rest_framework 0.7.8 → 0.7.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e5c7efedb6af2b7a589a2b3f7cedd600f9851bb4ba6be334465285f052e961ed
-  data.tar.gz: e14be403f25acf8e17ba54e324ec7b13e838a28b171e4866fcbb287b4f15a4dd
+  metadata.gz: f6a9bc78fae632a2c86426c523fbce432cb85904ea661219032d6e4352ab16ea
+  data.tar.gz: f202cd11931c54fada9e8dd1e3af1dd9344b2a883dd5cb00ebf45708afdd365c
 SHA512:
-  metadata.gz: 730bb926137c31d86215cb433c97ea2d5252c24d8b38f8ce78596296a30cfc3786a5b69664b927323dbf9598385ed9b5a79cb931821ee9dad9aa9e7c7d08e111
-  data.tar.gz: 12af341b9c75a9c63b9a48a5ca71aab3dcb521f03862a74acd595d732df1e55ee9d8f16eb34485ad8b640439c4ab28dde08db20f8e598c583c66df3a3a58d121
+  metadata.gz: 8759e8295bb59715cd8aab800bd6a158a17422bee4adea2fc5d77c8517d44a92b6ff4a771a2c10a021162f5c582b4853a9d1ebd2bb5cc4e29468f3a6b061460b
+  data.tar.gz: 46e0b4693c1166e774f00a25f0f9378f2702e0449f87b2e808ea16d395b1df98ae5e564fff198daf53b6d3e0ba3352a12232a2a7f6962a74ea578b0f9a77c09d

data/VERSION

@@ -1 +1 @@
-0.7.8
+0.7.9

data/lib/rest_framework/controller_mixins/base.rb

@@ -170,6 +170,10 @@ module RESTFramework::BaseControllerMixin
     # Handle some common exceptions.
     unless RESTFramework.config.disable_rescue_from
       base.rescue_from(
+        ActionController::ParameterMissing,
+        ActionController::UnpermittedParameters,
+        ActiveRecord::AssociationTypeMismatch,
+        ActiveRecord::NotNullViolation,
         ActiveRecord::RecordNotFound,
         ActiveRecord::RecordInvalid,
         ActiveRecord::RecordNotSaved,

data/lib/rest_framework/controller_mixins/models.rb

@@ -386,10 +386,36 @@ module RESTFramework::BaseModelControllerMixin
   # Get a list of parameters allowed for the current action. By default we do not fallback to
   # columns so arbitrary fields can be submitted if no fields are defined.
   def get_allowed_parameters
-    return _get_specific_action_config(
+    return @allowed_parameters if defined?(@allowed_parameters)
+
+    @allowed_parameters = self._get_specific_action_config(
       :allowed_action_parameters,
       :allowed_parameters,
-    ) || self.get_fields
+    )
+    return @allowed_parameters if @allowed_parameters
+    return @allowed_parameters = nil unless fields = self.get_fields
+
+    # For fields, automatically add `_id`/`_ids` and `_attributes` variations for associations.
+    return @allowed_parameters = fields.map { |f|
+      f = f.to_s
+      next f unless ref = self.class.get_model.reflections[f]
+
+      variations = [f]
+
+      if self.class.permit_id_assignment
+        if ref.collection?
+          variations << "#{f.singularize}_ids"
+        else
+          variations << "#{f}_id"
+        end
+      end
+
+      if self.class.permit_nested_attributes_assignment
+        variations << "#{f}_attributes"
+      end
+
+      next variations
+    }.flatten
   end
 
   # Get the configured serializer class, or `NativeSerializer` as a default.
@@ -404,25 +430,15 @@ module RESTFramework::BaseModelControllerMixin
     ]
   end
 
-  # Filter the request body for keys in current action's allowed_parameters/fields config.
+  # Use strong parameters to filter the request body using the configured allowed parameters.
   def get_body_params(data: nil)
     data ||= request.request_parameters
 
     # Filter the request body and map to strings. Return all params if we cannot resolve a list of
     # allowed parameters or fields.
-    allowed_params = self.get_allowed_parameters&.map(&:to_s)
-    body_params = if allowed_params
-      data.select { |p|
-        p.in?(allowed_params) || (
-          self.class.permit_id_assignment && (
-            p.chomp("_id").in?(allowed_params) || p.chomp("_ids").pluralize.in?(allowed_params)
-          )
-        ) || (
-          self.class.permit_nested_attributes_assignment &&
-            p.chomp("_attributes").in?(allowed_params)
-
-        )
-      }
+    body_params = if allowed_parameters = self.get_allowed_parameters
+      data = ActionController::Parameters.new(data)
+      data.permit(*allowed_parameters)
     else
       data
     end

data/lib/rest_framework/utils.rb

@@ -79,6 +79,7 @@ module RESTFramework::Utils
   def self.get_routes(application_routes, request, current_route: nil)
     current_route ||= self.get_request_route(application_routes, request)
     current_path = current_route.path.spec.to_s.gsub("(.:format)", "")
+    current_path = "" if current_path == "/"
     current_levels = current_path.count("/")
     current_comparable_path = %r{^#{Regexp.quote(self.comparable_path(current_path))}(/|$)}
 
@@ -112,7 +113,7 @@ module RESTFramework::Utils
         verb: r.verb,
         path: path,
         # Starts at the number of levels in current path, and removes the `(.:format)` at the end.
-        relative_path: path.split("/")[current_levels..]&.join("/"),
+        relative_path: path.split("/")[current_levels..]&.join("/").presence || "/",
         controller: r.defaults[:controller].presence,
         action: r.defaults[:action].presence,
         matches_path: matches_path,
@@ -125,8 +126,8 @@ module RESTFramework::Utils
       # by the path, and finally by the HTTP verb.
       [r[:_levels], r[:_path], HTTP_METHOD_ORDERING.index(r[:verb]) || 99]
     }.group_by { |r| r[:controller] }.sort_by { |c, _r|
-      # Sort the controller groups by current controller first, then depth, then alphanumerically.
-      [request.params[:controller] == c ? 0 : 1, c.count("/"), c]
+      # Sort the controller groups by current controller first, then alphanumerically.
+      [request.params[:controller] == c ? 0 : 1, c]
     }.to_h
   end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rest_framework
 version: !ruby/object:Gem::Version
-  version: 0.7.8
+  version: 0.7.9
 platform: ruby
 authors:
 - Gregory N. Schmit
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-01-19 00:00:00.000000000 Z
+date: 2023-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails