rest_framework 0.6.9 → 0.6.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b74a4553ac1297795e4bb614e395e6b21a8c3ba18ef11ca36594e76bc51c3aac
-  data.tar.gz: 948044b9b604fe754aad64db509351478d869b298a87d382e19dd3a95eba7087
+  metadata.gz: f2111609983018e956218533467140d0d8fb268cf3830cc722daeb502d1a0fda
+  data.tar.gz: a1c4b5a0255d37afff40e8f4c94f69891cfd50658e9cbd9abee06f915a35e4fc
 SHA512:
-  metadata.gz: 42780202ca53a1e52a6c866e01c0ae428c2f54bafe3c4f2e0f7be599139f3159cade939346f8018ddc4e3b2a4ad37dbbedef5377c97e1df1e84c2f09dbd6a31d
-  data.tar.gz: 6e50a220a25ed28f1f1b0d71fdaf73a1f8fe6caf5c3130779621cb4528a5774008e6c379ad0a98c12132740d962f3dac786f0a17e9691c6b5a7e09586f96bf6e
+  metadata.gz: 5a86179680989af8aa7e6d09886ac8f6d6a8cc295949678d0346411cf73ec22547266b3870c6d489d06bcca641f519edc47ff3b507e37212d8f1a700d18b9126
+  data.tar.gz: 33ef69ba052e03c5da388bbbb2f8ee401d1e925542f4b7e7e87253df466e0150f76d7eadceb64508ffe2cd1361311208e113f6153957dcb79de940831c1cfcd2

data/VERSION

@@ -1 +1 @@
-0.6.9
+0.6.10

data/app/views/layouts/rest_framework.html.erb

@@ -51,6 +51,9 @@
               <% if @route_groups.values[0].any? { |r| r[:matches_path] && r[:verb] == "DELETE" } %>
                 <button type="button" class="btn btn-danger" onclick="rrfDelete(this)">DELETE</button>
               <% end %>
+              <% if @route_groups.values[0].any? { |r| r[:matches_path] && r[:verb] == "OPTIONS" } %>
+                <button type="button" class="btn btn-primary" onclick="rrfOptions(this)">OPTIONS</button>
+              <% end %>
               <button type="button" class="btn btn-primary" onclick="rrfRefresh(this)">GET</button>
             </div>
           </div>
@@ -95,7 +98,10 @@
               <div class="tab-pane fade show active" id="tab-json" role="tab">
                 <% if @json_payload.present? %>
                   <div>
-                    <pre class="rrf-copy"><code class="language-json"><%= JSON.pretty_generate(JSON.parse(@json_payload)) unless @json_payload == '' %></code></pre>
+                    <pre class="rrf-copy"><code class="language-json"><%=
+                      JSON.pretty_generate(
+                        JSON.parse(@json_payload)
+                      ) unless @json_payload == '' %></code></pre>
                   </div>
                 <% end %>
               </div>

data/app/views/rest_framework/_head.html.erb

@@ -57,12 +57,34 @@ code {
 </style>
 
 <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js" integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ" crossorigin="anonymous"></script>
+<script src="https://cdn.jsdelivr.net/npm/neatjson@0.10.5/javascript/neatjson.min.js"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.2.0/highlight.min.js" integrity="sha512-TDKKr+IvoqZnPzc3l35hdjpHD0m+b2EC2SrLEgKDRWpxf2rFCxemkgvJ5kfU48ip+Y+m2XVKyOCD85ybtlZDmw==" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.2.0/languages/json.min.js" integrity="sha512-FoN8JE+WWCdIGXAIT8KQXwpiavz0Mvjtfk7Rku3MDUNO0BDCiRMXAsSX+e+COFyZTcDb9HDgP+pM2RX12d4j+A==" crossorigin="anonymous"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/10.2.0/languages/xml.min.js" integrity="sha512-dICltIgnUP+QSJrnYGCV8943p3qSDgvcg2NU4W8IcOZP4tdrvxlXjbhIznhtVQEcXow0mOjLM0Q6/NvZsmUH4g==" crossorigin="anonymous"></script>
-<script>hljs.initHighlightingOnLoad()</script>
 <script>
-// Helper to replace the document when doing form submission (mainly to support PUT/PATCH/DELETE).
+hljs.initHighlightingOnLoad()
+
+// What to do when document loads.
+document.addEventListener("DOMContentLoaded", (event) => {
+  // Pretty-print JSON.
+  [...document.getElementsByClassName("language-json")].forEach((element, index) => {
+    element.innerHTML = neatJSON(JSON.parse(element.innerHTML), {
+      wrap: 80,
+      afterComma: 1,
+      afterColon: 1,
+    })
+  });
+
+  // Insert copy link and callback to copy contents of `<code>` element.
+  [...document.getElementsByClassName("rrf-copy")].forEach((element, index) => {
+    element.insertAdjacentHTML(
+      "afterbegin",
+      "<a class=\"rrf-copy-link\" onclick=\"return rrfCopyToClipboard(this)\" href=\"#\">Copy to Clipboard</a>",
+    )
+  })
+})
+
+// Replace the document when doing form submission (mainly to support PUT/PATCH/DELETE).
 function rrfReplaceDocument(content) {
   // Replace the document with provided content.
   document.open()
@@ -73,7 +95,7 @@ function rrfReplaceDocument(content) {
   document.dispatchEvent(new Event("DOMContentLoaded", {bubbles: true, cancelable: true}))
 }
 
-// Helper to copy the element's next `<code>` sibling's content to the clipboard.
+// Copy the element's next `<code>` sibling's content to the clipboard.
 function rrfCopyToClipboard(element) {
   let range = document.createRange()
   range.selectNode(element.nextSibling)
@@ -93,29 +115,25 @@ function rrfCopyToClipboard(element) {
   return false
 }
 
-// Insert copy link and callback to copy contents of `<code>` element.
-document.addEventListener("DOMContentLoaded", (event) => {
-  [...document.getElementsByClassName("rrf-copy")].forEach((element, index) => {
-    element.insertAdjacentHTML(
-      "afterbegin",
-      "<a class=\"rrf-copy-link\" onclick=\"return rrfCopyToClipboard(this)\" href=\"#\">Copy to Clipboard</a>",
-    )
-  })
-})
-
-// Helper to refresh the window.
+// Refresh the window.
 function rrfRefresh(button) {
   button.disabled = true
   window.location.reload()
 }
 
-// Helper to call `DELETE` on the current path.
+// Call `DELETE` on the current path.
 function rrfDelete(button) {
   button.disabled = true
   rrfAPICall(window.location.pathname, "DELETE")
 }
 
-// Helper to submit the raw form.
+// Call `OPTIONS` on the current path.
+function rrfOptions(button) {
+  button.disabled = true
+  rrfAPICall(window.location.pathname, "OPTIONS")
+}
+
+// Submit the raw form.
 function rrfSubmitRawForm(button) {
   button.disabled = true
 
@@ -128,7 +146,7 @@ function rrfSubmitRawForm(button) {
   rrfAPICall(path, method, {body, headers: {"Content-Type": media_type}})
 }
 
-// Helper to make an HTML API call and replace the document with the response.
+// Make an HTML API call and replace the document with the response.
 function rrfAPICall(path, method, kwargs={}) {
   const headers = kwargs.headers || {}
   delete kwargs.headers

data/lib/rest_framework/controller_mixins/base.rb

@@ -12,87 +12,123 @@ module RESTFramework::BaseControllerMixin
   end
 
   module ClassMethods
-    # Helper to get the actions that should be skipped.
-    def get_skip_actions(skip_undefined: true)
-      # First, skip explicitly skipped actions.
-      skip = self.skip_actions || []
-
-      # Now add methods which don't exist, since we don't want to route those.
-      if skip_undefined
-        [:index, :new, :create, :show, :edit, :update, :destroy].each do |a|
-          skip << a unless self.method_defined?(a)
-        end
+    # Collect actions (including extra actions) metadata for this controller.
+    def get_actions_metadata
+      actions = {}
+
+      # Start with builtin actions.
+      RESTFramework::BUILTIN_ACTIONS.merge(
+        RESTFramework::RRF_BUILTIN_ACTIONS,
+      ).each do |action, methods|
+        actions[action] = {path: "", methods: methods}
+      end
+
+      # Add extra actions.
+      if extra_actions = self.try(:extra_actions)
+        actions.merge!(RESTFramework::Utils.parse_extra_actions(extra_actions))
       end
 
-      return skip
+      return actions
     end
-  end
 
-  def self.included(base)
-    if base.is_a?(Class)
-      base.extend(ClassMethods)
+    # Collect member actions (including extra member actions) metadata for this controller.
+    def get_member_actions_metadata
+      actions = {}
 
-      # Add class attributes (with defaults) unless they already exist.
-      {
-        filter_pk_from_request_body: true,
-        exclude_body_fields: [:created_at, :created_by, :updated_at, :updated_by],
-        accept_generic_params_as_body_params: false,
-        show_backtrace: false,
-        extra_actions: nil,
-        extra_member_actions: nil,
-        filter_backends: nil,
-        singleton_controller: nil,
-        skip_actions: nil,
-
-        # Options related to serialization.
-        rescue_unknown_format_with: :json,
-        serializer_class: nil,
-        serialize_to_json: true,
-        serialize_to_xml: true,
-
-        # Options related to pagination.
-        paginator_class: nil,
-        page_size: 20,
-        page_query_param: "page",
-        page_size_query_param: "page_size",
-        max_page_size: nil,
-
-        # Option to disable serializer adapters by default, mainly introduced because Active Model
-        # Serializers will do things like serialize `[]` into `{"":[]}`.
-        disable_adapters_by_default: true,
-      }.each do |a, default|
-        next if base.respond_to?(a)
-
-        base.class_attribute(a)
-
-        # Set default manually so we can still support Rails 4. Maybe later we can use the default
-        # parameter on `class_attribute`.
-        base.send(:"#{a}=", default)
+      # Start with builtin actions.
+      RESTFramework::BUILTIN_MEMBER_ACTIONS.each do |action, methods|
+        actions[action] = {path: "", methods: methods}
       end
 
-      # Alias `extra_actions` to `extra_collection_actions`.
-      unless base.respond_to?(:extra_collection_actions)
-        base.alias_method(:extra_collection_actions, :extra_actions)
-        base.alias_method(:extra_collection_actions=, :extra_actions=)
+      # Add extra actions.
+      if extra_actions = self.try(:extra_member_actions)
+        actions.merge!(RESTFramework::Utils.parse_extra_actions(extra_actions))
       end
 
-      # Skip csrf since this is an API.
-      begin
-        base.skip_before_action(:verify_authenticity_token)
-      rescue
-        nil
-      end
+      return actions
+    end
+
+    # Get a hash of metadata to be rendered in the `OPTIONS` response. Cache the result.
+    def get_options_metadata
+      return @_base_options_metadata ||= {
+        name: self.metadata&.name || self.controller_name.titleize,
+        description: self.metadata&.description,
+        renders: [
+          "text/html",
+          self.serialize_to_json ? "application/json" : nil,
+          self.serialize_to_xml ? "application/xml" : nil,
+        ].compact,
+        actions: self.get_actions_metadata,
+        member_actions: self.get_member_actions_metadata,
+      }.compact
+    end
+  end
 
-      # Handle some common exceptions.
-      base.rescue_from(ActiveRecord::RecordNotFound, with: :record_not_found)
-      base.rescue_from(ActiveRecord::RecordInvalid, with: :record_invalid)
-      base.rescue_from(ActiveRecord::RecordNotSaved, with: :record_not_saved)
-      base.rescue_from(ActiveRecord::RecordNotDestroyed, with: :record_not_destroyed)
-      base.rescue_from(ActiveModel::UnknownAttributeError, with: :unknown_attribute_error)
+  def self.included(base)
+    return unless base.is_a?(Class)
+
+    base.extend(ClassMethods)
+
+    # Add class attributes (with defaults) unless they already exist.
+    {
+      filter_pk_from_request_body: true,
+      exclude_body_fields: [:created_at, :created_by, :updated_at, :updated_by],
+      accept_generic_params_as_body_params: false,
+      show_backtrace: false,
+      extra_actions: nil,
+      extra_member_actions: nil,
+      filter_backends: nil,
+      singleton_controller: nil,
+      metadata: nil,
+
+      # Options related to serialization.
+      rescue_unknown_format_with: :json,
+      serializer_class: nil,
+      serialize_to_json: true,
+      serialize_to_xml: true,
+
+      # Options related to pagination.
+      paginator_class: nil,
+      page_size: 20,
+      page_query_param: "page",
+      page_size_query_param: "page_size",
+      max_page_size: nil,
+
+      # Option to disable serializer adapters by default, mainly introduced because Active Model
+      # Serializers will do things like serialize `[]` into `{"":[]}`.
+      disable_adapters_by_default: true,
+    }.each do |a, default|
+      next if base.respond_to?(a)
+
+      base.class_attribute(a)
+
+      # Set default manually so we can still support Rails 4. Maybe later we can use the default
+      # parameter on `class_attribute`.
+      base.send(:"#{a}=", default)
+    end
+
+    # Alias `extra_actions` to `extra_collection_actions`.
+    unless base.respond_to?(:extra_collection_actions)
+      base.alias_method(:extra_collection_actions, :extra_actions)
+      base.alias_method(:extra_collection_actions=, :extra_actions=)
+    end
+
+    # Skip CSRF since this is an API.
+    begin
+      base.skip_before_action(:verify_authenticity_token)
+    rescue
+      nil
     end
+
+    # Handle some common exceptions.
+    base.rescue_from(ActiveRecord::RecordNotFound, with: :record_not_found)
+    base.rescue_from(ActiveRecord::RecordInvalid, with: :record_invalid)
+    base.rescue_from(ActiveRecord::RecordNotSaved, with: :record_not_saved)
+    base.rescue_from(ActiveRecord::RecordNotDestroyed, with: :record_not_destroyed)
+    base.rescue_from(ActiveModel::UnknownAttributeError, with: :unknown_attribute_error)
   end
 
-  # Helper to get the configured serializer class.
+  # Get the configured serializer class.
   def get_serializer_class
     return nil unless serializer_class = self.class.serializer_class
 
@@ -110,17 +146,17 @@ module RESTFramework::BaseControllerMixin
     return serializer_class
   end
 
-  # Helper to serialize data using the `serializer_class`.
+  # Serialize the given data using the `serializer_class`.
   def serialize(data, **kwargs)
     return self.get_serializer_class.new(data, controller: self, **kwargs).serialize
   end
 
-  # Helper to get filtering backends, defaulting to no backends.
+  # Get filtering backends, defaulting to no backends.
   def get_filter_backends
     return self.class.filter_backends || []
   end
 
-  # Helper to filter an arbitrary data set over all configured filter backends.
+  # Filter an arbitrary data set over all configured filter backends.
   def get_filtered_data(data)
     self.get_filter_backends.each do |filter_class|
       filter = filter_class.new(controller: self)
@@ -130,6 +166,10 @@ module RESTFramework::BaseControllerMixin
     return data
   end
 
+  def get_options_metadata
+    return self.class.get_options_metadata
+  end
+
   def record_invalid(e)
     return api_response(
       {
@@ -229,7 +269,7 @@ module RESTFramework::BaseControllerMixin
             @xml_payload = payload.to_xml if self.class.serialize_to_xml
           end
           @template_logo_text ||= "Rails REST Framework"
-          @title ||= self.controller_name.camelize
+          @title ||= self.controller_name.titleize
           @route_props, @route_groups = RESTFramework::Utils.get_routes(
             Rails.application.routes, request
           )
@@ -253,4 +293,9 @@ module RESTFramework::BaseControllerMixin
       end
     end
   end
+
+  # Provide a generic `OPTIONS` response with metadata such as available actions.
+  def options
+    return api_response(self.get_options_metadata)
+  end
 end

data/lib/rest_framework/controller_mixins/models.rb

@@ -5,56 +5,212 @@ require_relative "../filters"
 module RESTFramework::BaseModelControllerMixin
   include RESTFramework::BaseControllerMixin
 
+  module ClassMethods
+    IGNORE_VALIDATORS_WITH_KEYS = [:if, :unless]
+
+    # Get the model for this controller.
+    def get_model(from_get_recordset: false)
+      return @model if @model
+      return (@model = self.model) if self.model
+
+      # Delegate to the recordset's model, if it's defined.
+      unless from_get_recordset  # Prevent infinite recursion.
+        if (recordset = self.new.get_recordset)
+          return @model = recordset.klass
+        end
+      end
+
+      # Try to determine model from controller name.
+      begin
+        return @model = self.name.demodulize.match(/(.*)Controller/)[1].singularize.constantize
+      rescue NameError
+      end
+
+      return nil
+    end
+
+    # Get metadata about the resource's fields.
+    def get_fields_metadata(fields: nil)
+      # Get metadata sources.
+      model = self.get_model
+      fields ||= self.fields || model&.column_names || []
+      fields = fields.map(&:to_s)
+      columns = model&.columns_hash
+      column_defaults = model&.column_defaults
+      attributes = model&._default_attributes
+
+      return fields.map { |f|
+        # Initialize metadata to make the order consistent.
+        metadata = {
+          type: nil, kind: nil, label: nil, primary_key: nil, required: nil, read_only: nil
+        }
+
+        # Determine `primary_key` based on model.
+        if model&.primary_key == f
+          metadata[:primary_key] = true
+        end
+
+        # Determine `type`, `required`, `label`, and `kind` based on schema.
+        if column = columns[f]
+          metadata[:type] = column.type
+          metadata[:required] = true unless column.null
+          metadata[:label] = column.human_name.instance_eval { |n| n == "Id" ? "ID" : n }
+          metadata[:kind] = "column"
+        end
+
+        # Determine `default` based on schema; we use `column_defaults` rather than `columns_hash`
+        # because these are casted to the proper type.
+        column_default = column_defaults[f]
+        unless column_default.nil?
+          metadata[:default] = column_default
+        end
+
+        # Determine `default` and `kind` based on attribute only if not determined by the DB.
+        if attributes.key?(f) && attribute = attributes[f]
+          unless metadata.key?(:default)
+            default = attribute.value_before_type_cast
+            metadata[:default] = default unless default.nil?
+          end
+
+          unless metadata[:kind]
+            metadata[:kind] = "attribute"
+          end
+        end
+
+        # Determine if `kind` is a association or method if not determined already.
+        unless metadata[:kind]
+          if association = model.reflections[f]
+            metadata[:kind] = "association.#{association.macro}"
+          elsif model.method_defined?(f)
+            metadata[:kind] = "method"
+          end
+        end
+
+        # Collect validator options into a hash on their type, while also updating `required` based
+        # on any presence validators.
+        model.validators_on(f).each do |validator|
+          kind = validator.kind
+          options = validator.options
+
+          # Reject validator if it includes keys like `:if` and `:unless` because those are
+          # conditionally applied in a way that is not feasible to communicate via the API.
+          next if IGNORE_VALIDATORS_WITH_KEYS.any? { |k| options.key?(k) }
+
+          # Update `required` if we find a presence validator.
+          metadata[:required] = true if kind == :presence
+
+          metadata[:validators] ||= {}
+          metadata[:validators][kind] ||= []
+          metadata[:validators][kind] << options
+        end
+
+        next [f, metadata.compact]
+      }.to_h
+    end
+
+    # Get a hash of metadata to be rendered in the `OPTIONS` response. Cache the result.
+    def get_options_metadata(fields: nil)
+      return super().merge(
+        {
+          fields: self.get_fields_metadata(fields: fields),
+        },
+      )
+    end
+  end
+
   def self.included(base)
-    if base.is_a?(Class)
-      RESTFramework::BaseControllerMixin.included(base)
-
-      # Add class attributes (with defaults) unless they already exist.
-      {
-        # Core attributes related to models.
-        model: nil,
-        recordset: nil,
-
-        # Attributes for configuring record fields.
-        fields: nil,
-        action_fields: nil,
-
-        # Attributes for finding records.
-        find_by_fields: nil,
-        find_by_query_param: "find_by",
-
-        # Attributes for create/update parameters.
-        allowed_parameters: nil,
-        allowed_action_parameters: nil,
-
-        # Attributes for the default native serializer.
-        native_serializer_config: nil,
-        native_serializer_singular_config: nil,
-        native_serializer_plural_config: nil,
-        native_serializer_only_query_param: "only",
-        native_serializer_except_query_param: "except",
-
-        # Attributes for default model filtering (and ordering).
-        filterset_fields: nil,
-        ordering_fields: nil,
-        ordering_query_param: "ordering",
-        ordering_no_reorder: false,
-        search_fields: nil,
-        search_query_param: "search",
-        search_ilike: false,
-
-        # Other misc attributes.
-        create_from_recordset: true,  # Option for `recordset.create` vs `Model.create` behavior.
-        filter_recordset_before_find: true,  # Option to control if filtering is done before find.
-      }.each do |a, default|
-        next if base.respond_to?(a)
-
-        base.class_attribute(a)
-
-        # Set default manually so we can still support Rails 4. Maybe later we can use the default
-        # parameter on `class_attribute`.
-        base.send(:"#{a}=", default)
+    return unless base.is_a?(Class)
+
+    RESTFramework::BaseControllerMixin.included(base)
+    base.extend(ClassMethods)
+
+    # Add class attributes (with defaults) unless they already exist.
+    {
+      # Core attributes related to models.
+      model: nil,
+      recordset: nil,
+
+      # Attributes for configuring record fields.
+      fields: nil,
+      action_fields: nil,
+      metadata_fields: nil,
+
+      # Attributes for finding records.
+      find_by_fields: nil,
+      find_by_query_param: "find_by",
+
+      # Attributes for create/update parameters.
+      allowed_parameters: nil,
+      allowed_action_parameters: nil,
+
+      # Attributes for the default native serializer.
+      native_serializer_config: nil,
+      native_serializer_singular_config: nil,
+      native_serializer_plural_config: nil,
+      native_serializer_only_query_param: "only",
+      native_serializer_except_query_param: "except",
+
+      # Attributes for default model filtering, ordering, and searching.
+      filterset_fields: nil,
+      ordering_fields: nil,
+      ordering_query_param: "ordering",
+      ordering_no_reorder: false,
+      search_fields: nil,
+      search_query_param: "search",
+      search_ilike: false,
+
+      # Other misc attributes.
+      create_from_recordset: true,  # Option for `recordset.create` vs `Model.create` behavior.
+      filter_recordset_before_find: true,  # Control if filtering is done before find.
+    }.each do |a, default|
+      next if base.respond_to?(a)
+
+      base.class_attribute(a)
+
+      # Set default manually so we can still support Rails 4. Maybe later we can use the default
+      # parameter on `class_attribute`.
+      base.send(:"#{a}=", default)
+    end
+
+    # Actions to run at the end of the class definition.
+    TracePoint.trace(:end) do |t|
+      next if base != t.self
+
+      # Delegate extra actions.
+      base.extra_actions&.each do |action, config|
+        next unless config.is_a?(Hash) && config[:delegate]
+
+        base.define_method(action) do
+          model = self.class.get_model
+          next unless model.respond_to?(action)
+
+          if model.method(action).parameters.last&.first == :keyrest
+            return api_response(model.send(action, **params))
+          else
+            return api_response(model.send(action))
+          end
+        end
       end
+
+      # Delegate extra member actions.
+      base.extra_member_actions&.each do |action, config|
+        next unless config.is_a?(Hash) && config[:delegate]
+
+        base.define_method(action) do
+          record = self.get_record
+          next unless record.respond_to?(action)
+
+          if record.method(action).parameters.last&.first == :keyrest
+            return api_response(record.send(action, **params))
+          else
+            return api_response(record.send(action))
+          end
+        end
+      end
+
+      # It's important to disable the trace once we've found the end of the base class definition,
+      # for performance.
+      t.disable
     end
   end
 
@@ -75,33 +231,25 @@ module RESTFramework::BaseModelControllerMixin
     fields = _get_specific_action_config(:action_fields, :fields)
 
     if fallback
-      fields ||= self.get_model&.column_names || []
+      fields ||= self.class.get_model&.column_names || []
     end
 
     return fields
   end
 
-  # Get a list of find_by fields for the current action.
-  def get_find_by_fields
-    return self.class.find_by_fields || self.get_fields
-  end
-
-  # Get a list of find_by fields for the current action. Default to the model column names.
-  def get_filterset_fields
-    return self.class.filterset_fields || self.get_fields(fallback: true)
-  end
-
-  # Get a list of ordering fields for the current action.
-  def get_ordering_fields
-    return self.class.ordering_fields || self.get_fields
+  # Pass fields to get dynamic metadata based on which fields are available.
+  def get_options_metadata
+    return self.class.get_options_metadata(fields: self.get_fields(fallback: true))
   end
 
-  # Get a list of search fields for the current action. Default to the model column names.
-  def get_search_fields
-    return self.class.search_fields || self.get_fields(fallback: true)
+  # Get a list of find_by fields for the current action. Do not fallback to columns in case the user
+  # wants to find by virtual columns.
+  def get_find_by_fields
+    return self.class.find_by_fields || self.get_fields
   end
 
-  # Get a list of parameters allowed for the current action.
+  # Get a list of parameters allowed for the current action. By default we do not fallback to
+  # columns so arbitrary fields can be submitted if no fields are defined.
   def get_allowed_parameters
     return _get_specific_action_config(
       :allowed_action_parameters,
@@ -143,7 +291,7 @@ module RESTFramework::BaseModelControllerMixin
 
     # Filter primary key if configured.
     if self.class.filter_pk_from_request_body
-      body_params.delete(self.get_model&.primary_key)
+      body_params.delete(self.class.get_model&.primary_key)
     end
 
     # Filter fields in exclude_body_fields.
@@ -154,27 +302,6 @@ module RESTFramework::BaseModelControllerMixin
   alias_method :get_create_params, :get_body_params
   alias_method :get_update_params, :get_body_params
 
-  # Get the model for this controller.
-  def get_model(from_get_recordset: false)
-    return @model if instance_variable_defined?(:@model) && @model
-    return (@model = self.class.model) if self.class.model
-
-    # Delegate to the recordset's model, if it's defined.
-    unless from_get_recordset  # prevent infinite recursion
-      if (recordset = self.get_recordset)
-        return @model = recordset.klass
-      end
-    end
-
-    # Try to determine model from controller name.
-    begin
-      return @model = self.class.name.demodulize.match(/(.*)Controller/)[1].singularize.constantize
-    rescue NameError
-    end
-
-    return nil
-  end
-
   # Get the set of records this controller has access to. The return value is cached and exposed to
   # the view as the `@recordset` instance variable.
   def get_recordset
@@ -182,7 +309,7 @@ module RESTFramework::BaseModelControllerMixin
     return (@recordset = self.class.recordset) if self.class.recordset
 
     # If there is a model, return that model's default scope (all records by default).
-    if (model = self.get_model(from_get_recordset: true))
+    if (model = self.class.get_model(from_get_recordset: true))
       return @recordset = model.all
     end
 
@@ -203,7 +330,7 @@ module RESTFramework::BaseModelControllerMixin
     return @record if instance_variable_defined?(:@record)
 
     recordset = self.get_recordset
-    find_by_key = self.get_model.primary_key
+    find_by_key = self.class.get_model.primary_key
 
     # Find by another column if it's permitted.
     if find_by_param = self.class.find_by_query_param.presence
@@ -276,7 +403,7 @@ module RESTFramework::CreateModelMixin
       return self.get_recordset.except(:select).create!(self.get_create_params)
     else
       # Otherwise, perform a "bare" create.
-      return self.get_model.create!(self.get_create_params)
+      return self.class.get_model.create!(self.get_create_params)
     end
   end
 end
@@ -313,9 +440,9 @@ module RESTFramework::ReadOnlyModelControllerMixin
   include RESTFramework::BaseModelControllerMixin
 
   def self.included(base)
-    if base.is_a?(Class)
-      RESTFramework::BaseModelControllerMixin.included(base)
-    end
+    return unless base.is_a?(Class)
+
+    RESTFramework::BaseModelControllerMixin.included(base)
   end
 
   include RESTFramework::ListModelMixin
@@ -327,9 +454,9 @@ module RESTFramework::ModelControllerMixin
   include RESTFramework::BaseModelControllerMixin
 
   def self.included(base)
-    if base.is_a?(Class)
-      RESTFramework::BaseModelControllerMixin.included(base)
-    end
+    return unless base.is_a?(Class)
+
+    RESTFramework::BaseModelControllerMixin.included(base)
   end
 
   include RESTFramework::ListModelMixin

data/lib/rest_framework/filters.rb

@@ -11,10 +11,16 @@ end
 # A simple filtering backend that supports filtering a recordset based on fields defined on the
 # controller class.
 class RESTFramework::ModelFilter < RESTFramework::BaseFilter
+  # Get a list of filterset fields for the current action. Fallback to columns because we don't want
+  # to try filtering by any query parameter because that could clash with other query parameters.
+  def _get_fields
+    return @controller.class.filterset_fields || @controller.get_fields(fallback: true)
+  end
+
   # Filter params for keys allowed by the current action's filterset_fields/fields config.
   def _get_filter_params
     # Map filterset fields to strings because query parameter keys are strings.
-    if fields = @controller.get_filterset_fields&.map(&:to_s)
+    if fields = self._get_fields.map(&:to_s)
       return @controller.request.query_parameters.select { |p, _| fields.include?(p) }
     end
 
@@ -34,15 +40,21 @@ end
 
 # A filter backend which handles ordering of the recordset.
 class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
+  # Get a list of ordering fields for the current action. Do not fallback to columns in case the
+  # user wants to order by a virtual column.
+  def _get_fields
+    return @controller.class.ordering_fields || @controller.get_fields
+  end
+
   # Convert ordering string to an ordering configuration.
   def _get_ordering
     return nil if @controller.class.ordering_query_param.blank?
 
     # Ensure ordering_fields are strings since the split param will be strings.
-    ordering_fields = @controller.get_ordering_fields&.map(&:to_s)
+    fields = self._get_fields&.map(&:to_s)
     order_string = @controller.params[@controller.class.ordering_query_param]
 
-    unless order_string.blank?
+    if order_string.present? && fields
       ordering = {}.with_indifferent_access
       order_string.split(",").each do |field|
         if field[0] == "-"
@@ -52,7 +64,7 @@ class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
           column = field
           direction = :asc
         end
-        if !ordering_fields || column.in?(ordering_fields)
+        if !fields || column.in?(fields)
           ordering[column] = direction
         end
       end
@@ -77,13 +89,19 @@ end
 
 # Multi-field text searching on models.
 class RESTFramework::ModelSearchFilter < RESTFramework::BaseFilter
+  # Get a list of search fields for the current action. Fallback to columns because we need an
+  # explicit list of columns to search on, so `nil` is useless in this context.
+  def _get_fields
+    return @controller.class.search_fields || @controller.get_fields(fallback: true)
+  end
+
   # Filter data according to the request query parameters.
   def get_filtered_data(data)
-    fields = @controller.get_search_fields
+    fields = self._get_fields
     search = @controller.request.query_parameters[@controller.class.search_query_param]
 
     # Ensure we use array conditions to prevent SQL injection.
-    unless search.blank?
+    if search.present? && !fields.empty?
       return data.where(
         fields.map { |f|
           "CAST(#{f} AS VARCHAR) #{@controller.class.search_ilike ? "ILIKE" : "LIKE"} ?"

data/lib/rest_framework/routers.rb

@@ -39,9 +39,9 @@ module ActionDispatch::Routing
 
     # Interal interface for routing extra actions.
     def _route_extra_actions(actions, &block)
-      actions.each do |action_config|
-        action_config[:methods].each do |m|
-          public_send(m, action_config[:path], **action_config[:kwargs])
+      actions.each do |action, config|
+        config[:methods].each do |m|
+          public_send(m, config[:path], action: action, **(config[:kwargs] || {}))
         end
         yield if block_given?
       end
@@ -51,8 +51,7 @@ module ActionDispatch::Routing
     # @param default_singular [Boolean] the default plurality of the resource if the plurality is
     #   not otherwise defined by the controller
     # @param name [Symbol] the resource name, from which path and controller are deduced by default
-    # @param skip_undefined [Boolean] whether we should skip routing undefined resourceful actions
-    def _rest_resources(default_singular, name, skip_undefined: true, **kwargs, &block)
+    def _rest_resources(default_singular, name, **kwargs, &block)
       controller = kwargs.delete(:controller) || name
       if controller.is_a?(Class)
         controller_class = controller
@@ -63,6 +62,9 @@ module ActionDispatch::Routing
       # Set controller if it's not explicitly set.
       kwargs[:controller] = name unless kwargs[:controller]
 
+      # Passing `unscoped: true` will prevent a nested resource from being scoped.
+      unscoped = kwargs.delete(:unscoped)
+
       # Determine plural/singular resource.
       force_singular = kwargs.delete(:force_singular)
       force_plural = kwargs.delete(:force_plural)
@@ -78,24 +80,39 @@ module ActionDispatch::Routing
       resource_method = singular ? :resource : :resources
 
       # Call either `resource` or `resources`, passing appropriate modifiers.
-      skip_undefined = kwargs.delete(:skip_undefined) || true
-      skip = controller_class.get_skip_actions(skip_undefined: skip_undefined)
+      skip = RESTFramework::Utils.get_skipped_builtin_actions(controller_class)
       public_send(resource_method, name, except: skip, **kwargs) do
         if controller_class.respond_to?(:extra_member_actions)
           member do
-            actions = RESTFramework::Utils.parse_extra_actions(
-              controller_class.extra_member_actions,
+            self._route_extra_actions(
+              RESTFramework::Utils.parse_extra_actions(controller_class.extra_member_actions),
             )
-            self._route_extra_actions(actions)
           end
         end
 
         collection do
-          actions = RESTFramework::Utils.parse_extra_actions(controller_class.extra_actions)
-          self._route_extra_actions(actions)
+          # Route extra controller-defined actions.
+          self._route_extra_actions(
+            RESTFramework::Utils.parse_extra_actions(controller_class.extra_actions),
+          )
+
+          # Route extra RRF-defined actions.
+          RESTFramework::RRF_BUILTIN_ACTIONS.each do |action, methods|
+            next unless controller_class.method_defined?(action)
+
+            [methods].flatten.each do |m|
+              public_send(m, "", action: action) if self.respond_to?(m)
+            end
+          end
         end
 
-        yield if block_given?
+        if unscoped
+          yield if block_given?
+        else
+          scope(module: name, as: name) do
+            yield if block_given?
+          end
+        end
       end
     end
 
@@ -126,15 +143,39 @@ module ActionDispatch::Routing
       # Set controller if it's not explicitly set.
       kwargs[:controller] = name unless kwargs[:controller]
 
+      # Passing `unscoped: true` will prevent a nested resource from being scoped.
+      unscoped = kwargs.delete(:unscoped)
+
       # Route actions using the resourceful router, but skip all builtin actions.
-      actions = RESTFramework::Utils.parse_extra_actions(controller_class.extra_actions)
       public_send(:resource, name, only: [], **kwargs) do
         # Route a root for this resource.
         if route_root_to
           get("", action: route_root_to)
         end
 
-        self._route_extra_actions(actions, &block)
+        collection do
+          # Route extra controller-defined actions.
+          self._route_extra_actions(
+            RESTFramework::Utils.parse_extra_actions(controller_class.extra_actions),
+          )
+
+          # Route extra RRF-defined actions.
+          RESTFramework::RRF_BUILTIN_ACTIONS.each do |action, methods|
+            next unless controller_class.method_defined?(action)
+
+            [methods].flatten.each do |m|
+              public_send(m, "", action: action) if self.respond_to?(m)
+            end
+          end
+        end
+
+        if unscoped
+          yield if block_given?
+        else
+          scope(module: name, as: name) do
+            yield if block_given?
+          end
+        end
       end
     end
 

data/lib/rest_framework/serializers.rb

@@ -61,7 +61,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     @model ||= @object[0].class if
       @many && @object.is_a?(Enumerable) && @object.is_a?(ActiveRecord::Base)
 
-    @model ||= @controller.get_model if @controller
+    @model ||= @controller.class.get_model if @controller
   end
 
   # Get controller action, if possible.
@@ -182,7 +182,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
           cfg[:only] = self.class.filter_subcfg(cfg[:only], fields: only, only: true)
         elsif cfg[:except]
           # For the `except` part of the serializer, we need to append any columns not in `only`.
-          model = @controller.get_model
+          model = @controller.class.get_model
           except_cols = model&.column_names&.map(&:to_sym)&.reject { |c| c.in?(only) }
           cfg[:except] = self.class.filter_subcfg(cfg[:except], fields: except_cols, add: true)
         else
@@ -216,14 +216,24 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     if fields = @controller&.get_fields
       fields = fields.deep_dup
 
+      columns = []
+      includes = []
+      methods = []
       if @model
-        columns, methods = fields.partition { |f| f.in?(@model.column_names) }
+        fields.each do |f|
+          if f.in?(@model.column_names)
+            columns << f
+          elsif @model.reflections.key?(f)
+            includes << f
+          elsif @model.method_defined?(f)
+            methods << f
+          end
+        end
       else
         columns = fields
-        methods = []
       end
 
-      return {only: columns, methods: methods}
+      return {only: columns, include: includes, methods: methods}
     end
 
     # By default, pass an empty configuration, allowing the serialization of all columns.

data/lib/rest_framework/utils.rb

@@ -1,11 +1,9 @@
 module RESTFramework::Utils
-  HTTP_METHOD_ORDERING = %w(GET POST PUT PATCH DELETE)
+  HTTP_METHOD_ORDERING = %w(GET POST PUT PATCH DELETE OPTIONS HEAD)
 
-  # Helper to take extra_actions hash and convert to a consistent format:
-  # `{paths:, methods:, kwargs:}`.
+  # Convert `extra_actions` hash to a consistent format: `{path:, methods:, kwargs:}`.
   def self.parse_extra_actions(extra_actions)
-    return (extra_actions || {}).map do |k, v|
-      kwargs = {action: k}
+    return (extra_actions || {}).map { |k, v|
       path = k
 
       # Convert structure to path/methods/kwargs.
@@ -25,30 +23,38 @@ module RESTFramework::Utils
         end
 
         # Pass any further kwargs to the underlying Rails interface.
-        kwargs = kwargs.merge(v)
+        kwargs = v.presence&.except(:delegate)
       elsif v.is_a?(Symbol) || v.is_a?(String)
         methods = [v]
       else
         methods = v
       end
 
-      # Return a hash with keys: :path, :methods, :kwargs.
-      {path: path, methods: methods, kwargs: kwargs}
+      [k, {path: path, methods: methods, kwargs: kwargs}.compact]
+    }.to_h
+  end
+
+  # Get actions which should be skipped for a given controller.
+  def self.get_skipped_builtin_actions(controller_class)
+    return (
+      RESTFramework::BUILTIN_ACTIONS.keys + RESTFramework::BUILTIN_MEMBER_ACTIONS.keys
+    ).reject do |action|
+      controller_class.method_defined?(action)
     end
   end
 
-  # Helper to get the first route pattern which matches the given request.
+  # Get the first route pattern which matches the given request.
   def self.get_request_route(application_routes, request)
     application_routes.router.recognize(request) { |route, _| return route }
   end
 
-  # Helper to normalize a path pattern by replacing URL params with generic placeholder, and
-  # removing the `(.:format)` at the end.
+  # Normalize a path pattern by replacing URL params with generic placeholder, and removing the
+  # `(.:format)` at the end.
   def self.comparable_path(path)
     return path.gsub("(.:format)", "").gsub(/:[0-9A-Za-z_-]+/, ":x")
   end
 
-  # Helper for showing routes under a controller action; used for the browsable API.
+  # Show routes under a controller action; used for the browsable API.
   def self.get_routes(application_routes, request, current_route: nil)
     current_route ||= self.get_request_route(application_routes, request)
     current_path = current_route.path.spec.to_s.gsub("(.:format)", "")

data/lib/rest_framework.rb

@@ -1,12 +1,27 @@
 module RESTFramework
+  BUILTIN_ACTIONS = {
+    index: :get,
+    new: :get,
+    create: :post,
+  }.freeze
+  BUILTIN_MEMBER_ACTIONS = {
+    show: :get,
+    edit: :get,
+    update: [:put, :patch],
+    destroy: :delete,
+  }.freeze
+  RRF_BUILTIN_ACTIONS = {
+    options: :options,
+  }.freeze
 end
 
 require_relative "rest_framework/controller_mixins"
 require_relative "rest_framework/engine"
 require_relative "rest_framework/errors"
 require_relative "rest_framework/filters"
+require_relative "rest_framework/generators"
 require_relative "rest_framework/paginators"
 require_relative "rest_framework/routers"
 require_relative "rest_framework/serializers"
+require_relative "rest_framework/utils"
 require_relative "rest_framework/version"
-require_relative "rest_framework/generators"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rest_framework
 version: !ruby/object:Gem::Version
-  version: 0.6.9
+  version: 0.6.10
 platform: ruby
 authors:
 - Gregory N. Schmit
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-12-20 00:00:00.000000000 Z
+date: 2022-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails