restme 1.2.1 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9a2a5ee870751a00ca5907e773e8d1aaf34fefd68c66bdcbbd42a0809d38ca19
-  data.tar.gz: 8ef1ff2ab867c127615d53fa903808cc5579f961204cc9ff9306f217f1c7e4ae
+  metadata.gz: a2993fdfed0cd616219142038db44085a76bd4f24e10f4ea758947527613a8d5
+  data.tar.gz: 8fa26f48ba3c9fab9bb72d95217e809245b8e0c22aa8aabee009a5aa9d340c60
 SHA512:
-  metadata.gz: 062df3cf4301fad020426e57ee07eb373ab2751c03f6aed5928e32db4988f8283c4e20254c993515d617dbb4b1e581eae2492aad4aecb0fd2610b0cc38c3afbe
-  data.tar.gz: ade0cf78bcce6e49a3ecdeb2eb54513c7761c28bce0df20cdd1630bf61393962b68eb9394bdb6eb5e20c9ff04d619ad94932de1a3218ef1578321ca0ecce9fa0
+  metadata.gz: f5b0089277d026cd4580caabe24402c690db46ba2631cdb12c55f4d51a8166a2afc728f82200a6c8c6fabb49b9b3077d163d6aac9697a2aa1d791dbddacb9115
+  data.tar.gz: 0d3525d0dbb9a0795396a96e681890698b3ba4bb6e646732880218b5aa378e00714f3125d54e6d656cc9c3f6242fa8aaa14f3c61451b936fac308d7ac0f25ebe

data/Dockerfile

@@ -15,6 +15,8 @@ RUN mkdir -p $APP_HOME
 WORKDIR $APP_HOME
 
 ADD Gemfile* $APP_HOME/
+ADD restme.gemspec $APP_HOME/
+ADD lib/restme/version.rb $APP_HOME/lib/restme/version.rb
 
 RUN chown -R $(whoami):$(whoami) $APP_HOME
 

data/README.md

@@ -16,7 +16,7 @@ This gem manages your controller's responsibilities for:
 
 GEMFILE:
 ```bash
-gem 'restme', '~> 1.2'
+gem 'restme', '~> 1.3.0'
 ```
 
 INSTALL:
@@ -57,6 +57,31 @@ Restme.configure do |config|
 end
 ```
 
+`current_user_variable`
+
+Defines the name of the method used to access the currently authenticated user within the controller context.
+This should match the method that returns the logged-in user (for example, :current_user when using authentication libraries like Devise).
+Represent the the field where the role of user is (can be one or many rules)
+
+`user_role_field`
+
+Defines the attribute on the user model that represents the user's role.
+This field is used to determine authorization rules and may support single or multiple roles, depending on your application's implementation.
+
+`pagination_default_per_page`
+
+Specifies the default number of records returned per page when pagination parameters are not explicitly provided in the request.
+
+`pagination_default_page`
+
+Specifies the default page number used when the request does not include a page parameter.
+
+`pagination_max_per_page`
+
+Defines the maximum number of records allowed per page.
+This acts as a safety limit to prevent clients from requesting excessively large result sets, helping protect application performance and resource usage.
+
+
 <br>
 
 
@@ -209,6 +234,11 @@ This rule defines which nested_fields are selectable (nested fields are model re
 ```ruby
 module ProductsController::Field
   class Rules
+   # Defines the default fields that will be automatically selected
+   # in queries when no explicit field selection is provided.
+   # These fields are always included in the response.
+   MODEL_FIELDS_SELECT = %i[id].freeze
+
     NESTED_SELECTABLE_FIELDS = {
       unit: {},
       establishment: {},
@@ -288,8 +318,6 @@ There are two query parameters available to control pagination:
 - `per_page`: Defines the number of items per page.
 - `page`: Sets the current page number.
 
-ℹ️ **Note:** The maximum number of items per page is currently limited to 100.
-
 Example usage:
 
 ```bash

data/lib/restme/authorize/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 
 module Restme
@@ -8,7 +8,7 @@ module Restme
     # Defines the rules used to authotize user
     module Rules
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       def user_authorized?
         return true if restme_current_user.blank? || authorize?
@@ -19,8 +19,7 @@ module Restme
       end
 
       def authorize?
-        allowed_roles_actions[action_name.to_sym]
-          &.include?(restme_current_user_role&.to_sym)
+        (allowed_roles_actions & restme_current_user_roles)&.any?
       end
 
       def authorize_errors
@@ -35,9 +34,9 @@ module Restme
       end
 
       def allowed_roles_actions
-        return {} unless authorize_rules_class&.const_defined?(:ALLOWED_ROLES_ACTIONS)
+        return [] unless authorize_rules_class&.const_defined?(:ALLOWED_ROLES_ACTIONS)
 
-        authorize_rules_class::ALLOWED_ROLES_ACTIONS
+        authorize_rules_class::ALLOWED_ROLES_ACTIONS[action_name.to_sym] || []
       end
 
       def authorize_rules_class

data/lib/restme/create/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 
@@ -10,7 +10,7 @@ module Restme
     module Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       attr_reader :create_temp_record
 
@@ -34,7 +34,7 @@ module Restme
       end
 
       def restme_create_status
-        return :unprocessable_entity if create_record_errors
+        return :unprocessable_content if create_record_errors
 
         :created
       end
@@ -64,9 +64,13 @@ module Restme
       def createable_scope?
         return true unless restme_current_user
 
-        method_scope = "#{creatable_current_action}_#{restme_current_user_role}_scope?"
+        restme_create_methods_scopes.any? { |method_scope| create_rules_class.try(method_scope) }
+      end
 
-        create_rules_class.try(method_scope) || false
+      def restme_create_methods_scopes
+        @restme_create_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{creatable_current_action}_#{restme_role}_scope?"
+        end
       end
 
       def createable_object_errors_messages
@@ -78,7 +82,7 @@ module Restme
       end
 
       def creatable_current_action
-        return true unless restme_current_user
+        return unless create_rules_class
 
         current_action.presence_in create_rules_class.class::CREATABLE_ACTIONS_RULES
       rescue StandardError

data/lib/restme/scope/field/rules.rb

@@ -19,6 +19,10 @@ module Restme
           scoped = select_nested_scope(scoped) if valid_nested_fields_select
 
           insert_attachments(scoped)
+        rescue ActiveModel::MissingAttributeError => e
+          restme_scope_errors({ body: model_fields_select, message: e.message })
+
+          restme_scope_status(:bad_request)
         end
 
         def select_nested_scope(scoped)
@@ -26,19 +30,29 @@ module Restme
         end
 
         def select_any_field?
-          fields_select || nested_fields_select || attachment_fields_select
+          defined_fields_select || fields_select || nested_fields_select || attachment_fields_select
         end
 
         def model_fields_select
-          @model_fields_select ||= begin
-            fields = fields_select&.split(",")
-            fields = fields&.map { |field| "#{klass.table_name}.#{field}" }&.join(",")
-            fields || model_attributes
+          @model_fields_select ||= select_selected_fields.presence || model_attributes
+        end
+
+        def select_selected_fields
+          @select_selected_fields ||= begin
+            fields = defined_fields_select | fields_select.split(",")
+
+            fields.map { |field| "#{klass.table_name}.#{field}" }.join(",")
           end
         end
 
         def model_attributes
-          @model_attributes ||= klass.new.attributes.keys
+          @model_attributes ||= klass.attribute_names
+        end
+
+        def defined_fields_select
+          return [] unless field_class_rules&.const_defined?(:MODEL_FIELDS_SELECT)
+
+          field_class_rules::MODEL_FIELDS_SELECT || []
         end
 
         def valid_nested_fields_select
@@ -75,7 +89,7 @@ module Restme
         end
 
         def fields_select
-          @fields_select ||= controller_query_params[:fields_select]
+          @fields_select ||= controller_query_params[:fields_select] || ""
         end
 
         def nested_fields_select

data/lib/restme/scope/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 require_relative "filter/rules"
@@ -20,9 +20,9 @@ module Restme
       include ::Restme::Scope::Filter::Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
-      attr_reader :sortable_scope_response, :paginable_scope_response
+      attr_reader :filterable_scope_response
       attr_writer :restme_scope_errors, :restme_scope_status
 
       SCOPE_ERROR_METHODS = %i[
@@ -33,12 +33,16 @@ module Restme
       ].freeze
 
       def pagination_response
-        @pagination_response ||= restme_pagination_response
+        @pagination_response ||= begin
+          prepare_model_scope
+
+          restme_scope_errors.presence || restme_pagination_response
+        end
       end
 
       def model_scope_object
         @model_scope_object ||= begin
-          model_scope unless any_scope_errors.present?
+          prepare_model_scope
 
           restme_scope_errors.presence || model_scope.first
         end
@@ -47,14 +51,16 @@ module Restme
       private
 
       def restme_pagination_response
-        any_scope_errors
-
-        restme_scope_errors.presence || {
+        {
           objects: model_scope,
           pagination: pagination
         }
       end
 
+      def prepare_model_scope
+        model_scope if any_scope_errors.blank?
+      end
+
       def any_scope_errors
         SCOPE_ERROR_METHODS.each { |m| send(m) }
 
@@ -84,20 +90,31 @@ module Restme
       end
 
       def custom_scope
-        return filterable_scope_response if filterable_scope_response.blank?
+        @filterable_scope_response = filterable_scope(user_scope)
 
-        @sortable_scope_response = sortable_scope(filterable_scope_response)
-        @paginable_scope_response = paginable_scope(sortable_scope_response)
+        scope = sortable_scope(filterable_scope_response)
+        scope = paginable_scope(scope)
 
-        fieldable_scope(paginable_scope_response)
+        fieldable_scope(scope)
       end
 
-      def filterable_scope_response
-        @filterable_scope_response ||= filterable_scope(user_scope)
+      def user_scope
+        @user_scope ||= none_user_scope || process_user_scope || none_scope
       end
 
-      def user_scope
-        @user_scope ||= none_user_scope || scope_rules_class.try(method_scope) || none_scope
+      def process_user_scope
+        scopes = user_scope_methods.map { |m| scope_rules_class.try(m) }
+
+        processed_scope = scopes.reduce { |combined, s| combined.or(s) }
+
+        user_scope_methods.many? ? processed_scope&.distinct : processed_scope
+      end
+
+      def user_scope_methods
+        @user_scope_methods ||=
+          restme_methods_scopes.select do |method_scope|
+            scope_rules_class.respond_to?(method_scope)
+          end
       end
 
       def none_user_scope
@@ -108,8 +125,10 @@ module Restme
         klass.none
       end
 
-      def method_scope
-        "#{restme_current_user_role}_scope"
+      def restme_methods_scopes
+        @restme_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{restme_role}_scope"
+        end
       end
 
       def scope_rules_class

data/lib/restme/shared/restme_current_user_roles.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Restme
+  module Shared
+    # Returns the roles associated with the user, always normalized as an Array of symbols.
+    module RestmeCurrentUserRoles
+      def restme_current_user_roles
+        Array.wrap(user_roles).map do |role|
+          role.respond_to?(:to_sym) ? role.to_sym : role.to_s.to_sym
+        end
+      end
+
+      def user_roles
+        @user_roles ||= restme_current_user&.try(::Restme::Configuration.user_role_field)
+      end
+    end
+  end
+end

data/lib/restme/update/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 
@@ -10,7 +10,7 @@ module Restme
     module Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       attr_reader :update_temp_record
 
@@ -36,7 +36,7 @@ module Restme
       end
 
       def restme_update_status
-        return :unprocessable_entity if update_record_errors
+        return :unprocessable_content if update_record_errors
 
         :ok
       end
@@ -74,9 +74,13 @@ module Restme
       def updateable_scope?
         return true unless restme_current_user
 
-        method_scope = "#{updateable_current_action}_#{restme_current_user_role}_scope?"
+        restme_update_methods_scopes.any? { |method_scope| update_rules_class.try(method_scope) }
+      end
 
-        update_rules_class.try(method_scope) || false
+      def restme_update_methods_scopes
+        @restme_update_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{updateable_current_action}_#{restme_role}_scope?"
+        end
       end
 
       def updateable_record_errors_messages
@@ -88,7 +92,7 @@ module Restme
       end
 
       def updateable_current_action
-        return true unless restme_current_user
+        return unless update_rules_class
 
         current_action.presence_in update_rules_class.class::UPDATABLE_ACTIONS_RULES
       rescue StandardError

data/lib/restme/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Restme
-  VERSION = "1.2.1"
+  VERSION = "1.3.0"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: restme
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.3.0
 platform: ruby
 authors:
 - everson-ever
@@ -46,7 +46,7 @@ files:
 - lib/restme/scope/sort/rules.rb
 - lib/restme/shared/controller_params.rb
 - lib/restme/shared/current_model.rb
-- lib/restme/shared/restme_current_user_role.rb
+- lib/restme/shared/restme_current_user_roles.rb
 - lib/restme/update/rules.rb
 - lib/restme/version.rb
 - sig/restme.rbs

data/lib/restme/shared/restme_current_user_role.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-module Restme
-  module Shared
-    # Returns the roles associated with the user, if any exist.
-    module RestmeCurrentUserRole
-      def restme_current_user_role
-        restme_current_user&.try(::Restme::Configuration.user_role_field)
-      end
-    end
-  end
-end