attr)
-        when 'desc'.freeze
-          Arel::Nodes::Descending.new(object.attr)
-        end
-      end
-  end
-end

data/lib/ransack/adapters.rb

@@ -1,64 +0,0 @@
-module Ransack
-  module Adapters
-
-    def self.object_mapper
-      @object_mapper ||= instantiate_object_mapper
-    end
-
-    def self.instantiate_object_mapper
-      if defined?(::ActiveRecord::Base)
-        ActiveRecordAdapter.new
-      elsif defined?(::Mongoid)
-        MongoidAdapter.new
-      else
-        raise "Unsupported adapter"
-      end
-    end
-
-    class ActiveRecordAdapter
-      def require_constants
-        require 'ransack/adapters/active_record/ransack/constants'
-      end
-
-      def require_adapter
-        require 'ransack/adapters/active_record/ransack/translate'
-        require 'ransack/adapters/active_record'
-      end
-
-      def require_context
-        require 'ransack/adapters/active_record/ransack/visitor'
-      end
-
-      def require_nodes
-        require 'ransack/adapters/active_record/ransack/nodes/condition'
-      end
-
-      def require_search
-        require 'ransack/adapters/active_record/ransack/context'
-      end
-    end
-
-    class MongoidAdapter
-      def require_constants
-        require 'ransack/adapters/mongoid/ransack/constants'
-      end
-
-      def require_adapter
-        require 'ransack/adapters/mongoid/ransack/translate'
-        require 'ransack/adapters/mongoid'
-      end
-
-      def require_context
-        require 'ransack/adapters/mongoid/ransack/visitor'
-      end
-
-      def require_nodes
-        require 'ransack/adapters/mongoid/ransack/nodes/condition'
-      end
-
-      def require_search
-        require 'ransack/adapters/mongoid/ransack/context'
-      end
-    end
-  end
-end

data/lib/ransack/nodes.rb

@@ -1,8 +0,0 @@
-require 'ransack/nodes/bindable'
-require 'ransack/nodes/node'
-require 'ransack/nodes/attribute'
-require 'ransack/nodes/value'
-require 'ransack/nodes/condition'
-Ransack::Adapters.object_mapper.require_nodes
-require 'ransack/nodes/sort'
-require 'ransack/nodes/grouping'