rest_framework 0.9.2 → 0.9.4

data/lib/rest_framework/filters/model_ordering.rb

@@ -0,0 +1,48 @@
+# A filter backend which handles ordering of the recordset.
+class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
+  # Get a list of ordering fields for the current action.
+  def _get_fields
+    return @controller.ordering_fields&.map(&:to_s) || @controller.get_fields
+  end
+
+  # Convert ordering string to an ordering configuration.
+  def _get_ordering
+    return nil if @controller.ordering_query_param.blank?
+
+    # Ensure ordering_fields are strings since the split param will be strings.
+    fields = self._get_fields
+    order_string = @controller.params[@controller.ordering_query_param]
+
+    if order_string.present?
+      ordering = {}.with_indifferent_access
+      order_string.split(",").each do |field|
+        if field[0] == "-"
+          column = field[1..-1]
+          direction = :desc
+        else
+          column = field
+          direction = :asc
+        end
+
+        next if !column.in?(fields) && column.split(".").first.in?(fields)
+
+        ordering[column] = direction
+      end
+      return ordering
+    end
+
+    return nil
+  end
+
+  # Order data according to the request query parameters.
+  def get_filtered_data(data)
+    ordering = self._get_ordering
+    reorder = !@controller.ordering_no_reorder
+
+    if ordering && !ordering.empty?
+      return data.send(reorder ? :reorder : :order, ordering)
+    end
+
+    return data
+  end
+end

data/lib/rest_framework/filters/model_query.rb

@@ -0,0 +1,51 @@
+# A simple filtering backend that supports filtering a recordset based on query parameters.
+class RESTFramework::ModelQueryFilter < RESTFramework::BaseFilter
+  # Get a list of filterset fields for the current action.
+  def _get_fields
+    # Always return a list of strings; `@controller.get_fields` already does this.
+    return @controller.class.filterset_fields&.map(&:to_s) || @controller.get_fields
+  end
+
+  # Filter params for keys allowed by the current action's filterset_fields/fields config.
+  def _get_filter_params
+    fields = self._get_fields
+
+    return @controller.request.query_parameters.select { |p, _|
+      # Remove any trailing `__in` from the field name.
+      field = p.chomp("__in")
+
+      # Remove any associations whose sub-fields are not filterable.
+      if match = /(.*)\.(.*)/.match(field)
+        field, sub_field = match[1..2]
+        next false unless field.in?(fields)
+
+        sub_fields = @controller.class.get_field_config(field)[:sub_fields] || []
+        next sub_field.in?(sub_fields)
+      end
+
+      next field.in?(fields)
+    }.map { |p, v|
+      # Convert fields ending in `__in` to array values.
+      if p.end_with?("__in")
+        p = p.chomp("__in")
+        v = v.split(",")
+      end
+
+      # Convert "nil" and "null" to nil.
+      if v == "nil" || v == "null"
+        v = nil
+      end
+
+      [p, v]
+    }.to_h.symbolize_keys
+  end
+
+  # Filter data according to the request query parameters.
+  def get_filtered_data(data)
+    if filter_params = self._get_filter_params.presence
+      return data.where(**filter_params)
+    end
+
+    return data
+  end
+end

data/lib/rest_framework/filters/model_search.rb

@@ -0,0 +1,41 @@
+# Multi-field text searching on models.
+class RESTFramework::ModelSearchFilter < RESTFramework::BaseFilter
+  # Get a list of search fields for the current action.
+  def _get_fields
+    if search_fields = @controller.search_fields
+      return search_fields&.map(&:to_s)
+    end
+
+    columns = @controller.class.get_model.column_names
+    return @controller.get_fields.select { |f|
+      f.in?(RESTFramework.config.search_columns) && f.in?(columns)
+    }
+  end
+
+  # Filter data according to the request query parameters.
+  def get_filtered_data(data)
+    search = @controller.request.query_parameters[@controller.search_query_param]
+
+    if search.present?
+      if fields = self._get_fields.presence
+        # MySQL doesn't support casting to VARCHAR, so we need to use CHAR instead.
+        data_type = if data.connection.adapter_name =~ /mysql/i
+          "CHAR"
+        else
+          # Sufficient for both PostgreSQL and SQLite.
+          "VARCHAR"
+        end
+
+        # Ensure we pass user input as arguments to prevent SQL injection.
+        return data.where(
+          fields.map { |f|
+            "CAST(#{f} AS #{data_type}) #{@controller.search_ilike ? "ILIKE" : "LIKE"} ?"
+          }.join(" OR "),
+          *(["%#{search}%"] * fields.length),
+        )
+      end
+    end
+
+    return data
+  end
+end

data/lib/rest_framework/filters/ransack.rb

@@ -0,0 +1,25 @@
+# Adapter for the `ransack` gem.
+class RESTFramework::RansackFilter < RESTFramework::BaseFilter
+  # Filter data according to the request query parameters.
+  def get_filtered_data(data)
+    q = @controller.request.query_parameters[@controller.ransack_query_param]
+
+    if q.present?
+      distinct = @controller.ransack_distinct
+
+      # Determine if `distinct` is determined by query param.
+      if distinct_query_param = @controller.ransack_distinct_query_param
+        distinct_from_query = ActiveRecord::Type::Boolean.new.cast(
+          @controller.request.query_parameters[distinct_query_param],
+        )
+        unless distinct_from_query.nil?
+          distinct = distinct_from_query
+        end
+      end
+
+      return data.ransack(q, @controller.ransack_options).result(distinct: distinct)
+    end
+
+    return data
+  end
+end

data/lib/rest_framework/filters.rb

@@ -1,153 +1,9 @@
-class RESTFramework::BaseFilter
-  def initialize(controller:)
-    @controller = controller
-  end
-
-  def get_filtered_data(data)
-    raise NotImplementedError
-  end
-end
-
-# A simple filtering backend that supports filtering a recordset based on fields defined on the
-# controller class.
-class RESTFramework::ModelFilter < RESTFramework::BaseFilter
-  # Get a list of filterset fields for the current action.
-  def _get_fields
-    # Always return a list of strings; `@controller.get_fields` already does this.
-    return @controller.class.filterset_fields&.map(&:to_s) || @controller.get_fields
-  end
-
-  # Filter params for keys allowed by the current action's filterset_fields/fields config.
-  def _get_filter_params
-    fields = self._get_fields
-
-    return @controller.request.query_parameters.select { |p, _|
-      # Remove any trailing `__in` from the field name.
-      field = p.chomp("__in")
-
-      # Remove any associations whose sub-fields are not filterable.
-      if match = /(.*)\.(.*)/.match(field)
-        field, sub_field = match[1..2]
-        next false unless field.in?(fields)
-
-        sub_fields = @controller.class.get_field_config(field)[:sub_fields] || []
-        next sub_field.in?(sub_fields)
-      end
-
-      next field.in?(fields)
-    }.map { |p, v|
-      # Convert fields ending in `__in` to array values.
-      if p.end_with?("__in")
-        p = p.chomp("__in")
-        v = v.split(",")
-      end
-
-      # Convert "nil" and "null" to nil.
-      if v == "nil" || v == "null"
-        v = nil
-      end
-
-      [p, v]
-    }.to_h.symbolize_keys
-  end
-
-  # Filter data according to the request query parameters.
-  def get_filtered_data(data)
-    if filter_params = self._get_filter_params.presence
-      return data.where(**filter_params)
-    end
-
-    return data
-  end
-end
-
-# A filter backend which handles ordering of the recordset.
-class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
-  # Get a list of ordering fields for the current action.
-  def _get_fields
-    return @controller.class.ordering_fields&.map(&:to_s) || @controller.get_fields
-  end
-
-  # Convert ordering string to an ordering configuration.
-  def _get_ordering
-    return nil if @controller.class.ordering_query_param.blank?
-
-    # Ensure ordering_fields are strings since the split param will be strings.
-    fields = self._get_fields
-    order_string = @controller.params[@controller.class.ordering_query_param]
-
-    if order_string.present?
-      ordering = {}.with_indifferent_access
-      order_string.split(",").each do |field|
-        if field[0] == "-"
-          column = field[1..-1]
-          direction = :desc
-        else
-          column = field
-          direction = :asc
-        end
-
-        next if !column.in?(fields) && column.split(".").first.in?(fields)
-
-        ordering[column] = direction
-      end
-      return ordering
-    end
-
-    return nil
-  end
-
-  # Order data according to the request query parameters.
-  def get_filtered_data(data)
-    ordering = self._get_ordering
-    reorder = !@controller.class.ordering_no_reorder
-
-    if ordering && !ordering.empty?
-      return data.send(reorder ? :reorder : :order, ordering)
-    end
-
-    return data
-  end
+module RESTFramework::Filters
 end
 
-# Multi-field text searching on models.
-class RESTFramework::ModelSearchFilter < RESTFramework::BaseFilter
-  # Get a list of search fields for the current action.
-  def _get_fields
-    if search_fields = @controller.class.search_fields
-      return search_fields&.map(&:to_s)
-    end
-
-    columns = @controller.class.get_model.column_names
-    return @controller.get_fields.select { |f|
-      f.in?(RESTFramework.config.search_columns) && f.in?(columns)
-    }
-  end
-
-  # Filter data according to the request query parameters.
-  def get_filtered_data(data)
-    search = @controller.request.query_parameters[@controller.class.search_query_param]
+require_relative "filters/base"
 
-    if search.present?
-      if fields = self._get_fields.presence
-        # MySQL doesn't support casting to VARCHAR, so we need to use CHAR instead.
-        data_type = if data.connection.adapter_name =~ /mysql/i
-          "CHAR"
-        else
-          # Sufficient for both PostgreSQL and SQLite.
-          "VARCHAR"
-        end
-
-        # Ensure we pass user input as arguments to prevent SQL injection.
-        return data.where(
-          fields.map { |f|
-            "CAST(#{f} AS #{data_type}) #{@controller.class.search_ilike ? "ILIKE" : "LIKE"} ?"
-          }.join(" OR "),
-          *(["%#{search}%"] * fields.length),
-        )
-      end
-    end
-
-    return data
-  end
-end
+require_relative "filters/model_ordering"
+require_relative "filters/model_query"
+require_relative "filters/model_search"
+require_relative "filters/ransack"

data/lib/rest_framework/paginators.rb

@@ -33,35 +33,31 @@ class RESTFramework::PageNumberPaginator < RESTFramework::BasePaginator
     page_size = nil
 
     # Get from context, if allowed.
-    if @controller.class.page_size_query_param
-      if page_size = @controller.params[@controller.class.page_size_query_param].presence
+    if @controller.page_size_query_param
+      if page_size = @controller.params[@controller.page_size_query_param].presence
         page_size = page_size.to_i
       end
     end
 
     # Otherwise, get from config.
-    if !page_size && @controller.class.page_size
-      page_size = @controller.class.page_size
+    if !page_size && @controller.page_size
+      page_size = @controller.page_size
     end
 
     # Ensure we don't exceed the max page size.
-    if @controller.class.max_page_size && page_size > @controller.class.max_page_size
-      page_size = @controller.class.max_page_size
+    if @controller.max_page_size && page_size > @controller.max_page_size
+      page_size = @controller.max_page_size
     end
 
     # Ensure we return at least 1.
     return page_size.zero? ? 1 : page_size
   end
 
-  def _page_query_param
-    return @controller.class.page_query_param&.to_sym
-  end
-
   # Get the page and return it so the caller can serialize it.
   def get_page(page_number=nil)
     # If page number isn't provided, infer from the params or use 1 as a fallback value.
     unless page_number
-      page_number = @controller&.params&.[](self._page_query_param)
+      page_number = @controller&.params&.[](@controller.page_query_param&.to_sym)
       if page_number.blank?
         page_number = 1
       else

data/lib/rest_framework/serializers.rb

@@ -93,12 +93,12 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     return nil unless @controller
 
     if @many == true
-      controller_serializer = @controller.class.try(:native_serializer_plural_config)
+      controller_serializer = @controller.try(:native_serializer_plural_config)
     elsif @many == false
-      controller_serializer = @controller.class.try(:native_serializer_singular_config)
+      controller_serializer = @controller.try(:native_serializer_singular_config)
     end
 
-    return controller_serializer || @controller.class.try(:native_serializer_config)
+    return controller_serializer || @controller.try(:native_serializer_config)
   end
 
   # Filter a single subconfig for specific keys. By default, keys from `fields` are removed from the
@@ -152,9 +152,9 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
   def filter_from_request(cfg)
     return cfg unless @controller
 
-    except_param = @controller.class.try(:native_serializer_except_query_param)
-    only_param = @controller.class.try(:native_serializer_only_query_param)
-    if except_param && except = @controller.request.query_parameters[except_param].presence
+    except_param = @controller.try(:native_serializer_except_query_param)
+    only_param = @controller.try(:native_serializer_only_query_param)
+    if except_param && except = @controller.request&.query_parameters&.[](except_param).presence
       if except = except.split(",").map(&:strip).map(&:to_sym).presence
         # Filter `only`, `except` (additive), `include`, `methods`, and `serializer_methods`.
         if cfg[:only]
@@ -171,7 +171,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
           cfg[:serializer_methods], fields: except
         )
       end
-    elsif only_param && only = @controller.request.query_parameters[only_param].presence
+    elsif only_param && only = @controller.request&.query_parameters&.[](only_param).presence
       if only = only.split(",").map(&:strip).map(&:to_sym).presence
         # Filter `only`, `include`, and `methods`. Adding anything to `except` is not needed,
         # because any configuration there takes precedence over `only`.
@@ -196,10 +196,10 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
   def _get_associations_limit
     return @_get_associations_limit if defined?(@_get_associations_limit)
 
-    limit = @controller.class.native_serializer_associations_limit
+    limit = @controller&.native_serializer_associations_limit
 
     # Extract the limit from the query parameters if it's set.
-    if query_param = @controller.class.native_serializer_associations_limit_query_param
+    if query_param = @controller&.native_serializer_associations_limit_query_param
       if @controller.request.query_parameters.key?(query_param)
         query_limit = @controller.request.query_parameters[query_param].to_i
         if query_limit > 0
@@ -256,7 +256,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
           end
 
           # If we need to include the association count, then add it here.
-          if @controller.class.native_serializer_include_associations_count
+          if @controller.native_serializer_include_associations_count
             method_name = "#{f}.count"
             serializer_methods[method_name] = method_name
             self.define_singleton_method(method_name) do |record|

data/lib/rest_framework/utils.rb

@@ -154,8 +154,8 @@ module RESTFramework::Utils
     parsed_fields = fields_hash[:only] || (
       model ? self.fields_for(model, exclude_associations: exclude_associations) : []
     )
-    parsed_fields += fields_hash[:include] if fields_hash[:include]
-    parsed_fields -= fields_hash[:exclude] if fields_hash[:exclude]
+    parsed_fields += fields_hash[:include].map(&:to_s) if fields_hash[:include]
+    parsed_fields -= fields_hash[:exclude].map(&:to_s) if fields_hash[:exclude]
 
     # Warn for any unknown keys.
     (fields_hash.keys - [:only, :include, :exclude]).each do |k|
@@ -185,11 +185,6 @@ module RESTFramework::Utils
         next nil
       end
 
-      # Exclude user-specified associations.
-      if ref.class_name.in?(RESTFramework.config.exclude_association_classes)
-        next nil
-      end
-
       if ref.collection? && RESTFramework.config.large_reverse_association_tables&.include?(
         ref.table_name,
       )
@@ -225,4 +220,17 @@ module RESTFramework::Utils
 
     return ["id", "name"]
   end
+
+  # Get a field's id/ids variation.
+  def self.get_id_field(field, reflection)
+    if reflection.collection?
+      return "#{field.singularize}_ids"
+    elsif reflection.belongs_to?
+      # The id field for belongs_to is always the foreign key column name, even if the
+      # association is named differently.
+      return reflection.foreign_key
+    end
+
+    return nil
+  end
 end

data/lib/rest_framework.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module RESTFramework
   BUILTIN_ACTIONS = {
     index: :get,
@@ -18,6 +20,93 @@ module RESTFramework
     destroy_all: :delete,
   }.freeze
 
+  # rubocop:disable Layout/LineLength
+  EXTERNAL_ASSETS = {
+    # Bootstrap
+    "bootstrap.css" => {
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/css/bootstrap.min.css",
+      sri: "sha384-aFq/bzH65dt+w6FI2ooMVUpc+21e0SRygnTpmBvdBgSdnuTN7QbdgL+OapgHtvPp",
+    },
+    "bootstrap.js" => {
+      url: "https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/js/bootstrap.bundle.min.js",
+      sri: "sha384-qKXV1j0HvMUeCBQ+QVp7JcfGl760yU08IQ+GpUo5hlbpg51QRiuqHAJz8+BrxE/N",
+    },
+
+    # Bootstrap Icons
+    "bootstrap-icons.css" => {
+      url: "https://cdn.jsdelivr.net/npm/bootstrap-icons@1.10.4/font/bootstrap-icons.min.css",
+      inline_fonts: true,
+    },
+
+    # Highlight.js
+    "highlight.js" => {
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js",
+      sri: "sha512-bgHRAiTjGrzHzLyKOnpFvaEpGzJet3z4tZnXGjpsCcqOnAH6VGUx9frc5bcIhKTVLEiCO6vEhNAgx5jtLUYrfA==",
+    },
+    "highlight-json.js" => {
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/json.min.js",
+      sri: "sha512-0xYvyncS9OLE7GOpNBZFnwyh9+bq4HVgk4yVVYI678xRvE22ASicF1v6fZ1UiST+M6pn17MzFZdvVCI3jTHSyw==",
+    },
+    "highlight-xml.js" => {
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/xml.min.js",
+      sri: "sha512-5zBcw+OKRkaNyvUEPlTSfYylVzgpi7KpncY36b0gRudfxIYIH0q0kl2j26uCUB3YBRM6ytQQEZSgRg+ZlBTmdA==",
+    },
+    "highlight-a11y-dark.css" => {
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-dark.min.css",
+      sri: "sha512-Vj6gPCk8EZlqnoveEyuGyYaWZ1+jyjMPg8g4shwyyNlRQl6d3L9At02ZHQr5K6s5duZl/+YKMnM3/8pDhoUphg==",
+      extra_tag_attrs: {class: "rrf-dark-mode"},
+    },
+    "highlight-a11y-light.css" => {
+      url: "https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-light.min.css",
+      sri: "sha512-WDk6RzwygsN9KecRHAfm9HTN87LQjqdygDmkHSJxVkVI7ErCZ8ZWxP6T8RvBujY1n2/E4Ac+bn2ChXnp5rnnHA==",
+      extra_tag_attrs: {class: "rrf-light-mode"},
+    },
+
+    # NeatJSON
+    "neatjson.js" => {
+      url: "https://cdn.jsdelivr.net/npm/neatjson@0.10.5/javascript/neatjson.min.js",
+      exclude_from_docs: true,
+    },
+
+    # Trix
+    "trix.css" => {
+      url: "https://unpkg.com/trix@2.0.0/dist/trix.css",
+      exclude_from_docs: true,
+    },
+    "trix.js" => {
+      url: "https://unpkg.com/trix@2.0.0/dist/trix.umd.min.js",
+      exclude_from_docs: true,
+    },
+  }.map { |name, cfg|
+    if File.extname(name) == ".js"
+      cfg[:place] = "javascripts"
+      cfg[:extra_tag_attrs] ||= {}
+      cfg[:tag_attrs] = {
+        src: cfg[:url],
+        integrity: cfg[:sri],
+        crossorigin: "anonymous",
+        referrerpolicy: "no-referrer",
+        defer: true,
+        **cfg[:extra_tag_attrs],
+      }
+      cfg[:tag] = ActionController::Base.helpers.tag.script(**cfg[:tag_attrs])
+    else
+      cfg[:place] = "stylesheets"
+      cfg[:extra_tag_attrs] ||= {}
+      cfg[:tag_attrs] = {
+        rel: "stylesheet",
+        href: cfg[:url],
+        integrity: cfg[:sri],
+        crossorigin: "anonymous",
+        **cfg[:extra_tag_attrs],
+      }
+      cfg[:tag] = ActionController::Base.helpers.tag.link(**cfg[:tag_attrs])
+    end
+
+    [name, cfg]
+  }.to_h.freeze
+  # rubocop:enable Layout/LineLength
+
   # Global configuration should be kept minimal, as controller-level configurations allows multiple
   # APIs to be defined to behave differently.
   class Config
@@ -48,18 +137,18 @@ module RESTFramework
     # Disable `rescue_from` on the controller mixins.
     attr_accessor :disable_rescue_from
 
-    # Exclude certain classes from being added by default as association fields.
-    attr_accessor :exclude_association_classes
-
     # The default label fields to use when generating labels for `has_many` associations.
     attr_accessor :label_fields
 
     # The default search columns to use when generating search filters.
     attr_accessor :search_columns
 
+    # Option to use vendored assets (requires sprockets or propshaft) rather than linking to
+    # external assets (the default).
+    attr_accessor :use_vendored_assets
+
     def initialize
       self.show_backtrace = Rails.env.development?
-      self.exclude_association_classes = DEFAULT_EXCLUDE_ASSOCIATION_CLASSES
       self.label_fields = DEFAULT_LABEL_FIELDS
       self.search_columns = DEFAULT_SEARCH_COLUMNS
     end