ransack 4.3.0 → 4.4.1

data/spec/ransack/nodes/condition_spec.rb

@@ -99,6 +99,235 @@ module Ransack
           specify { expect(subject).to eq Condition.extract(Context.for(Person), 'full_name_eq', Person.first.name) }
         end
       end
+
+      context 'with wildcard string values' do
+        it 'properly quotes values with wildcards for LIKE predicates' do
+          ransack_hash = { name_cont: 'test%' }
+          sql = Person.ransack(ransack_hash).result.to_sql
+
+          # The % should be properly quoted in the SQL
+          case ActiveRecord::Base.connection.adapter_name
+          when "Mysql2"
+            expect(sql).to include("LIKE '%test\\\\%%'")
+            expect(sql).not_to include("NOT LIKE '%test\\\\%%'")
+          when "PostGIS", "PostgreSQL"
+            expect(sql).to include("ILIKE '%test\\%%'")
+            expect(sql).not_to include("NOT ILIKE '%test\\%%'")
+          else
+            expect(sql).to include("LIKE '%test%%'")
+            expect(sql).not_to include("NOT LIKE '%test%%'")
+          end
+        end
+
+        it 'properly quotes values with wildcards for NOT LIKE predicates' do
+          ransack_hash = { name_not_cont: 'test%' }
+          sql = Person.ransack(ransack_hash).result.to_sql
+
+          # The % should be properly quoted in the SQL
+          case ActiveRecord::Base.connection.adapter_name
+          when "Mysql2"
+            expect(sql).to include("NOT LIKE '%test\\\\%%'")
+          when "PostGIS", "PostgreSQL"
+            expect(sql).to include("NOT ILIKE '%test\\%%'")
+          else
+            expect(sql).to include("NOT LIKE '%test%%'")
+          end
+        end
+      end
+
+      context 'with negative conditions on associations' do
+        it 'handles not_null predicate with true value correctly' do
+          ransack_hash = { comments_id_not_null: true }
+          sql = Person.ransack(ransack_hash).result.to_sql
+
+          # Should generate an IN query with IS NOT NULL condition
+          expect(sql).to include('IN (')
+          expect(sql).to include('IS NOT NULL')
+          expect(sql).not_to include('IS NULL')
+        end
+
+        it 'handles not_null predicate with false value correctly' do
+          ransack_hash = { comments_id_not_null: false }
+          sql = Person.ransack(ransack_hash).result.to_sql
+
+          # Should generate a NOT IN query with IS NULL condition
+          expect(sql).to include('NOT IN (')
+          expect(sql).to include('IS NULL')
+          expect(sql).not_to include('IS NOT NULL')
+        end
+
+        it 'handles not_cont predicate correctly' do
+          ransack_hash = { comments_body_not_cont: 'test' }
+          sql = Person.ransack(ransack_hash).result.to_sql
+
+          # Should generate a NOT IN query with LIKE condition (not NOT LIKE)
+          expect(sql).to include('NOT IN (')
+          expect(sql).to include("LIKE '%test%'")
+          expect(sql).not_to include("NOT LIKE '%test%'")
+        end
+      end
+
+      context 'with nested conditions' do
+        it 'correctly identifies non-nested conditions' do
+          condition = Condition.extract(
+            Context.for(Person), 'name_eq', 'Test'
+          )
+
+          # Create a mock parent table
+          parent_table = Person.arel_table
+
+          # Get the attribute name and make sure it starts with the table name
+          attribute = condition.attributes.first
+          expect(attribute.name).to eq('name')
+          expect(parent_table.name).to eq('people')
+
+          # The method should return false because 'name' doesn't start with 'people'
+          result = condition.send(:not_nested_condition, attribute, parent_table)
+          expect(result).to be false
+        end
+
+        it 'correctly identifies truly non-nested conditions when attribute name starts with table name' do
+          # Create a condition with an attribute that starts with the table name
+          condition = Condition.extract(
+            Context.for(Person), 'name_eq', 'Test'
+          )
+
+          # Modify the attribute name to start with the table name for testing purposes
+          attribute = condition.attributes.first
+          allow(attribute).to receive(:name).and_return('people_name')
+
+          # Create a parent table
+          parent_table = Person.arel_table
+
+          # Now the method should return true because 'people_name' starts with 'people'
+          result = condition.send(:not_nested_condition, attribute, parent_table)
+          expect(result).to be true
+        end
+
+        it 'correctly identifies nested conditions' do
+          condition = Condition.extract(
+            Context.for(Person), 'articles_title_eq', 'Test'
+          )
+
+          # Create a mock table alias
+          parent_table = Arel::Nodes::TableAlias.new(
+            Article.arel_table,
+            Article.arel_table
+          )
+
+          # Access the private method using send
+          result = condition.send(:not_nested_condition, condition.attributes.first, parent_table)
+
+          # Should return false for nested condition
+          expect(result).to be false
+        end
+      end
+
+      context 'with polymorphic associations and not_in predicate' do
+        before do
+          # Define test models for polymorphic associations
+          class ::TestTask < ActiveRecord::Base
+            self.table_name = 'tasks'
+            has_many :follows, primary_key: :uid, inverse_of: :followed, foreign_key: :followed_uid, class_name: 'TestFollow'
+            has_many :users, through: :follows, source: :follower, source_type: 'TestUser'
+
+            # Add ransackable_attributes method
+            def self.ransackable_attributes(auth_object = nil)
+              ["created_at", "id", "name", "uid", "updated_at"]
+            end
+
+            # Add ransackable_associations method
+            def self.ransackable_associations(auth_object = nil)
+              ["follows", "users"]
+            end
+          end
+
+          class ::TestFollow < ActiveRecord::Base
+            self.table_name = 'follows'
+            belongs_to :follower, polymorphic: true, foreign_key: :follower_uid, primary_key: :uid
+            belongs_to :followed, polymorphic: true, foreign_key: :followed_uid, primary_key: :uid
+
+            # Add ransackable_attributes method
+            def self.ransackable_attributes(auth_object = nil)
+              ["created_at", "followed_type", "followed_uid", "follower_type", "follower_uid", "id", "updated_at"]
+            end
+
+            # Add ransackable_associations method
+            def self.ransackable_associations(auth_object = nil)
+              ["followed", "follower"]
+            end
+          end
+
+          class ::TestUser < ActiveRecord::Base
+            self.table_name = 'users'
+            has_many :follows, primary_key: :uid, inverse_of: :follower, foreign_key: :follower_uid, class_name: 'TestFollow'
+            has_many :tasks, through: :follows, source: :followed, source_type: 'TestTask'
+
+            # Add ransackable_attributes method
+            def self.ransackable_attributes(auth_object = nil)
+              ["created_at", "id", "name", "uid", "updated_at"]
+            end
+
+            # Add ransackable_associations method
+            def self.ransackable_associations(auth_object = nil)
+              ["follows", "tasks"]
+            end
+          end
+
+          # Create tables if they don't exist
+          ActiveRecord::Base.connection.create_table(:tasks, force: true) do |t|
+            t.string :uid
+            t.string :name
+            t.timestamps null: false
+          end
+
+          ActiveRecord::Base.connection.create_table(:follows, force: true) do |t|
+            t.string :followed_uid, null: false
+            t.string :followed_type, null: false
+            t.string :follower_uid, null: false
+            t.string :follower_type, null: false
+            t.timestamps null: false
+            t.index [:followed_uid, :followed_type]
+            t.index [:follower_uid, :follower_type]
+          end
+
+          ActiveRecord::Base.connection.create_table(:users, force: true) do |t|
+            t.string :uid
+            t.string :name
+            t.timestamps null: false
+          end
+        end
+
+        after do
+          # Clean up test models and tables
+          Object.send(:remove_const, :TestTask)
+          Object.send(:remove_const, :TestFollow)
+          Object.send(:remove_const, :TestUser)
+
+          ActiveRecord::Base.connection.drop_table(:tasks, if_exists: true)
+          ActiveRecord::Base.connection.drop_table(:follows, if_exists: true)
+          ActiveRecord::Base.connection.drop_table(:users, if_exists: true)
+        end
+
+        it 'correctly handles not_in predicate with polymorphic associations' do
+          # Create the search
+          search = TestTask.ransack(users_uid_not_in: ['uid_example'])
+          sql = search.result.to_sql
+
+          # Verify the SQL contains the expected NOT IN clause
+          expect(sql).to include('NOT IN')
+          expect(sql).to include("follower_uid")
+          expect(sql).to include("followed_uid")
+          expect(sql).to include("'uid_example'")
+
+          # The SQL should include a reference to tasks.uid
+          expect(sql).to include("tasks")
+          expect(sql).to include("uid")
+
+          # The SQL should include a reference to follows table
+          expect(sql).to include("follows")
+        end
+      end
     end
   end
 end

data/spec/ransack/nodes/grouping_spec.rb

@@ -3,7 +3,6 @@ require 'spec_helper'
 module Ransack
   module Nodes
     describe Grouping do
-
       before do
         @g = 1
       end
@@ -66,6 +65,7 @@ module Ransack
               }
             }
           end
+
           before { subject.conditions = conditions }
 
           it 'expect duplicates to be removed' do
@@ -98,6 +98,7 @@ module Ransack
               }
             }
           end
+
           before { subject.conditions = conditions }
 
           it 'expect them to be parsed as different and not as duplicates' do
@@ -105,7 +106,6 @@ module Ransack
           end
         end
       end
-
     end
   end
 end

data/spec/ransack/nodes/value_spec.rb

@@ -71,6 +71,18 @@ module Ransack
         end
       end
 
+      [[], ["12"], ["101.5"]].each do |value|
+        context "with an array value (#{value.inspect})" do
+          let(:raw_value) { value }
+
+          it "should cast to integer as nil" do
+            result = subject.cast(:integer)
+
+            expect(result).to be nil
+          end
+        end
+      end
+
       ["12", "101.5"].each do |value|
         context "with a float value (#{value})" do
           let(:raw_value) { value }
@@ -109,7 +121,6 @@ module Ransack
           end
         end
       end
-
     end
   end
 end

data/spec/ransack/predicate_spec.rb

@@ -5,7 +5,6 @@ module Ransack
   FALSE_VALUES = [false, 0, '0', 'f', 'F', 'false', 'FALSE'].to_set
 
   describe Predicate do
-
     before do
       @s = Search.new(Person)
     end

data/spec/ransack/ransacker_spec.rb

@@ -0,0 +1,69 @@
+require 'spec_helper'
+
+module Ransack
+  describe Ransacker do
+    let(:klass) { Person }
+    let(:name) { :test_ransacker }
+    let(:opts) { {} }
+
+    describe '#initialize' do
+      context 'with minimal options' do
+        subject { Ransacker.new(klass, name, opts) }
+
+        it 'sets the name' do
+          expect(subject.name).to eq(name)
+        end
+
+        it 'sets default type to string' do
+          expect(subject.type).to eq(:string)
+        end
+
+        it 'sets default args to [:parent]' do
+          expect(subject.args).to eq([:parent])
+        end
+      end
+
+      context 'with custom options' do
+        let(:opts) { { type: :integer, args: [:parent, :custom_arg], formatter: proc { |v| v.to_i } } }
+
+        subject { Ransacker.new(klass, name, opts) }
+
+        it 'sets the custom type' do
+          expect(subject.type).to eq(:integer)
+        end
+
+        it 'sets the custom args' do
+          expect(subject.args).to eq([:parent, :custom_arg])
+        end
+
+        it 'sets the formatter' do
+          expect(subject.formatter).to eq(opts[:formatter])
+        end
+      end
+
+      context 'with callable option' do
+        let(:callable) { proc { |parent| parent.table[:id] } }
+        let(:opts) { { callable: callable } }
+
+        subject { Ransacker.new(klass, name, opts) }
+
+        it 'initializes successfully' do
+          expect(subject).to be_a(Ransacker)
+        end
+      end
+    end
+
+    describe 'basic functionality' do
+      subject { Ransacker.new(klass, name, opts) }
+
+      it 'responds to required methods' do
+        expect(subject).to respond_to(:name)
+        expect(subject).to respond_to(:type)
+        expect(subject).to respond_to(:args)
+        expect(subject).to respond_to(:formatter)
+        expect(subject).to respond_to(:attr_from)
+        expect(subject).to respond_to(:call)
+      end
+    end
+  end
+end

data/spec/ransack/search_spec.rb

@@ -178,7 +178,6 @@ module Ransack
         #     AND "articles"."title" = 'Test' AND "articles"."published" = 't' AND ('default_scope' = 'default_scope')
         # ) ORDER BY "people"."id" DESC
 
-        pending("spec should pass, but I do not know how/where to fix lib code")
         s = Search.new(Person, published_articles_title_not_eq: 'Test')
         expect(s.result.to_sql).to include 'default_scope'
         expect(s.result.to_sql).to include 'published'
@@ -314,6 +313,46 @@ module Ransack
         expect { Search.new(Person, params) }.not_to change { params }
       end
 
+      context 'with empty search parameters' do
+        it 'handles completely empty parameters' do
+          search = Search.new(Person, {})
+          expect(search.result.to_sql).not_to match(/WHERE/)
+        end
+
+        it 'handles nil parameters' do
+          search = Search.new(Person, nil)
+          expect(search.result.to_sql).not_to match(/WHERE/)
+        end
+      end
+
+      context 'with whitespace-only values' do
+        before do
+          Ransack.configure { |c| c.strip_whitespace = true }
+        end
+
+        it 'removes whitespace-only values' do
+          expect_any_instance_of(Search).to receive(:build).with({})
+          Search.new(Person, name_eq: '   ')
+        end
+
+        it 'keeps values with content after whitespace stripping' do
+          expect_any_instance_of(Search).to receive(:build).with({ 'name_eq' => 'test' })
+          Search.new(Person, name_eq: '  test  ')
+        end
+      end
+
+      context 'with special characters in values' do
+        it 'handles values with special regex characters' do
+          search = Search.new(Person, name_cont: 'test[(){}^$|?*+.\\')
+          expect { search.result }.not_to raise_error
+        end
+
+        it 'handles values with SQL injection attempts' do
+          search = Search.new(Person, name_cont: "'; DROP TABLE people; --")
+          expect { search.result }.not_to raise_error
+        end
+      end
+
       context "ransackable_scope" do
         around(:each) do |example|
           Person.define_singleton_method(:name_eq) do |name|
@@ -337,6 +376,74 @@ module Ransack
         end
       end
 
+      context "ransackable_scope with array arguments" do
+        around(:each) do |example|
+          Person.define_singleton_method(:domestic) do |countries|
+            self.where(name: countries)
+          end
+
+          Person.define_singleton_method(:flexible_scope) do |*args|
+            self.where(id: args)
+          end
+
+          Person.define_singleton_method(:two_param_scope) do |param1, param2|
+            self.where(name: param1, id: param2)
+          end
+
+          begin
+            example.run
+          ensure
+            Person.singleton_class.undef_method :domestic
+            Person.singleton_class.undef_method :flexible_scope
+            Person.singleton_class.undef_method :two_param_scope
+          end
+        end
+
+        it "handles scopes that take arrays as single arguments (arity 1)" do
+          allow(Person).to receive(:ransackable_scopes)
+            .and_return(Person.ransackable_scopes + [:domestic])
+
+          # This should not raise ArgumentError
+          expect {
+            s = Search.new(Person, domestic: ['US', 'JP'])
+            s.result # This triggers the actual scope call
+          }.not_to raise_error
+
+          s = Search.new(Person, domestic: ['US', 'JP'])
+          expect(s.instance_variable_get(:@scope_args)["domestic"]).to eq("US")
+        end
+
+        it "handles scopes with flexible arity (negative arity)" do
+          allow(Person).to receive(:ransackable_scopes)
+            .and_return(Person.ransackable_scopes + [:flexible_scope])
+
+          expect {
+            s = Search.new(Person, flexible_scope: ['US', 'JP'])
+            s.result
+          }.not_to raise_error
+        end
+
+        it "handles scopes with arity > 1" do
+          allow(Person).to receive(:ransackable_scopes)
+            .and_return(Person.ransackable_scopes + [:two_param_scope])
+
+          expect {
+            s = Search.new(Person, two_param_scope: ['param1', 'param2'])
+            s.result
+          }.not_to raise_error
+        end
+
+        it "still supports the workaround with nested arrays" do
+          allow(Person).to receive(:ransackable_scopes)
+            .and_return(Person.ransackable_scopes + [:domestic])
+
+          # The workaround from the issue should still work
+          expect {
+            s = Search.new(Person, domestic: [['US', 'JP']])
+            s.result
+          }.not_to raise_error
+        end
+      end
     end
 
     describe '#result' do
@@ -349,6 +456,7 @@ module Ransack
       let(:notable_type_field) {
         "#{quote_table_name("notes")}.#{quote_column_name("notable_type")}"
       }
+
       it 'evaluates conditions contextually' do
         s = Search.new(Person, children_name_eq: 'Ernie')
         expect(s.result).to be_an ActiveRecord::Relation
@@ -455,7 +563,7 @@ module Ransack
 
         all_or_load, uniq_or_distinct = :load, :distinct
         expect(s.result.send(all_or_load).size)
-        .to eq(9000)
+        .to eq(8998)
         expect(s.result(distinct: true).size)
         .to eq(10)
         expect(s.result.send(all_or_load).send(uniq_or_distinct))
@@ -479,6 +587,11 @@ module Ransack
         @s = Search.new(Person)
       end
 
+      it 'doesn\'t creates sorts' do
+        @s.sorts = ''
+        expect(@s.sorts.size).to eq(0)
+      end
+
       it 'creates sorts based on a single attribute/direction' do
         @s.sorts = 'id desc'
         expect(@s.sorts.size).to eq(1)

data/spec/ransack/translate_spec.rb

@@ -2,7 +2,6 @@ require 'spec_helper'
 
 module Ransack
   describe Translate do
-
     describe '.attribute' do
       it 'translate namespaced attribute like AR does' do
         ar_translation = ::Namespace::Article.human_attribute_name(:title)

data/spec/spec_helper.rb

@@ -1,38 +1,27 @@
-require 'machinist/active_record'
-require 'polyamorous/polyamorous'
-require 'sham'
-require 'faker'
 require 'ransack'
+require 'factory_bot'
+require 'faker'
 require 'action_controller'
 require 'ransack/helpers'
 require 'pry'
 require 'simplecov'
 require 'byebug'
+require 'rspec'
 
 SimpleCov.start
 I18n.enforce_available_locales = false
 Time.zone = 'Eastern Time (US & Canada)'
 I18n.load_path += Dir[File.join(File.dirname(__FILE__), 'support', '*.yml')]
 
-Dir[File.expand_path('../{helpers,support,blueprints}/*.rb', __FILE__)]
+Dir[File.expand_path('../{helpers,support,factories}/*.rb', __FILE__)]
 .each { |f| require f }
 
 Faker::Config.random = Random.new(0)
-Sham.define do
-  name        { Faker::Name.name }
-  title       { Faker::Lorem.sentence }
-  body        { Faker::Lorem.paragraph }
-  salary      { |index| 30000 + (index * 1000) }
-  tag_name    { Faker::Lorem.words(number: 3).join(' ') }
-  note        { Faker::Lorem.words(number: 7).join(' ') }
-  only_admin  { Faker::Lorem.words(number: 3).join(' ') }
-  only_search { Faker::Lorem.words(number: 3).join(' ') }
-  only_sort   { Faker::Lorem.words(number: 3).join(' ') }
-  notable_id  { |id| id }
-end
 
 RSpec.configure do |config|
   config.alias_it_should_behave_like_to :it_has_behavior, 'has behavior'
+  
+  config.include FactoryBot::Syntax::Methods
 
   config.before(:suite) do
     message = "Running Ransack specs with #{
@@ -42,12 +31,9 @@ RSpec.configure do |config|
     line = '=' * message.length
     puts line, message, line
     Schema.create
-    SubDB::Schema.create
+    SubDB::Schema.create if defined?(SubDB)
   end
 
-  config.before(:all)   { Sham.reset(:before_all) }
-  config.before(:each)  { Sham.reset(:before_each) }
-
   config.include RansackHelper
   config.include PolyamorousHelper
 end