rest_framework 0.5.3 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a1ec41fbc6d06700c4eb62d33369bf489af800914e92c304465d698ef788886
-  data.tar.gz: cc12e9c7e80fd882360f33d00e3ba2dd0f9b415ca7464d1db748afc3c6eec01c
+  metadata.gz: 413ee55f2eecbb8a8cdd3b133852d83a3e3fdb7e43f19c8deae12adcb3d38977
+  data.tar.gz: 6582a4d8acd988ad3034af3191b75454fcf602c5f968772e18fa9d5535b71dea
 SHA512:
-  metadata.gz: 56eac9f7fa7fa5daeb33cbc2b594ac96ba3ca6e27faf2ca10da7aac0aa3508f2fdcf8252b3af35ca293b504630741b3323f0f0f87ad65cecd8b01baf89fdf09e
-  data.tar.gz: 3b46a24e428d32b431b189386beb6ed41e898fc22ac0a470718143d56d86a04ec9a5b26bbdebb73874aae9d4aa8bdc6349b25c485ad34a752d57defed067b95b
+  metadata.gz: 19cb82822923617face6c76e0fd36cfa001f23e88393210990842563b0483891dab03638e11c65bf1182db6ebe0d164cf09bb3e35a7ea06b9769c729e16b85d5
+  data.tar.gz: fc853858e022b126d67f878c63f2e46e18a1f03d03e2aeda90f7c8996b6a461bd41d41d44fadb59d46256aa9c35b18efc1c5e9b7970f712dce010af0c9178e68

data/README.md

@@ -120,9 +120,9 @@ using RVM. Then run `bundle install` to install the appropriate gems.
 To run the test suite:
 
 ```shell
-$ rake test
+$ rails test
 ```
 
-To interact with the test app, `cd test` and operate it via the normal Rails interfaces. Ensure you
-run `rake db:schema:load` before running `rails server` or `rails console`. You can also load the
-test fixtures with `rake db:fixtures:load`.
+The top-level `bin/rails` proxies all Rails commands to the test project, so you can operate it via
+the usual commands. Ensure you run `rails db:setup` before running `rails server` or
+`rails console`.

data/VERSION

@@ -1 +1 @@
-0.5.3
+0.5.4

data/app/views/rest_framework/_route.html.erb

@@ -1,9 +1,11 @@
 <tr>
-  <td><%= route[:path] %></td>
+  <td>
+    <% if route[:route].name && link_args = route[:show_link_args] %>
+      <%= link_to route[:relative_path], self.send("#{route[:route].name}_path", *link_args) %>
+    <% else %>
+      <%= route[:relative_path] %>
+    <% end %>
+  </td>
   <td><%= route[:verb] %></td>
-  <% if route[:controller] && route[:action] %>
-    <td><%= route[:controller] %>#<%= route[:action] %></td>
-  <% else %>
-    <td><%= route[:route_app] %></td>
-  <% end %>
+  <td><%= route[:controller] %>#<%= route[:action] %></td>
 </tr>

data/app/views/rest_framework/_routes.html.erb

@@ -1,5 +1,5 @@
 <div class="table-responsive">
-  <table class="table table-responsive rrf-routes">
+  <table class="table table-sm rrf-routes">
     <thead>
       <tr>
         <th scope="col">Path</th>

data/lib/rest_framework/controller_mixins/base.rb

@@ -81,8 +81,6 @@ module RESTFramework::BaseControllerMixin
     end
   end
 
-  protected
-
   # Helper to get the configured serializer class.
   def get_serializer_class
     return nil unless serializer_class = self.class.serializer_class

data/lib/rest_framework/controller_mixins/models.rb

@@ -31,6 +31,7 @@ module RESTFramework::BaseModelControllerMixin
         native_serializer_config: nil,
         native_serializer_singular_config: nil,
         native_serializer_plural_config: nil,
+        native_serializer_only_query_param: "only",
         native_serializer_except_query_param: "except",
 
         # Attributes for default model filtering (and ordering).
@@ -57,8 +58,6 @@ module RESTFramework::BaseModelControllerMixin
     end
   end
 
-  protected
-
   def _get_specific_action_config(action_config_key, generic_config_key)
     action_config = self.class.send(action_config_key) || {}
     action = self.action_name&.to_sym

data/lib/rest_framework/filters.rb

@@ -13,7 +13,7 @@ end
 class RESTFramework::ModelFilter < RESTFramework::BaseFilter
   # Filter params for keys allowed by the current action's filterset_fields/fields config.
   def _get_filter_params
-    fields = @controller.send(:get_filterset_fields)
+    fields = @controller.get_filterset_fields
     return @controller.request.query_parameters.select { |p, _|
       fields.include?(p)
     }.to_h.symbolize_keys  # convert from HashWithIndifferentAccess to Hash w/keys
@@ -36,7 +36,7 @@ class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
   def _get_ordering
     return nil if @controller.class.ordering_query_param.blank?
 
-    ordering_fields = @controller.send(:get_ordering_fields)
+    ordering_fields = @controller.get_ordering_fields
     order_string = @controller.params[@controller.class.ordering_query_param]
 
     unless order_string.blank?
@@ -76,7 +76,7 @@ end
 class RESTFramework::ModelSearchFilter < RESTFramework::BaseFilter
   # Filter data according to the request query parameters.
   def get_filtered_data(data)
-    fields = @controller.send(:get_search_fields)
+    fields = @controller.get_search_fields
     search = @controller.request.query_parameters[@controller.class.search_query_param]
 
     # Ensure we use array conditions to prevent SQL injection.

data/lib/rest_framework/routers.rb

@@ -4,7 +4,7 @@ require_relative "utils"
 module ActionDispatch::Routing
   class Mapper
     # Internal interface to get the controller class from the name and current scope.
-    protected def _get_controller_class(name, pluralize: true, fallback_reverse_pluralization: true)
+    def _get_controller_class(name, pluralize: true, fallback_reverse_pluralization: true)
       # Get class name.
       name = name.to_s.camelize  # camelize to leave plural names plural
       name = name.pluralize if pluralize
@@ -38,7 +38,7 @@ module ActionDispatch::Routing
     end
 
     # Interal interface for routing extra actions.
-    protected def _route_extra_actions(actions, &block)
+    def _route_extra_actions(actions, &block)
       actions.each do |action_config|
         action_config[:methods].each do |m|
           public_send(m, action_config[:path], **action_config[:kwargs])
@@ -52,7 +52,7 @@ module ActionDispatch::Routing
     #   not otherwise defined by the controller
     # @param name [Symbol] the resource name, from which path and controller are deduced by default
     # @param skip_undefined [Boolean] whether we should skip routing undefined resourceful actions
-    protected def _rest_resources(default_singular, name, skip_undefined: true, **kwargs, &block)
+    def _rest_resources(default_singular, name, skip_undefined: true, **kwargs, &block)
       controller = kwargs.delete(:controller) || name
       if controller.is_a?(Class)
         controller_class = controller

data/lib/rest_framework/serializers.rb

@@ -43,7 +43,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     @model ||= @object[0].class if
       @many && @object.is_a?(Enumerable) && @object.is_a?(ActiveRecord::Base)
 
-    @model ||= @controller.send(:get_model) if @controller
+    @model ||= @controller.get_model if @controller
   end
 
   # Get controller action, if possible.
@@ -84,57 +84,103 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
   end
 
   # Helper to filter (mutate) a single subconfig for specific keys.
-  def self.filter_subconfig(subconfig, except, additive: false)
-    return subconfig if !subconfig && !additive
-
-    if subconfig.is_a?(Array)
-      subconfig = subconfig.map(&:to_sym)
-      if additive
-        # Only add fields which are not already included.
-        subconfig += except - subconfig
-      else
-        subconfig -= except
+  def self.filter_subcfg(subcfg, except: nil, only: nil, additive: false)
+    return subcfg unless except || only
+    return subcfg unless subcfg || additive
+    raise "Cannot pass `only` and `additive` to filter_subcfg." if only && additive
+
+    if subcfg.is_a?(Array)
+      subcfg = subcfg.map(&:to_sym)
+      if except
+        if additive
+          # Only add fields which are not already included.
+          subcfg += except - subcfg
+        else
+          subcfg -= except
+        end
+      elsif only
+        # Ignore `additive` in an `only` context, since it could causing data leaking.
+        unless additive
+          subcfg.select! { |c| c.in?(only) }
+        end
       end
-    elsif subconfig.is_a?(Hash)
+    elsif subcfg.is_a?(Hash)
       # Additive doesn't make sense in a hash context since we wouldn't know the values.
       unless additive
-        subconfig.symbolize_keys!
-        subconfig.reject! { |k, _v| k.in?(except) }
+        if except
+          subcfg.symbolize_keys!
+          subcfg.reject! { |k, _v| k.in?(except) }
+        elsif only
+          subcfg.symbolize_keys!
+          subcfg.select! { |k, _v| k.in?(only) }
+        end
       end
-    elsif !subconfig
-    else  # Subconfig is a single element (assume string/symbol).
-      subconfig = subconfig.to_sym
-      if subconfig.in?(except)
-        subconfig = [] unless additive
-      elsif additive
-        subconfig = [subconfig, *except]
+    elsif !subcfg
+      if additive && except
+        subcfg = except
+      end
+    else  # Subcfg is a single element (assume string/symbol).
+      subcfg = subcfg.to_sym
+
+      if except
+        if subcfg.in?(except)
+          subcfg = [] unless additive
+        elsif additive
+          subcfg = [subcfg, *except]
+        end
+      elsif only && !additive && !subcfg.in?(only)  # Protect only/additive data-leaking.
+        subcfg = []
       end
     end
 
-    return subconfig
+    return subcfg
   end
 
   # Helper to filter out configuration properties based on the :except query parameter.
-  def filter_except(config)
-    return config unless @controller
+  def filter_except(cfg)
+    return cfg unless @controller
 
-    except_query_param = @controller.class.try(:native_serializer_except_query_param)
-    if except = @controller.request.query_parameters[except_query_param].presence
+    except_param = @controller.class.try(:native_serializer_except_query_param)
+    only_param = @controller.class.try(:native_serializer_only_query_param)
+    if except_param && except = @controller.request.query_parameters[except_param].presence
       except = except.split(",").map(&:strip).map(&:to_sym)
 
       unless except.empty?
-        # Duplicate the config to avoid mutating class state.
-        config = config.deep_dup
+        # Duplicate the cfg to avoid mutating class state.
+        cfg = cfg.deep_dup
 
         # Filter `only`, `except` (additive), `include`, and `methods`.
-        config[:only] = self.class.filter_subconfig(config[:only], except)
-        config[:except] = self.class.filter_subconfig(config[:except], except, additive: true)
-        config[:include] = self.class.filter_subconfig(config[:include], except)
-        config[:methods] = self.class.filter_subconfig(config[:methods], except)
+        if cfg[:only]
+          cfg[:only] = self.class.filter_subcfg(cfg[:only], except: except)
+        else
+          cfg[:except] = self.class.filter_subcfg(cfg[:except], except: except, additive: true)
+        end
+        cfg[:include] = self.class.filter_subcfg(cfg[:include], except: except)
+        cfg[:methods] = self.class.filter_subcfg(cfg[:methods], except: except)
+      end
+    elsif only_param && only = @controller.request.query_parameters[only_param].presence
+      only = only.split(",").map(&:strip).map(&:to_sym)
+
+      unless only.empty?
+        # Duplicate the cfg to avoid mutating class state.
+        cfg = cfg.deep_dup
+
+        # For the `except` part of the serializer, we need to append any columns not in `only`.
+        model = @controller.get_model
+        except_cols = model&.column_names&.map(&:to_sym)&.reject { |c| c.in?(only) }
+
+        # Filter `only`, `except` (additive), `include`, and `methods`.
+        if cfg[:only]
+          cfg[:only] = self.class.filter_subcfg(cfg[:only], only: only)
+        else
+          cfg[:except] = self.class.filter_subcfg(cfg[:except], except: except_cols, additive: true)
+        end
+        cfg[:include] = self.class.filter_subcfg(cfg[:include], only: only)
+        cfg[:methods] = self.class.filter_subcfg(cfg[:methods], only: only)
       end
     end
 
-    return config
+    return cfg
   end
 
   # Get the raw serializer config.
@@ -150,7 +196,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     end
 
     # If the config wasn't determined, build a serializer config from model fields.
-    fields = @controller.send(:get_fields) if @controller
+    fields = @controller.get_fields if @controller
     if fields
       if @model
         columns, methods = fields.partition { |f| f.in?(@model.column_names) }
@@ -168,7 +214,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
 
   # Get a configuration passable to `serializable_hash` for the object, filtered if required.
   def get_serializer_config
-    return filter_except(self._get_raw_serializer_config)
+    return @_serializer_config ||= filter_except(self._get_raw_serializer_config)
   end
 
   def serialize(**kwargs)

data/lib/rest_framework/utils.rb

@@ -37,34 +37,68 @@ module RESTFramework::Utils
     end
   end
 
-  # Helper to get the current route pattern, stripped of the `(:format)` segment.
-  def self.get_route_pattern(application_routes, request)
-    application_routes.router.recognize(request) do |route, _, _|
-      return route.path.spec.to_s.gsub(/\(\.:format\)$/, "")
-    end
+  # Helper to get the first route pattern which matches the given request.
+  def self.get_request_route(application_routes, request)
+    application_routes.router.recognize(request) { |route, _| return route }
+  end
+
+  # Helper to get the route pattern for a route, stripped of the `(:format)` segment.
+  def self.get_route_pattern(route)
+    return route.path.spec.to_s.gsub(/\(\.:format\)$/, "")
   end
 
-  # Helper for showing routes under a controller action, used for the browsable API.
-  def self.get_routes(application_routes, request)
-    current_pattern = self.get_route_pattern(application_routes, request)
-    current_subdomain = request.subdomain.presence
+  # Helper to normalize a path pattern by replacing URL params with generic placeholder, and
+  # removing the `(.:format)` at the end.
+  def self.normalize_path(path)
+    return path.gsub("(.:format)", "").gsub(/:[0-9A-Za-z_-]+/, ":x")
+  end
+
+  # Helper for showing routes under a controller action; used for the browsable API.
+  def self.get_routes(application_routes, request, current_route: nil)
+    current_route ||= self.get_request_route(application_routes, request)
+    current_path = current_route.path.spec.to_s
+    current_levels = current_path.count("/")
+    current_normalized_path = self.normalize_path(current_path)
 
-    # Return routes that match our current route subdomain/pattern, grouped by controller.
+    # Return routes that match our current route subdomain/pattern, grouped by controller. We
+    # precompute certain properties of the route for performance.
     return application_routes.routes.map { |r|
       path = r.path.spec.to_s
+      levels = path.count("/")
+
+      # Show link if the route is GET and our current route has all required URL params.
+      if r.verb == "GET" && r.path.required_names.length == current_route.path.required_names.length
+        show_link_args = current_route.path.required_names.map { |n| request.params[n] }.compact
+      else
+        show_link_args = nil
+      end
+
       {
+        route: r,
         verb: r.verb,
         path: path,
-        action: r.defaults[:action].presence,
+        normalized_path: self.normalize_path(path),
+        relative_path: path.split("/")[current_levels..]&.join("/"),
         controller: r.defaults[:controller].presence,
+        action: r.defaults[:action].presence,
         subdomain: r.defaults[:subdomain].presence,
-        route_app: r.app&.app&.inspect&.presence,
-        _levels: path.count("/"),
+        levels: levels,
+        show_link_args: show_link_args,
       }
     }.select { |r|
-      r[:subdomain] == current_subdomain && r[:path].start_with?(current_pattern)
+      (
+        r[:subdomain] == request.subdomain.presence &&
+        r[:normalized_path].start_with?(current_normalized_path) &&
+        r[:controller] &&
+        r[:action]
+      )
     }.sort_by { |r|
-      [r[:_levels], r[:path], HTTP_METHOD_ORDERING.index(r[:verb]) || 99]
-    }.group_by { |r| r[:controller] }
+      # Sort by levels first, so the routes matching closely with current request show first, then
+      # by the path, and finally by the HTTP verb.
+      [r[:levels], r[:path], HTTP_METHOD_ORDERING.index(r[:verb]) || 99]
+    }.group_by { |r| r[:controller] }.sort_by { |c, _r|
+      # Sort the controller groups by current controller first, then depth, then alphanumerically.
+      [request.params[:controller] == c ? 0 : 1, c.count("/"), c]
+    }.to_h
   end
 end

data/lib/rest_framework/version.rb

@@ -6,19 +6,25 @@ module RESTFramework
     def self.get_version(skip_git: false)
       # First, attempt to get the version from git.
       unless skip_git
-        version = `git describe --dirty --broken 2>/dev/null`&.strip
+        version = `git describe --dirty 2>/dev/null`&.strip
         return version unless !version || version.empty?
       end
 
       # Git failed or was skipped, so try to find a VERSION file.
       begin
         version = File.read(VERSION_FILEPATH)&.strip
-        return version unless !version || version.blank?
+        return version unless !version || version.empty?
       rescue SystemCallError
       end
 
+      # If that fails, then try to get a plain commit SHA from git.
+      unless skip_git
+        version = `git describe --dirty --always`&.strip
+        return "0.#{version}" unless !version || version.empty?
+      end
+
       # No VERSION file, so version is unknown.
-      return "unknown"
+      return "0.unknown"
     end
 
     def self.stamp_version

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rest_framework
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Gregory N. Schmit
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-03-10 00:00:00.000000000 Z
+date: 2022-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails