rest_framework 0.8.15 → 0.8.16

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 36036d097655858aedddc79945d798ae9e8c8dec48ee1e8c59e06e98b9bdf694
-  data.tar.gz: fc9ced23a919bd6c0528f1b91999e89ca959ce433c0ef99938a46abc46574ca9
+  metadata.gz: 0b8523aadeaa24412d0a2ea3d5a0f940864f69f13b4f97859c7b7a072b035a30
+  data.tar.gz: 3c7a734e85ef542221738030d711b912114712c7e0f0e28115bacfbf43fee032
 SHA512:
-  metadata.gz: 3dea10ba8f4d5cc9cc4fe186b1101823eb7268fe3543ce4dfd850d33d477cb3fe7ba413138ab0b3ade2490e4a3b5bb1bc8880d8ad41296ada615e0e732618ea5
-  data.tar.gz: 3071fc01e29b932141f70301dae07de686c691416863906b09815d89f7cc6c50e1c4351582a94a5ec1fd67fecdd028808bf2f4efd3e57113790cc9f9f2baf8fc
+  metadata.gz: 986584c39f0388eec578bf53f71989f62df6c5eea18001d90023790b2c3fa3781f3b21416215aa58f153265eaf6fdce964ca2dbaf035dd1247b052963ed6d82c
+  data.tar.gz: 2dc9b1a29e1c7fdd1a6e010d9198a9f761b6eaed1ca37cbaa60dcad8a76ccd8972a6a9e2a5e8b8496b24794d5fe59a0a2ad35ff25ba2f1cd69c463fce572744f

data/VERSION

@@ -1 +1 @@
-0.8.15
+0.8.16

data/app/views/layouts/rest_framework.html.erb

@@ -1,14 +1,14 @@
 <!doctype html>
-<html>
+<html data-bs-theme="dark">
   <head>
     <title><%= @title %></title>
     <%= render partial: 'rest_framework/head' %>
   </head>
 
   <body>
-    <div class="bg-dark">
-      <div class="w-100 m-0 p-0" style="height: .3em; background-color: #a00;"></div>
-      <nav class="navbar navbar-dark bg-dark">
+    <div>
+      <div class="w-100 m-0 p-0" style="height: .3em; background-color: #900;"></div>
+      <nav class="navbar navbar-dark" style="background-color: #111">
         <div class="container">
           <span class="navbar-brand p-0">
             <h1 title="RRF v<%= RESTFramework::VERSION %>" class="text-light font-weight-light m-0 p-0" style="font-size: 1em">
@@ -57,7 +57,7 @@
               <% if @route_groups.values[0].any? { |r| r[:matches_path] && r[:verb] == "OPTIONS" } %>
                 <button type="button" class="btn btn-primary" onclick="rrfOptions(this)">OPTIONS</button>
               <% end %>
-              <button type="button" class="btn btn-primary" onclick="rrfRefresh(this)">GET</button>
+              <button type="button" class="btn btn-primary" onclick="rrfGet(this)">GET</button>
             </div>
             <% if @description.present? %>
               <br><br><p style="display: inline-block; margin-bottom: 0"><%= @description %></p>
@@ -68,12 +68,12 @@
         <div class="row">
           <div>
             <pre style="white-space: normal">
-              <code class="language-plaintext">
+              <code>
                 <strong><%= request.method %></strong> <%= request.path %><br>
               </code>
             </pre>
             <pre style="white-space: normal">
-              <code class="language-plaintext">
+              <code>
                 <strong>HTTP <%= response.status %> <%= response.message %></strong><br>
                 <strong>Content-Type:</strong> <%= response.content_type %>
               </code>
@@ -101,25 +101,29 @@
               </ul>
             </div>
             <div class="tab-content pt-2">
-              <div class="tab-pane fade show active" id="tab-json" role="tab">
+              <div class="tab-pane fade show active" id="tab-json" role="tabpanel">
                 <% if @json_payload.present? %>
-                  <div>
-                    <pre class="rrf-copy"><code class="language-json"><%=
-                      JSON.pretty_generate(
-                        JSON.parse(@json_payload)
-                      ) unless @json_payload == '' %></code></pre>
-                  </div>
+                  <div><pre class="rrf-copy"><code class="auto-hljs language-json"><%=
+                    JSON.pretty_generate(
+                      JSON.parse(@json_payload)
+                    ) unless @json_payload == ''
+                  %></code></pre></div>
                 <% end %>
               </div>
-              <div class="tab-pane fade" id="tab-xml" role="tab">
+              <div class="tab-pane fade" id="tab-xml" role="tabpanel">
                 <% if @xml_payload.present? %>
-                  <div><pre class="rrf-copy"><code class="language-xml"><%= @xml_payload %></code></pre></div>
+                  <div><pre class="rrf-copy"><code class="auto-hljs language-xml"><%=
+                    CGI.unescapeHTML(@xml_payload)
+                  %></code></pre></div>
                 <% end %>
               </div>
             </div>
           </div>
         <% end %>
         <% if @route_groups.present? %>
+          <%
+            @is_model_controller = controller.class.included_modules.include?(RESTFramework::ModelControllerMixin)
+          %>
           <div class="row">
             <div>
               <ul class="nav nav-tabs">
@@ -137,9 +141,9 @@
                       Raw Form
                     </a>
                   </li>
-                  <% if RESTFramework.features[:html_forms] %>
+                  <% if @is_model_controller %>
                     <li class="nav-item">
-                      <a class="nav-link" href="#tab-raw-form" data-bs-toggle="tab" role="tab">
+                      <a class="nav-link" href="#tab-html-form" data-bs-toggle="tab" role="tab">
                         HTML Form
                       </a>
                     </li>
@@ -148,15 +152,15 @@
               </ul>
             </div>
             <div class="tab-content pt-2">
-              <div class="tab-pane fade show active" id="tab-routes" role="tab">
+              <div class="tab-pane fade show active" id="tab-routes" role="tabpanel">
                 <%= render partial: 'rest_framework/routes' %>
               </div>
               <% unless @_rrf_form_routes.empty? %>
-                <div class="tab-pane fade" id="tab-raw-form" role="tab">
+                <div class="tab-pane fade" id="tab-raw-form" role="tabpanel">
                   <%= render partial: 'rest_framework/raw_form' %>
                 </div>
-                <% if RESTFramework.features[:html_forms] %>
-                  <div class="tab-pane fade" id="tab-raw-form" role="tab">
+                <% if @is_model_controller %>
+                  <div class="tab-pane fade" id="tab-html-form" role="tabpanel">
                     <%= render partial: 'rest_framework/html_form' %>
                   </div>
                 <% end %>

data/app/views/rest_framework/_head.html.erb

@@ -3,12 +3,15 @@
 <%= csrf_meta_tags %>
 <%= csp_meta_tag rescue nil %>
 
+<!-- ActiveStorage -->
+<script src="https://cdn.jsdelivr.net/npm/activestorage@5.2.8-1/app/assets/javascripts/activestorage.min.js"></script>
+
 <!-- Bootstrap -->
-<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/css/bootstrap.min.css" integrity="sha384-F3w7mX95PdgyTmZZMECAngseQB83DfGTowi0iMjiWaeVhAn4FJkqJByhZMI3AhiU" crossorigin="anonymous">
-<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.1/dist/js/bootstrap.bundle.min.js" integrity="sha384-/bQdsTh/da6pkI1MST/rWKFNjaCP5gBSY4sEBT38Q/9RBh9AH40zEOg7Hlq2THRZ" crossorigin="anonymous"></script>
+<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-aFq/bzH65dt+w6FI2ooMVUpc+21e0SRygnTpmBvdBgSdnuTN7QbdgL+OapgHtvPp" crossorigin="anonymous">
+<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha2/dist/js/bootstrap.bundle.min.js" integrity="sha384-qKXV1j0HvMUeCBQ+QVp7JcfGl760yU08IQ+GpUo5hlbpg51QRiuqHAJz8+BrxE/N" crossorigin="anonymous"></script>
 
 <!-- Highlight.js -->
-<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/vs.min.css" integrity="sha512-AVoZ71dJLtHRlsgWwujPT1hk2zxtFWsPlpTPCc/1g0WgpbmlzkqlDFduAvnOV4JJWKUquPc1ZyMc5eq4fRnKOQ==" crossorigin="anonymous" referrerpolicy="no-referrer" />
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/styles/a11y-dark.min.css" integrity="sha512-Vj6gPCk8EZlqnoveEyuGyYaWZ1+jyjMPg8g4shwyyNlRQl6d3L9At02ZHQr5K6s5duZl/+YKMnM3/8pDhoUphg==" crossorigin="anonymous" referrerpolicy="no-referrer" />
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/highlight.min.js" integrity="sha512-bgHRAiTjGrzHzLyKOnpFvaEpGzJet3z4tZnXGjpsCcqOnAH6VGUx9frc5bcIhKTVLEiCO6vEhNAgx5jtLUYrfA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/json.min.js" integrity="sha512-0xYvyncS9OLE7GOpNBZFnwyh9+bq4HVgk4yVVYI678xRvE22ASicF1v6fZ1UiST+M6pn17MzFZdvVCI3jTHSyw==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.7.0/languages/xml.min.js" integrity="sha512-5zBcw+OKRkaNyvUEPlTSfYylVzgpi7KpncY36b0gRudfxIYIH0q0kl2j26uCUB3YBRM6ytQQEZSgRg+ZlBTmdA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
@@ -16,6 +19,10 @@
 <!-- NeatJSON -->
 <script src="https://cdn.jsdelivr.net/npm/neatjson@0.10.5/javascript/neatjson.min.js"></script>
 
+<!-- Trix -->
+<link rel="stylesheet" type="text/css" href="https://unpkg.com/trix@2.0.0/dist/trix.css">
+<script type="text/javascript" src="https://unpkg.com/trix@2.0.0/dist/trix.umd.min.js"></script>
+
 <!-- Custom Style -->
 <style>
 /* Adjust headers to always take up their entire row, and tweak the sizing. */
@@ -28,19 +35,34 @@ h5 { font-size: 1.1rem; }
 h6 { font-size: 1rem; }
 
 /* Make code and code blocks a little nicer looking. */
+pre code {
+  display: block;
+  overflow-x: auto;
+}
 code {
   padding: .5em !important;
-  background-color: #f3f3f3 !important;
+  background-color: #2b2b2b !important;
   border: 1px solid #aaa;
   border-radius: 3px;
 }
 
-/* Make route group expansion obvious to the user. */
-.rrf-routes .rrf-route-group-header {
+/* Reduce label font size. */
+label.form-label {
+  font-size: .8em;
+}
+
+trix-editor:empty:not(:focus)::before {
+  pointer-events: none;
+}
+
+/* Make Trix buttons visible in the dark mode. */
+trix-toolbar .trix-button-group {
   background-color: #f8f8f8;
 }
+
+/* Make route group expansion obvious to the user. */
 .rrf-routes .rrf-route-group-header:hover {
-  background-color: #f0f0f0;
+  background-color: #333;
 }
 .rrf-routes .rrf-route-group-header td {
   cursor: pointer;
@@ -73,29 +95,34 @@ code {
 // What to do when document loads.
 document.addEventListener("DOMContentLoaded", (event) => {
   // Pretty-print JSON.
-  [...document.getElementsByClassName("language-json")].forEach((el, index) => {
+  document.querySelectorAll(".language-json").forEach((el, index) => {
     el.innerHTML = neatJSON(JSON.parse(el.innerText), {
       wrap: 80,
       afterComma: 1,
       afterColon: 1,
-    })
-  });
+    }).replaceAll("&", "&amp;")
+      .replaceAll("<", "&lt;")
+      .replaceAll(">", "&gt;")
+      .replaceAll('"', "&quot;")
+      .replaceAll("'", "&#039;")
+  })
 
   // Then highlight it.
-  hljs.highlightAll();
+  hljs.configure({cssSelector: "pre code.auto-hljs"})
+  hljs.highlightAll()
 
-  // Replace all text nodes with anchor tag links.
-  [...document.querySelectorAll(".rrf-copy code")].forEach((el, index) => {
+  // Replace text node links with anchor tag links.
+  document.querySelectorAll(".rrf-copy code").forEach((el, index) => {
     el.innerHTML = rrfLinkify(el.innerHTML)
-  });
+  })
 
   // Insert copy link and callback to copy contents of `<code>` element.
-  [...document.querySelectorAll("rrf-copy")].forEach((el, index) => {
+  document.querySelectorAll("rrf-copy").forEach((el, index) => {
     el.insertAdjacentHTML(
       "afterbegin",
       "<a class=\"rrf-copy-link\" onclick=\"return rrfCopyToClipboard(this)\" href=\"#\">Copy to Clipboard</a>",
     )
-  });
+  })
 })
 
 // Convert plain-text links to anchor tag links.
@@ -134,10 +161,10 @@ function rrfCopyToClipboard(element) {
   return false
 }
 
-// Refresh the window.
-function rrfRefresh(button) {
+// Refresh the window as a `GET` request.
+function rrfGet(button) {
   button.disabled = true
-  window.location.reload()
+  window.location.replace(window.location.href)
 }
 
 // Call `DELETE` on the current path.
@@ -158,11 +185,41 @@ function rrfSubmitRawForm(button) {
 
   // Grab the selected route/method, media type, and the body.
   const [method, path] = document.getElementById("rawFormRoute").value.split(":")
-  const media_type = document.getElementById("rawFormMediaType").value
-  const body = document.getElementById("rawFormContent").value
+  const mediaType = document.getElementById("rawFormMediaType").value
+  let body = document.getElementById("rawFormContent").value
+
+  // If the media type is `multipart/form-data`, then we need to build a FormData object.
+  if (mediaType == "multipart/form-data") {
+    let formData = new FormData()
+
+    // Add body to `formData`.
+    const bodySearchParams = new URLSearchParams(body)
+    bodySearchParams.forEach((value, key) => {
+      formData.append(key, value)
+    })
+
+    // Add file(s) to `formData`.
+    const rawFilesForm = document.getElementById("rawFilesForm")
+    if (rawFilesForm) {
+      rawFilesForm.querySelectorAll("input[type=file]").forEach((el, index) => {
+        const files = el.files
+        for (let i = 0; i < files.length; i++) {
+          formData.append(el.name, files[i])
+        }
+      })
+    }
+
+    // Set body to be the form data.
+    body = formData
+  }
 
   // Perform the API call.
-  rrfAPICall(path, method, {body, headers: {"Content-Type": media_type}})
+  rrfAPICall(path, method, {
+    body,
+    // If the media type is `multipart/form-data`, then we don't want to set the content type
+    // because it must be set by `fetch` to include boundary.
+    headers: mediaType == "multipart/form-data" ? {} : {"Content-Type": mediaType},
+  })
 }
 
 // Make an HTML API call and replace the document with the response.
@@ -174,4 +231,17 @@ function rrfAPICall(path, method, kwargs={}) {
     .then((response) => response.text())
     .then((body) => { rrfReplaceDocument(body) })
 }
+
+// Check if `rawFilesFormWrapper` should be displayed when media type is changed.
+function rrfCheckRawFilesFormDisplay(el) {
+  const rawFilesFormWrapper = document.getElementById("rawFilesFormWrapper")
+
+  if (rawFilesFormWrapper) {
+    if (el.value === "multipart/form-data") {
+      rawFilesFormWrapper.style.display = "block"
+    } else {
+      rawFilesFormWrapper.style.display = "none"
+    }
+  }
+}
 </script>

data/app/views/rest_framework/_html_form.html.erb

@@ -1,7 +1,59 @@
 <div style="max-width: 60em; margin: auto">
-  <%= render partial: "rest_framework/form_routes" %>
+  <div class="mb-2">
+    <label class="form-label w-100">Route
+      <select class="form-control form-control-sm" id="htmlFormRoute">
+        <% @_rrf_form_routes.each do |route| %>
+          <% path = @route_props[:with_path_args].call(route[:route]) %>
+          <option value="<%= route[:verb] %>:<%= path %>"><%= route[:verb] %> <%= route[:relative_path] %></option>
+        <% end %>
+      </select>
+    </label>
+  </div>
 
-  <%= form_for @ do |f| %>
-    <%= f.file_field :picture %>
+  <%= form_with(
+    model: @record,
+    url: "",
+    method: "PATCH",
+    id: "htmlForm",
+    scope: "",
+  ) do |form| %>
+    <% controller.get_fields.map(&:to_s).each do |f| %>
+      <%
+        # Don't provide form fields for associations or primary keys.
+        metadata = controller.class.fields_metadata[f]
+        next if !metadata || metadata[:kind] == "association" || metadata[:read_only]
+      %>
+      <div class="mb-2">
+        <% if metadata[:kind] == "rich_text" %>
+          <label class="form-label w-100"><%= controller.class.get_label(f) %></label>
+          <%= form.rich_text_area f %>
+        <% elsif metadata[:kind] == "attachment" %>
+          <label class="form-label w-100"><%= controller.class.get_label(f) %>
+            <%= form.file_field f, multiple: metadata.dig(:attachment, :macro) == :has_many_attached %>
+          </label>
+        <% else %>
+          <label class="form-label w-100"><%= controller.class.get_label(f) %>
+            <%= form.text_field f, class: "form-control form-control-sm" %>
+          </label>
+        <% end %>
+      </div>
+    <% end %>
+
+    <%= form.submit "Submit", name: "", class: "btn btn-primary", style: "float: right" %>
   <% end %>
+
+  <script>
+    // Update form anytime the route changes.
+    document.getElementById("htmlFormRoute").addEventListener("change", (event) => {
+      const [verb, path] = event.target.value.split(":")
+      const form = document.getElementById("htmlForm")
+      form.action = path
+      form.querySelector("input[name='_method']").value = verb
+    })
+
+    document.addEventListener("DOMContentLoaded", (event) => {
+      // Trigger the change event to update the form initially.
+      document.getElementById("htmlFormRoute").dispatchEvent(new Event("change"))
+    })
+  </script>
 </div>

data/app/views/rest_framework/_raw_form.html.erb

@@ -1,9 +1,18 @@
 <div style="max-width: 60em; margin: auto">
-  <%= render partial: "rest_framework/form_routes" %>
+  <div class="mb-2">
+    <label class="form-label w-100">Route
+      <select class="form-control form-control-sm" id="rawFormRoute">
+        <% @_rrf_form_routes.each do |route| %>
+          <% path = @route_props[:with_path_args].call(route[:route]) %>
+          <option value="<%= route[:verb] %>:<%= path %>"><%= route[:verb] %> <%= route[:relative_path] %></option>
+        <% end %>
+      </select>
+    </label>
+  </div>
 
   <div class="mb-2">
     <label class="form-label w-100">Media Type
-      <select class="form-control" id="rawFormMediaType">
+      <select class="form-control form-control-sm" id="rawFormMediaType" onchange="rrfCheckRawFilesFormDisplay(this)">
         <% ["application/json", "application/x-www-form-urlencoded", "multipart/form-data"].each do |t| %>
           <option value="<%= t %>"><%= t %></option>
         <% end %>
@@ -13,9 +22,28 @@
 
   <div class="mb-2">
     <label class="form-label w-100">Content
-      <textarea class="form-control" style="font-family: monospace" id="rawFormContent" rows="8" cols="60"></textarea>
+      <textarea class="form-control form-control-sm" style="font-family: monospace" id="rawFormContent" rows="8" cols="60"></textarea>
     </label>
   </div>
 
+  <% if @is_model_controller && model = controller.class.get_model %>
+    <% if attachment_reflections = model.attachment_reflections.presence %>
+      <div class="mb-2" style="display: none" id="rawFilesFormWrapper">
+        <%= form_with(
+          model: @record,
+          url: "",
+          id: "rawFilesForm",
+          scope: "",
+        ) do |form| %>
+          <% attachment_reflections.each do |field, ref| %>
+            <label class="form-label w-100"><%= controller.class.get_label(field) %>
+              <%= form.file_field field, multiple: ref.macro == :has_many_attached %>
+            </label>
+          <% end %>
+        <% end %>
+      </div>
+    <% end %>
+  <% end %>
+
   <button type="button" class="btn btn-primary" style="float: right" onclick="rrfSubmitRawForm(this)">Submit</button>
 </div>

data/lib/rest_framework/controller_mixins/base.rb

@@ -8,8 +8,16 @@ require_relative "../utils"
 module RESTFramework::BaseControllerMixin
   RRF_BASE_CONTROLLER_CONFIG = {
     filter_pk_from_request_body: true,
-    exclude_body_fields: [
-      :created_at, :created_by, :created_by_id, :updated_at, :updated_by, :updated_by_id
+    exclude_body_fields: %w[
+      created_at
+      created_by
+      created_by_id
+      updated_at
+      updated_by
+      updated_by_id
+      _method
+      utf8
+      authenticity_token
     ].freeze,
     extra_actions: nil,
     extra_member_actions: nil,
@@ -323,7 +331,6 @@ module RESTFramework::BaseControllerMixin
             @json_payload = payload.to_json if self.class.serialize_to_json
             @xml_payload = payload.to_xml if self.class.serialize_to_xml
           end
-          @template_logo_text ||= "Rails REST Framework"
           @title ||= self.class.get_title
           @description ||= self.class.description
           @route_props, @route_groups = RESTFramework::Utils.get_routes(

data/lib/rest_framework/controller_mixins/models.rb

@@ -3,6 +3,15 @@ require_relative "../filters"
 
 # This module provides the core functionality for controllers based on models.
 module RESTFramework::BaseModelControllerMixin
+  BASE64_REGEX = /data:(.*);base64,(.*)/
+  BASE64_TRANSLATE = ->(field, value) {
+    _, content_type, payload = value.match(BASE64_REGEX).to_a
+    return {
+      io: StringIO.new(Base64.decode64(payload)),
+      content_type: content_type,
+      filename: "image_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
+    }
+  }
   include RESTFramework::BaseControllerMixin
 
   RRF_BASE_MODEL_CONTROLLER_CONFIG = {
@@ -89,20 +98,18 @@ module RESTFramework::BaseModelControllerMixin
       return self.get_model.human_attribute_name(s, default: super)
     end
 
-    # Get the available fields. Returning `nil` indicates that anything should be accepted. If
-    # `fallback` is true, then we should fallback to this controller's model columns, or an empty
-    # array. This should always return an array of strings, no symbols, and possibly `nil` (only if
-    # `fallback` is false).
-    def get_fields(input_fields: nil, fallback: true)
-      input_fields ||= self.fields if fallback
+    # Get the available fields. Fallback to this controller's model columns, or an empty array. This
+    # should always return an array of strings.
+    def get_fields(input_fields: nil)
+      input_fields ||= self.fields
 
       # If fields is a hash, then parse it.
       if input_fields.is_a?(Hash)
         return RESTFramework::Utils.parse_fields_hash(
           input_fields, self.get_model, exclude_associations: self.exclude_associations
         )
-      elsif !input_fields && fallback
-        # Otherwise, if fields is nil and fallback is true, then fallback to columns.
+      elsif !input_fields
+        # Otherwise, if fields is nil, then fallback to columns.
         model = self.get_model
         return model ? RESTFramework::Utils.fields_for(
           model, exclude_associations: self.exclude_associations
@@ -148,7 +155,9 @@ module RESTFramework::BaseModelControllerMixin
     end
 
     # Get metadata about the resource's fields.
-    def get_fields_metadata
+    def fields_metadata
+      return @_fields_metadata if @_fields_metadata
+
       # Get metadata sources.
       model = self.get_model
       fields = self.get_fields.map(&:to_s)
@@ -156,8 +165,14 @@ module RESTFramework::BaseModelControllerMixin
       column_defaults = model.column_defaults
       reflections = model.reflections
       attributes = model._default_attributes
-
-      return fields.map { |f|
+      readonly_attributes = model.readonly_attributes
+      exclude_body_fields = self.exclude_body_fields.map(&:to_s)
+      rich_text_association_names = model.reflect_on_all_associations(:has_one)
+        .collect(&:name)
+        .select { |n| n.to_s.start_with?("rich_text_") }
+      attachment_reflections = model.attachment_reflections
+
+      return @_fields_metadata = fields.map { |f|
         # Initialize metadata to make the order consistent.
         metadata = {
           type: nil,
@@ -173,6 +188,11 @@ module RESTFramework::BaseModelControllerMixin
           metadata[:primary_key] = true
         end
 
+        # Determine if the field is a read-only attribute.
+        if metadata[:primary_key] || f.in?(readonly_attributes) || f.in?(exclude_body_fields)
+          metadata[:read_only] = true
+        end
+
         # Determine `type`, `required`, `label`, and `kind` based on schema.
         if column = columns[f]
           metadata[:kind] = "column"
@@ -249,9 +269,22 @@ module RESTFramework::BaseModelControllerMixin
           }.compact
         end
 
+        # Determine if this is an ActionText "rich text".
+        if :"rich_text_#{f}".in?(rich_text_association_names)
+          metadata[:kind] = "rich_text"
+        end
+
+        # Determine if this is an ActiveStorage attachment.
+        if ref = attachment_reflections[f]
+          metadata[:kind] = "attachment"
+          metadata[:attachment] = {
+            macro: ref.macro,
+          }
+        end
+
         # Determine if this is just a method.
-        if model.method_defined?(f)
-          metadata[:kind] ||= "method"
+        if !metadata[:kind] && model.method_defined?(f)
+          metadata[:kind] = "method"
         end
 
         # Collect validator options into a hash on their type, while also updating `required` based
@@ -290,7 +323,8 @@ module RESTFramework::BaseModelControllerMixin
     def get_options_metadata
       return super.merge(
         {
-          fields: self.get_fields_metadata,
+          primary_key: self.get_model.primary_key,
+          fields: self.fields_metadata,
           callbacks: self._process_action_callbacks.as_json,
         },
       )
@@ -377,9 +411,9 @@ module RESTFramework::BaseModelControllerMixin
   end
 
   # Get a list of fields, taking into account the current action.
-  def get_fields(fallback: false)
+  def get_fields
     fields = self._get_specific_action_config(:action_fields, :fields)
-    return self.class.get_fields(input_fields: fields, fallback: fallback)
+    return self.class.get_fields(input_fields: fields)
   end
 
   # Pass fields to get dynamic metadata based on which fields are available.
@@ -387,14 +421,12 @@ module RESTFramework::BaseModelControllerMixin
     return self.class.get_options_metadata
   end
 
-  # Get a list of find_by fields for the current action. Do not fallback to columns in case the user
-  # wants to find by virtual columns.
+  # Get a list of find_by fields for the current action.
   def get_find_by_fields
-    return self.class.find_by_fields || self.get_fields
+    return self.class.find_by_fields
   end
 
-  # Get a list of parameters allowed for the current action. By default we do not fallback to
-  # columns so arbitrary fields can be submitted if no fields are defined.
+  # Get a list of parameters allowed for the current action.
   def get_allowed_parameters
     return @_get_allowed_parameters if defined?(@_get_allowed_parameters)
 
@@ -403,35 +435,54 @@ module RESTFramework::BaseModelControllerMixin
       :allowed_parameters,
     )
     return @_get_allowed_parameters if @_get_allowed_parameters
-    return @_get_allowed_parameters = nil unless fields = self.get_fields
 
     # For fields, automatically add `_id`/`_ids` and `_attributes` variations for associations.
-    id_variations = []
-    variations = {}
-    @_get_allowed_parameters = fields.map { |f|
+    variations = []
+    hash_variations = {}
+    reflections = self.class.get_model.reflections
+    @_get_allowed_parameters = self.get_fields.map { |f|
       f = f.to_s
-      next f unless ref = self.class.get_model.reflections[f]
+
+      # ActiveStorage Integration: `has_one_attached`.
+      if reflections.key?("#{f}_attachment")
+        next f
+      end
+
+      # ActiveStorage Integration: `has_many_attached`.
+      if reflections.key?("#{f}_attachments")
+        hash_variations[f] = []
+        next nil
+      end
+
+      # ActionText Integration.
+      if reflections.key?("rich_test_#{f}")
+        next f
+      end
+
+      # Return field if it's not an association.
+      next f unless ref = reflections[f]
 
       if self.class.permit_id_assignment
         if ref.collection?
-          variations["#{f.singularize}_ids"] = []
+          hash_variations["#{f.singularize}_ids"] = []
         elsif ref.belongs_to?
-          id_variations << "#{f}_id"
+          variations << "#{f}_id"
         end
       end
 
       if self.class.permit_nested_attributes_assignment
         if self.class.allow_all_nested_attributes
-          variations["#{f}_attributes"] = {}
+          hash_variations["#{f}_attributes"] = {}
         else
-          variations["#{f}_attributes"] = self.class.get_field_config(f)[:sub_fields]
+          hash_variations["#{f}_attributes"] = self.class.get_field_config(f)[:sub_fields]
         end
       end
 
-      next f
-    }.flatten
-    @_get_allowed_parameters += id_variations
-    @_get_allowed_parameters << variations
+      # Associations are not allowed to be submitted in their bare form.
+      next nil
+    }.compact
+    @_get_allowed_parameters += variations
+    @_get_allowed_parameters << hash_variations
     return @_get_allowed_parameters
   end
 
@@ -454,14 +505,8 @@ module RESTFramework::BaseModelControllerMixin
   def get_body_params(data: nil)
     data ||= request.request_parameters
 
-    # Filter the request body and map to strings. Return all params if we cannot resolve a list of
-    # allowed parameters or fields.
-    body_params = if allowed_parameters = self.get_allowed_parameters
-      data = ActionController::Parameters.new(data)
-      data.permit(*allowed_parameters)
-    else
-      data
-    end
+    # Filter the request body with strong params.
+    body_params = ActionController::Parameters.new(data).permit(*self.get_allowed_parameters)
 
     # Filter primary key if configured.
     if self.class.filter_pk_from_request_body
@@ -471,6 +516,27 @@ module RESTFramework::BaseModelControllerMixin
     # Filter fields in `exclude_body_fields`.
     (self.class.exclude_body_fields || []).each { |f| body_params.delete(f) }
 
+    # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
+    #
+    # rubocop:disable Layout/LineLength
+    #
+    # Good example base64 image:
+    #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAApgAAAKYB3X3/OAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAANCSURBVEiJtZZPbBtFFMZ/M7ubXdtdb1xSFyeilBapySVU8h8OoFaooFSqiihIVIpQBKci6KEg9Q6H9kovIHoCIVQJJCKE1ENFjnAgcaSGC6rEnxBwA04Tx43t2FnvDAfjkNibxgHxnWb2e/u992bee7tCa00YFsffekFY+nUzFtjW0LrvjRXrCDIAaPLlW0nHL0SsZtVoaF98mLrx3pdhOqLtYPHChahZcYYO7KvPFxvRl5XPp1sN3adWiD1ZAqD6XYK1b/dvE5IWryTt2udLFedwc1+9kLp+vbbpoDh+6TklxBeAi9TL0taeWpdmZzQDry0AcO+jQ12RyohqqoYoo8RDwJrU+qXkjWtfi8Xxt58BdQuwQs9qC/afLwCw8tnQbqYAPsgxE1S6F3EAIXux2oQFKm0ihMsOF71dHYx+f3NND68ghCu1YIoePPQN1pGRABkJ6Bus96CutRZMydTl+TvuiRW1m3n0eDl0vRPcEysqdXn+jsQPsrHMquGeXEaY4Yk4wxWcY5V/9scqOMOVUFthatyTy8QyqwZ+kDURKoMWxNKr2EeqVKcTNOajqKoBgOE28U4tdQl5p5bwCw7BWquaZSzAPlwjlithJtp3pTImSqQRrb2Z8PHGigD4RZuNX6JYj6wj7O4TFLbCO/Mn/m8R+h6rYSUb3ekokRY6f/YukArN979jcW+V/S8g0eT/N3VN3kTqWbQ428m9/8k0P/1aIhF36PccEl6EhOcAUCrXKZXXWS3XKd2vc/TRBG9O5ELC17MmWubD2nKhUKZa26Ba2+D3P+4/MNCFwg59oWVeYhkzgN/JDR8deKBoD7Y+ljEjGZ0sosXVTvbc6RHirr2reNy1OXd6pJsQ+gqjk8VWFYmHrwBzW/n+uMPFiRwHB2I7ih8ciHFxIkd/3Omk5tCDV1t+2nNu5sxxpDFNx+huNhVT3/zMDz8usXC3ddaHBj1GHj/As08fwTS7Kt1HBTmyN29vdwAw+/wbwLVOJ3uAD1wi/dUH7Qei66PfyuRj4Ik9is+hglfbkbfR3cnZm7chlUWLdwmprtCohX4HUtlOcQjLYCu+fzGJH2QRKvP3UNz8bWk1qMxjGTOMThZ3kvgLI5AzFfo379UAAAAASUVORK5CYII=
+    #
+    # rubocop:enable Layout/LineLength
+    self.class.get_model.attachment_reflections.keys.each do |k|
+      next unless (body_params[k].is_a?(String) && body_params[k].match?(BASE64_REGEX)) ||
+        (body_params[k].is_a?(Array) && body_params[k].all? { |v|
+          v.is_a?(String) && v.match?(BASE64_REGEX)
+        })
+
+      if body_params[k].is_a?(Array)
+        body_params[k] = body_params[k].map { |v| BASE64_TRANSLATE.call(k, v) }
+      else
+        body_params[k] = BASE64_TRANSLATE.call(k, body_params[k])
+      end
+    end
+
     return body_params
   end
   alias_method :get_create_params, :get_body_params
@@ -492,8 +558,18 @@ module RESTFramework::BaseModelControllerMixin
 
   # Get the recordset but with any associations included to avoid N+1 queries.
   def get_recordset_with_includes
-    reflections = self.class.get_model.reflections.keys
-    associations = self.get_fields(fallback: true).select { |f| f.in?(reflections) }
+    reflections = self.class.get_model.reflections
+    associations = self.get_fields.map { |f|
+      if reflections.key?(f)
+        f.to_sym
+      elsif reflections.key?("rich_text_#{f}")
+        :"rich_text_#{f}"
+      elsif reflections.key?("#{f}_attachment")
+        :"#{f}_attachment"
+      elsif reflections.key?("#{f}_attachments")
+        :"#{f}_attachments"
+      end
+    }.compact
 
     if associations.any?
       return self.get_recordset.includes(associations)

data/lib/rest_framework/filters.rb

@@ -11,11 +11,10 @@ end
 # A simple filtering backend that supports filtering a recordset based on fields defined on the
 # controller class.
 class RESTFramework::ModelFilter < RESTFramework::BaseFilter
-  # Get a list of filterset fields for the current action. Fallback to columns because we don't want
-  # to try filtering by any query parameter because that could clash with other query parameters.
+  # Get a list of filterset fields for the current action.
   def _get_fields
     # Always return a list of strings; `@controller.get_fields` already does this.
-    return @controller.class.filterset_fields&.map(&:to_s) || @controller.get_fields(fallback: true)
+    return @controller.class.filterset_fields&.map(&:to_s) || @controller.get_fields
   end
 
   # Filter params for keys allowed by the current action's filterset_fields/fields config.
@@ -64,8 +63,7 @@ end
 
 # A filter backend which handles ordering of the recordset.
 class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
-  # Get a list of ordering fields for the current action. Do not fallback to columns in case the
-  # user wants to order by a virtual column.
+  # Get a list of ordering fields for the current action.
   def _get_fields
     return @controller.class.ordering_fields&.map(&:to_s) || @controller.get_fields
   end
@@ -88,7 +86,8 @@ class RESTFramework::ModelOrderingFilter < RESTFramework::BaseFilter
           column = field
           direction = :asc
         end
-        next unless !fields || column.in?(fields)
+
+        next if !column.in?(fields) && column.split(".").first.in?(fields)
 
         ordering[column] = direction
       end
@@ -113,15 +112,14 @@ end
 
 # Multi-field text searching on models.
 class RESTFramework::ModelSearchFilter < RESTFramework::BaseFilter
-  # Get a list of search fields for the current action. Fallback to columns but only grab a few
-  # common string-like columns by default.
+  # Get a list of search fields for the current action.
   def _get_fields
     if search_fields = @controller.class.search_fields
       return search_fields&.map(&:to_s)
     end
 
     columns = @controller.class.get_model.column_names
-    return @controller.get_fields(fallback: true).select { |f|
+    return @controller.get_fields.select { |f|
       f.in?(RESTFramework.config.search_columns) && f.in?(columns)
     }
   end

data/lib/rest_framework/serializers.rb

@@ -219,13 +219,18 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     includes = {}
     methods = []
     serializer_methods = {}
+
+    column_names = @model.column_names
+    reflections = @model.reflections
+    attachment_reflections = @model.attachment_reflections
+
     fields.each do |f|
       field_config = @controller.class.get_field_config(f)
       next if field_config[:write_only]
 
-      if f.in?(@model.column_names)
+      if f.in?(column_names)
         columns << f
-      elsif ref = @model.reflections[f]
+      elsif ref = reflections[f]
         sub_columns = []
         sub_methods = []
         field_config[:sub_fields].each do |sf|
@@ -242,9 +247,8 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
           # If we need to limit the number of serialized association records, then dynamically add a
           # serializer method to do so.
           if limit = self._get_associations_limit
-            method_name = "__rrf_limit_method_#{f}"
-            serializer_methods[method_name] = f
-            self.define_singleton_method(method_name) do |record|
+            serializer_methods[f] = f
+            self.define_singleton_method(f) do |record|
               next record.send(f).limit(limit).as_json(**sub_config)
             end
           else
@@ -253,8 +257,8 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
 
           # If we need to include the association count, then add it here.
           if @controller.class.native_serializer_include_associations_count
-            method_name = "__rrf_count_method_#{f}"
-            serializer_methods[method_name] = "#{f}.count"
+            method_name = "#{f}.count"
+            serializer_methods[method_name] = method_name
             self.define_singleton_method(method_name) do |record|
               next record.send(f).count
             end
@@ -262,6 +266,24 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
         else
           includes[f] = sub_config
         end
+      elsif ref = reflections["rich_text_#{f}"]
+        # ActionText Integration: Define rich text serializer method.
+        serializer_methods[f] = f
+        self.define_singleton_method(f) do |record|
+          next record.send(f).to_s
+        end
+      elsif ref = attachment_reflections[f]
+        # ActiveStorage Integration: Define attachment serializer method.
+        serializer_methods[f] = f
+        if ref.macro == :has_one_attached
+          self.define_singleton_method(f) do |record|
+            next record.send(f).attachment&.url
+          end
+        else
+          self.define_singleton_method(f) do |record|
+            next record.send(f).map { |x| x.attachment&.url }
+          end
+        end
       elsif @model.method_defined?(f)
         methods << f
       end
@@ -272,9 +294,10 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     }
   end
 
-  # Get the raw serializer config. Use `deep_dup` on any class mutables (array, hash, etc) to avoid
-  # mutating class state.
-  def _get_raw_serializer_config
+  # Get the raw serializer config, prior to any adjustments from the request.
+  #
+  # Use `deep_dup` on any class mutables (array, hash, etc) to avoid mutating class state.
+  def get_raw_serializer_config
     # Return a locally defined serializer config if one is defined.
     if local_config = self.get_local_native_serializer_config
       return local_config.deep_dup
@@ -286,7 +309,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
     end
 
     # If the config wasn't determined, build a serializer config from controller fields.
-    if @model && fields = @controller&.get_fields(fallback: true)
+    if @model && fields = @controller&.get_fields
       return self._get_controller_serializer_config(fields.deep_dup)
     end
 
@@ -296,7 +319,7 @@ class RESTFramework::NativeSerializer < RESTFramework::BaseSerializer
 
   # Get a configuration passable to `serializable_hash` for the object, filtered if required.
   def get_serializer_config
-    return filter_from_request(self._get_raw_serializer_config)
+    return filter_from_request(self.get_raw_serializer_config)
   end
 
   # Serialize a single record and merge results of `serializer_methods`.

data/lib/rest_framework/utils.rb

@@ -180,7 +180,12 @@ module RESTFramework::Utils
     return model.column_names.reject { |c|
       c.in?(foreign_keys)
     } + model.reflections.map { |association, ref|
-      # Exclude certain associations (by default, active storage and action text associations).
+      # Ignore associations for which we have custom integrations.
+      if ref.class_name.in?(%w(ActiveStorage::Attachment ActiveStorage::Blob ActionText::RichText))
+        next nil
+      end
+
+      # Exclude user-specified associations.
       if ref.class_name.in?(RESTFramework.config.exclude_association_classes)
         next nil
       end
@@ -192,7 +197,11 @@ module RESTFramework::Utils
       end
 
       next association
-    }.compact
+    }.compact + model.reflect_on_all_associations(:has_one).collect(&:name).select { |n|
+      n.to_s.start_with?("rich_text_")
+    }.map { |n|
+      n.to_s.delete_prefix("rich_text_")
+    } + model.attachment_reflections.keys
   end
 
   # Get the sub-fields that may be serialized and filtered/ordered for a reflection.

data/lib/rest_framework/version.rb

@@ -28,7 +28,10 @@ module RESTFramework
     end
 
     def self.stamp_version
-      File.write(VERSION_FILEPATH, RESTFramework::VERSION)
+      # Only stamp the version if it's not unknown.
+      if RESTFramework::VERSION != "0.unknown"
+        File.write(VERSION_FILEPATH, RESTFramework::VERSION)
+      end
     end
 
     def self.unstamp_version

data/lib/rest_framework.rb

@@ -21,11 +21,7 @@ module RESTFramework
   # Global configuration should be kept minimal, as controller-level configurations allows multiple
   # APIs to be defined to behave differently.
   class Config
-    DEFAULT_EXCLUDE_ASSOCIATION_CLASSES = %w(
-      ActionText::RichText
-      ActiveStorage::Attachment
-      ActiveStorage::Blob
-    ).freeze
+    DEFAULT_EXCLUDE_ASSOCIATION_CLASSES = [].freeze
     DEFAULT_LABEL_FIELDS = %w(name label login title email username url).freeze
     DEFAULT_SEARCH_COLUMNS = DEFAULT_LABEL_FIELDS + %w(description note).freeze
 
@@ -78,9 +74,7 @@ module RESTFramework
   end
 
   def self.features
-    return @features ||= {
-      html_forms: false,
-    }
+    return @features ||= {}
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rest_framework
 version: !ruby/object:Gem::Version
-  version: 0.8.15
+  version: 0.8.16
 platform: ruby
 authors:
 - Gregory N. Schmit
-autorequire:
+autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-03 00:00:00.000000000 Z
+date: 2023-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -35,7 +35,6 @@ files:
 - README.md
 - VERSION
 - app/views/layouts/rest_framework.html.erb
-- app/views/rest_framework/_form_routes.html.erb
 - app/views/rest_framework/_head.html.erb
 - app/views/rest_framework/_html_form.html.erb
 - app/views/rest_framework/_raw_form.html.erb
@@ -62,7 +61,7 @@ licenses:
 metadata:
   homepage_uri: https://rails-rest-framework.com
   source_code_uri: https://github.com/gregschmit/rails-rest-framework
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -79,7 +78,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.2.33
-signing_key:
+signing_key: 
 specification_version: 4
 summary: A framework for DRY RESTful APIs in Ruby on Rails.
 test_files: []

data/app/views/rest_framework/_form_routes.html.erb

@@ -1,10 +0,0 @@
-<div class="mb-2">
-  <label class="form-label w-100">Route
-    <select class="form-control" id="rawFormRoute">
-      <% @_rrf_form_routes.each do |route| %>
-        <% path = @route_props[:with_path_args].call(route[:route]) %>
-        <option value="<%= route[:verb] %>:<%= path %>"><%= route[:verb] %> <%= route[:relative_path] %></option>
-      <% end %>
-    </select>
-  </label>
-</div>