rest_framework 0.9.9 → 0.9.11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4b816fbe24e240ce66a74b2a3c18fd0a75a449c878c9a0126e4c14ddbaafe5b8
-  data.tar.gz: 383836204fd789afd4270794e0d7da57e05b8b8e8f537dd19c7fa2bf6ff1e2eb
+  metadata.gz: 04ef01197efeca7c6276edbf2ed4c9ef3f50e4fc4d1df927c3d530953d5aab2a
+  data.tar.gz: 71bd781956d163f33cdc7fd6aa3950ce93d4f86a0c03325e2bebcd2ba1dfc74b
 SHA512:
-  metadata.gz: 0a845ce1b30eab8ad874e432268092e5e9117200a320d9446a3e333a88d202257987767fd6b9bad2b7b0768c52e564e1a0beede15408027c7c48c8b91beffcd4
-  data.tar.gz: a1ae6ccfd603c7759d5db717249790a7b124bc06b39ff3f88eba16527874ec8788e4fdcb149c4e96ca0a6a8dae1ea3361519acfb830e1dfda6bc5ea2b521177b
+  metadata.gz: 96cbf98cec8f47c54309fa5b2b46c90c60249e7da1fa7142ef85c041bfee1154b9fd60c5d420d145a2dfb852df4d8af906e3577cb2f5f70d0bc6fd2da9beeb97
+  data.tar.gz: 4b0ab5e4d529f54e4890c8e0da2763ee8915a393ce1260da5c7ce70d6ef940c64e36f15d5a5b70cca255ec881c53b4c48bbcd5f95f2e7d83cc88e233b623b327

data/README.md

@@ -7,12 +7,10 @@
 
 A framework for DRY RESTful APIs in Ruby on Rails.
 
-**The Problem**: Building controllers for APIs usually involves writing a lot of redundant CRUD
-logic, and routing them can be obnoxious. Building and maintaining features like ordering,
-filtering, and pagination can be tedious.
+**The Problem**: Building controllers for APIs usually involves writing a lot of redundant CRUD logic, and routing them can be obnoxious.
+Building and maintaining features like ordering, filtering, and pagination can be tedious.
 
-**The Solution**: This framework implements browsable API responses, CRUD actions for your models,
-and features like ordering/filtering/pagination, so you can focus on building awesome APIs.
+**The Solution**: This framework implements browsable API responses, CRUD actions for your models, and features like ordering/filtering/pagination, so you can focus on building awesome APIs.
 
 Website/Guide: [rails-rest-framework.com](https://rails-rest-framework.com)
 
@@ -40,8 +38,7 @@ bundle install
 
 This section provides some simple examples to quickly get you started using the framework.
 
-For the purpose of this example, you'll want to add an `api_controller.rb` to your controllers, as
-well as a directory for the resources:
+For the purpose of this example, you'll want to add an `api_controller.rb` to your controllers, as well as a directory for the resources:
 
 ```text
 controllers/
@@ -54,8 +51,7 @@ controllers/
 
 ### Controller Mixins
 
-The root `ApiController` can include any common behavior you want to share across all your API
-controllers:
+The root `ApiController` can include any common behavior you want to share across all your API controllers:
 
 ```ruby
 class ApiController < ApplicationController
@@ -71,9 +67,8 @@ class ApiController < ApplicationController
 end
 ```
 
-A root controller can provide actions that exist on the root of your API. It's best to define a
-dedicated root controller, rather than using the `ApiController` for this purpose, so that actions
-don't propagate to child controllers:
+A root controller can provide actions that exist on the root of your API.
+It's best to define a dedicated root controller, rather than using the `ApiController` for this purpose, so that actions don't propagate to child controllers:
 
 ```ruby
 class Api::RootController < ApiController
@@ -119,7 +114,8 @@ class Api::MoviesController < ApiController
 end
 ```
 
-You can also configure a resource's fields dynamically using `include` and `exclude` keys:
+When `fields` is nil, then it will default to all columns.
+The `fields` attribute can also be a hash to include or exclude fields rather than defining them manually:
 
 ```ruby
 class Api::UsersController < ApiController
@@ -131,10 +127,9 @@ end
 
 ### Routing
 
-You can use Rails' `resource`/`resources` routers to route your API, however if you want
-`extra_actions` / `extra_member_actions` to be routed automatically, then you can use `rest_route`
-for non-resourceful controllers, or `rest_resource` / `rest_resources` resourceful routers. To route
-the root, use `rest_root`.
+Use `rest_route` for non-resourceful controllers, or `rest_resource` / `rest_resources` resourceful routers.
+These routers add some features to the Rails builtin `resource`/`resources` routers, such as automatically routing extra actions defined on the controller.
+To route the root, use `rest_root`.
 
 ```ruby
 Rails.application.routes.draw do
@@ -151,8 +146,7 @@ end
 
 ## Development/Testing
 
-After you clone the repository, cd'ing into the directory should create a new gemset if you are
-using RVM. Then run `bin/setup` to install the appropriate gems and set things up.
+After you clone the repository, cd'ing into the directory should create a new gemset if you are using RVM.
+Then run `bin/setup` to install the appropriate gems and set things up.
 
-The top-level `bin/rails` proxies all Rails commands to the test project, so you can operate it via
-the usual commands (e.g., `rails test`, `rails server` and `rails console`).
+The top-level `bin/rails` proxies all Rails commands to the test project, so you can operate it via the usual commands (e.g., `rails test`, `rails server` and `rails console`).

data/VERSION

@@ -1 +1 @@
-0.9.9
+0.9.11

data/app/views/rest_framework/_head.html.erb

@@ -90,9 +90,6 @@
   html[data-bs-theme="dark"] .rrf-routes .rrf-route-group-header:hover {
     background-color: #333;
   }
-  .rrf-routes .rrf-route-group-header td {
-    cursor: pointer;
-  }
 
   /* Disable bootstrap's collapsing animation because in tables it causes delayed jerkiness. */
   .rrf-routes .collapsing {
@@ -194,7 +191,7 @@
     // Initialize dark/light mode before page fully loads to prevent flash.
     rrfSetSelectedMode(localStorage.getItem("rrfMode"))
 
-    // Initialize dark/light mode after page load (mostly so mode component is updated).
+    // Initialize dark/light mode after page load (duplicate so mode component is updated).
     document.addEventListener("DOMContentLoaded", (event) => {
       rrfSetSelectedMode(localStorage.getItem("rrfMode"))
 

data/app/views/rest_framework/routes_and_forms/_routes.html.erb

@@ -16,7 +16,7 @@
     <%# Render any other groups under dropdowns. %>
     <% @route_groups.drop(1).each_with_index do |(name, route_group), index| %>
       <tr data-bs-toggle="collapse" data-bs-target="#route-group-<%= index %>" class="rrf-route-group-header">
-        <td colspan="3" class="text-center user-select-none"><%= name %></td>
+        <td colspan="3" class="text-center user-select-none" style="cursor: pointer"><%= name %></td>
       </tr>
       <tbody id="route-group-<%= index %>" class="collapse">
         <% route_group.each do |route| %>

data/lib/rest_framework/filters/model_ordering_filter.rb

@@ -15,6 +15,7 @@ class RESTFramework::Filters::ModelOrderingFilter < RESTFramework::Filters::Base
 
     if order_string.present?
       ordering = {}.with_indifferent_access
+
       order_string.split(",").each do |field|
         if field[0] == "-"
           column = field[1..-1]
@@ -24,10 +25,11 @@ class RESTFramework::Filters::ModelOrderingFilter < RESTFramework::Filters::Base
           direction = :asc
         end
 
-        next if !column.in?(fields) && column.split(".").first.in?(fields)
+        next if !column.in?(fields) && !column.split(".").first.in?(fields)
 
         ordering[column] = direction
       end
+
       return ordering
     end
 

data/lib/rest_framework/filters/model_query_filter.rb

@@ -1,5 +1,7 @@
 # A simple filtering backend that supports filtering a recordset based on query parameters.
 class RESTFramework::Filters::ModelQueryFilter < RESTFramework::Filters::BaseFilter
+  NIL_VALUES = ["nil", "null"].freeze
+
   # Get a list of filterset fields for the current action.
   def _get_fields
     # Always return a list of strings; `@controller.get_fields` already does this.
@@ -9,8 +11,9 @@ class RESTFramework::Filters::ModelQueryFilter < RESTFramework::Filters::BaseFil
   # Filter params for keys allowed by the current action's filterset_fields/fields config.
   def _get_filter_params
     fields = self._get_fields
+    includes = []
 
-    return @controller.request.query_parameters.select { |p, _|
+    filter_params = @controller.request.query_parameters.select { |p, _|
       # Remove any trailing `__in` from the field name.
       field = p.chomp("__in")
 
@@ -20,7 +23,12 @@ class RESTFramework::Filters::ModelQueryFilter < RESTFramework::Filters::BaseFil
         next false unless field.in?(fields)
 
         sub_fields = @controller.class.get_field_config(field)[:sub_fields] || []
-        next sub_field.in?(sub_fields)
+        if sub_field.in?(sub_fields)
+          includes << field.to_sym
+          next true
+        end
+
+        next false
       end
 
       next field.in?(fields)
@@ -28,21 +36,27 @@ class RESTFramework::Filters::ModelQueryFilter < RESTFramework::Filters::BaseFil
       # Convert fields ending in `__in` to array values.
       if p.end_with?("__in")
         p = p.chomp("__in")
-        v = v.split(",")
+        v = v.split(",").map { |v| v.in?(NIL_VALUES) ? nil : v }
       end
 
       # Convert "nil" and "null" to nil.
-      if v == "nil" || v == "null"
-        v = nil
-      end
+      v = nil if v.in?(NIL_VALUES)
 
       [p, v]
     }.to_h.symbolize_keys
+
+    return filter_params, includes
   end
 
   # Filter data according to the request query parameters.
   def get_filtered_data(data)
-    if filter_params = self._get_filter_params.presence
+    filter_params, includes = self._get_filter_params
+
+    if filter_params.any?
+      if includes.any?
+        data = data.includes(*includes)
+      end
+
       return data.where(**filter_params)
     end
 

data/lib/rest_framework/mixins/model_controller_mixin.rb

@@ -33,17 +33,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # Options for handling request body parameters.
     allowed_parameters: nil,
     filter_pk_from_request_body: true,
-    exclude_body_fields: %w[
-      created_at
-      created_by
-      created_by_id
-      updated_at
-      updated_by
-      updated_by_id
-      _method
-      utf8
-      authenticity_token
-    ].freeze,
+    exclude_body_fields: RESTFramework.config.exclude_body_fields,
 
     # Attributes for the default native serializer.
     native_serializer_config: nil,
@@ -515,7 +505,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       ActionController::Parameters.new(data).permit(*allowed_params)
     end
 
-    # Filter primary key if configured.
+    # Filter primary key, if configured.
     if self.filter_pk_from_request_body && bulk_mode != :update
       body_params.delete(pk)
     end
@@ -527,7 +517,7 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     #
     # rubocop:disable Layout/LineLength
     #
-    # Good example base64 image:
+    # Example base64 image:
     #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAApgAAAKYB3X3/OAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAANCSURBVEiJtZZPbBtFFMZ/M7ubXdtdb1xSFyeilBapySVU8h8OoFaooFSqiihIVIpQBKci6KEg9Q6H9kovIHoCIVQJJCKE1ENFjnAgcaSGC6rEnxBwA04Tx43t2FnvDAfjkNibxgHxnWb2e/u992bee7tCa00YFsffekFY+nUzFtjW0LrvjRXrCDIAaPLlW0nHL0SsZtVoaF98mLrx3pdhOqLtYPHChahZcYYO7KvPFxvRl5XPp1sN3adWiD1ZAqD6XYK1b/dvE5IWryTt2udLFedwc1+9kLp+vbbpoDh+6TklxBeAi9TL0taeWpdmZzQDry0AcO+jQ12RyohqqoYoo8RDwJrU+qXkjWtfi8Xxt58BdQuwQs9qC/afLwCw8tnQbqYAPsgxE1S6F3EAIXux2oQFKm0ihMsOF71dHYx+f3NND68ghCu1YIoePPQN1pGRABkJ6Bus96CutRZMydTl+TvuiRW1m3n0eDl0vRPcEysqdXn+jsQPsrHMquGeXEaY4Yk4wxWcY5V/9scqOMOVUFthatyTy8QyqwZ+kDURKoMWxNKr2EeqVKcTNOajqKoBgOE28U4tdQl5p5bwCw7BWquaZSzAPlwjlithJtp3pTImSqQRrb2Z8PHGigD4RZuNX6JYj6wj7O4TFLbCO/Mn/m8R+h6rYSUb3ekokRY6f/YukArN979jcW+V/S8g0eT/N3VN3kTqWbQ428m9/8k0P/1aIhF36PccEl6EhOcAUCrXKZXXWS3XKd2vc/TRBG9O5ELC17MmWubD2nKhUKZa26Ba2+D3P+4/MNCFwg59oWVeYhkzgN/JDR8deKBoD7Y+ljEjGZ0sosXVTvbc6RHirr2reNy1OXd6pJsQ+gqjk8VWFYmHrwBzW/n+uMPFiRwHB2I7ih8ciHFxIkd/3Omk5tCDV1t+2nNu5sxxpDFNx+huNhVT3/zMDz8usXC3ddaHBj1GHj/As08fwTS7Kt1HBTmyN29vdwAw+/wbwLVOJ3uAD1wi/dUH7Qei66PfyuRj4Ik9is+hglfbkbfR3cnZm7chlUWLdwmprtCohX4HUtlOcQjLYCu+fzGJH2QRKvP3UNz8bWk1qMxjGTOMThZ3kvgLI5AzFfo379UAAAAASUVORK5CYII=
     #
     # rubocop:enable Layout/LineLength
@@ -572,7 +562,6 @@ module RESTFramework::Mixins::BaseModelControllerMixin
     # Cache the result.
     return @record if @record
 
-    recordset = self.get_recordset
     find_by_key = self.class.get_model.primary_key
     is_pk = true
 
@@ -588,16 +577,18 @@ module RESTFramework::Mixins::BaseModelControllerMixin
       end
     end
 
-    # Filter recordset, if configured.
-    if self.filter_recordset_before_find
-      recordset = self.get_records
+    # Get the recordset, filtering if configured.
+    collection = if self.filter_recordset_before_find
+      self.get_records
+    else
+      self.get_recordset
     end
 
     # Return the record. Route key is always `:id` by Rails convention.
     if is_pk
-      return @record = recordset.find(request.path_parameters[:id])
+      return @record = collection.find(request.path_parameters[:id])
     else
-      return @record = recordset.find_by!(find_by_key => request.path_parameters[:id])
+      return @record = collection.find_by!(find_by_key => request.path_parameters[:id])
     end
   end
 

data/lib/rest_framework/version.rb

@@ -1,5 +1,5 @@
-# Do not use Rails-specific helper methods here (e.g., `blank?`) so the module can run standalone.
 module RESTFramework
+  # Do not use Rails-specific helper methods here (e.g., `blank?`) so the module can run standalone.
   module Version
     VERSION_FILEPATH = File.expand_path("../../VERSION", __dir__)
     UNKNOWN = "0-unknown"

data/lib/rest_framework.rb

@@ -122,9 +122,19 @@ module RESTFramework
   # Global configuration should be kept minimal, as controller-level configurations allows multiple
   # APIs to be defined to behave differently.
   class Config
-    DEFAULT_EXCLUDE_ASSOCIATION_CLASSES = [].freeze
     DEFAULT_LABEL_FIELDS = %w(name label login title email username url).freeze
     DEFAULT_SEARCH_COLUMNS = DEFAULT_LABEL_FIELDS + %w(description note).freeze
+    DEFAULT_EXCLUDE_BODY_FIELDS = %w[
+      created_at
+      created_by
+      created_by_id
+      updated_at
+      updated_by
+      updated_by_id
+      _method
+      utf8
+      authenticity_token
+    ].freeze
 
     # Do not run `rrf_finalize` on controllers automatically using a `TracePoint` hook. This is a
     # performance option and must be global because we have to determine this before any
@@ -155,6 +165,9 @@ module RESTFramework
     # The default search columns to use when generating search filters.
     attr_accessor :search_columns
 
+    # The default list of fields to exclude from the body of the request.
+    attr_accessor :exclude_body_fields
+
     # Option to use vendored assets (requires sprockets or propshaft) rather than linking to
     # external assets (the default).
     attr_accessor :use_vendored_assets
@@ -163,6 +176,7 @@ module RESTFramework
       self.show_backtrace = Rails.env.development?
       self.label_fields = DEFAULT_LABEL_FIELDS
       self.search_columns = DEFAULT_SEARCH_COLUMNS
+      self.exclude_body_fields = DEFAULT_EXCLUDE_BODY_FIELDS
     end
   end