restme 1.2.2 → 1.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1719cb8e1a96b0e12a5015c3eca4c6acfdb3542d6df849f84abdd2aea05a812b
-  data.tar.gz: d49bac58ef0983dbbfd4f56710c2b31f8cfe01e1e0d62f886c296b0ea88d98ff
+  metadata.gz: 0e523f7df013c44f903677642433e4a602469110597bf654327d1d2ef26bf0b2
+  data.tar.gz: 41f22e4c3efe48f3df65165badd1d3a58974f5a8dc183e4c2aeb3fff19b548e8
 SHA512:
-  metadata.gz: e703777e66829853afd8fcb560b2d02e3760249ef604d6af9deb9ee6419dcbd5f34f09589d787a9010fd52ac6b78fc744628e77306635bc5b24f9d0a5ec9ec56
-  data.tar.gz: 474185500814429aed08447b12b89cf9a5109b133354b8ba347d01cb1de7cc81d4a23047e4159761ea6ddb120719e6b4ae3c792222c752c9270f589dd39c7313
+  metadata.gz: 3bf751aee7203b756dd96025063c144801db5b2dd568ce9df34dada419985efda09dc8c912b310d09d1fa389dce7c715f66a12e97908776c21fd7174bcae406d
+  data.tar.gz: c7a4a9442dbd845ca7e0b07d68992a53e8427a97aa95fd2527c0f36627a5901bfcb7db3ac2cc43a42e722bdf09fc97aec22be3be729951be6c3e4665b6f56330

data/Dockerfile

@@ -15,6 +15,8 @@ RUN mkdir -p $APP_HOME
 WORKDIR $APP_HOME
 
 ADD Gemfile* $APP_HOME/
+ADD restme.gemspec $APP_HOME/
+ADD lib/restme/version.rb $APP_HOME/lib/restme/version.rb
 
 RUN chown -R $(whoami):$(whoami) $APP_HOME
 

data/README.md

@@ -16,7 +16,7 @@ This gem manages your controller's responsibilities for:
 
 GEMFILE:
 ```bash
-gem 'restme', '~> 1.2.1'
+gem 'restme', '~> 1.3.0'
 ```
 
 INSTALL:
@@ -28,7 +28,7 @@ gem 'restme'
 
 #### ℹ️ Current Version of gem require the following pré configs
  - Your controllers must be named using the plural form of the model (e.g., Product → ProductsController). Alternatively, you can manually set the model name by defining the MODEL_NAME constant (e.g., MODEL_NAME = "Product").
- - You must create a folder inside app named restfy to define controller rules for authorization, scoping, creation, updating, and field selection (see example below).
+ - You must create a folder inside app named restme to define controller rules for authorization, scoping, creation, updating, and field selection (see example below).
 
 
 <br>
@@ -57,6 +57,31 @@ Restme.configure do |config|
 end
 ```
 
+`current_user_variable`
+
+Defines the name of the method used to access the currently authenticated user within the controller context.
+This should match the method that returns the logged-in user (for example, :current_user when using authentication libraries like Devise).
+Represent the the field where the role of user is (can be one or many rules)
+
+`user_role_field`
+
+Defines the attribute on the user model that represents the user's role.
+This field is used to determine authorization rules and may support single or multiple roles, depending on your application's implementation.
+
+`pagination_default_per_page`
+
+Specifies the default number of records returned per page when pagination parameters are not explicitly provided in the request.
+
+`pagination_default_page`
+
+Specifies the default page number used when the request does not include a page parameter.
+
+`pagination_max_per_page`
+
+Defines the maximum number of records allowed per page.
+This acts as a safety limit to prevent clients from requesting excessively large result sets, helping protect application performance and resource usage.
+
+
 <br>
 
 
@@ -209,6 +234,13 @@ This rule defines which nested_fields are selectable (nested fields are model re
 ```ruby
 module ProductsController::Field
   class Rules
+   # Defines the default fields that will be automatically selected
+   # in queries when no explicit field selection is provided.
+   # These fields are always included in the response.
+   MODEL_FIELDS_SELECT = %i[id].freeze
+
+   UNALLOWED_MODEL_FIELDS_SELECT = %i[internal_code].freeze
+
     NESTED_SELECTABLE_FIELDS = {
       unit: {},
       establishment: {},
@@ -288,8 +320,6 @@ There are two query parameters available to control pagination:
 - `per_page`: Defines the number of items per page.
 - `page`: Sets the current page number.
 
-ℹ️ **Note:** The maximum number of items per page is currently limited to 100.
-
 Example usage:
 
 ```bash
@@ -301,8 +331,8 @@ http://localhost:3000/api/v1/products?per_page=12&page=1
 
 #### Field Selection (`fields_select`)
 
-You can select specific fields from your model, such as `id`, `name`, or `created_at`.  
-The resulting query will retrieve **only** the selected fields directly from the database, improving performance.
+You can select specific fields from your model, such as `id`, `name`, or `created_at`.
+The generated query will retrieve only the selected fields directly from the database, reducing unnecessary data loading and improving performance.
 
 Example:
 

data/lib/restme/authorize/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 
 module Restme
@@ -8,7 +8,7 @@ module Restme
     # Defines the rules used to authotize user
     module Rules
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       def user_authorized?
         return true if restme_current_user.blank? || authorize?
@@ -19,8 +19,7 @@ module Restme
       end
 
       def authorize?
-        allowed_roles_actions[action_name.to_sym]
-          &.include?(restme_current_user_role&.to_sym)
+        (allowed_roles_actions & restme_current_user_roles)&.any?
       end
 
       def authorize_errors
@@ -35,9 +34,9 @@ module Restme
       end
 
       def allowed_roles_actions
-        return {} unless authorize_rules_class&.const_defined?(:ALLOWED_ROLES_ACTIONS)
+        return [] unless authorize_rules_class&.const_defined?(:ALLOWED_ROLES_ACTIONS)
 
-        authorize_rules_class::ALLOWED_ROLES_ACTIONS
+        authorize_rules_class::ALLOWED_ROLES_ACTIONS[action_name.to_sym] || []
       end
 
       def authorize_rules_class

data/lib/restme/create/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 
@@ -10,7 +10,7 @@ module Restme
     module Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       attr_reader :create_temp_record
 
@@ -34,7 +34,7 @@ module Restme
       end
 
       def restme_create_status
-        return :unprocessable_entity if create_record_errors
+        return :unprocessable_content if create_record_errors
 
         :created
       end
@@ -64,9 +64,13 @@ module Restme
       def createable_scope?
         return true unless restme_current_user
 
-        method_scope = "#{creatable_current_action}_#{restme_current_user_role}_scope?"
+        restme_create_methods_scopes.any? { |method_scope| create_rules_class.try(method_scope) }
+      end
 
-        create_rules_class.try(method_scope) || false
+      def restme_create_methods_scopes
+        @restme_create_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{creatable_current_action}_#{restme_role}_scope?"
+        end
       end
 
       def createable_object_errors_messages
@@ -78,7 +82,7 @@ module Restme
       end
 
       def creatable_current_action
-        return true unless restme_current_user
+        return unless create_rules_class
 
         current_action.presence_in create_rules_class.class::CREATABLE_ACTIONS_RULES
       rescue StandardError

data/lib/restme/scope/field/attachable.rb

@@ -25,10 +25,13 @@ module Restme
 
         def define_attachment_methods
           attachment_fields_select.each do |attachment_field_name|
-            klass.class_eval do
-              define_method(:"#{attachment_field_name}_url") do
-                send(attachment_field_name).url
-              end
+            method_name = "#{attachment_field_name}_url"
+
+            next if klass.method_defined?(method_name)
+
+            klass.define_method(method_name) do
+              attachment = public_send(attachment_field_name)
+              attachment&.url
             end
           end
         end
@@ -50,10 +53,9 @@ module Restme
         def unallowed_attachment_fields_error
           return if unallowed_attachment_fields.blank?
 
-          render json: {
-            body: unallowed_attachment_fields,
-            message: "Selected not allowed attachment fields"
-          }, status: :bad_request
+          restme_scope_errors({ body: unallowed_attachment_fields, message: "Selected not allowed attachment fields" })
+
+          restme_scope_status(:bad_request)
         end
 
         def unallowed_attachment_fields

data/lib/restme/scope/field/rules.rb

@@ -30,19 +30,31 @@ module Restme
         end
 
         def select_any_field?
-          fields_select || nested_fields_select || attachment_fields_select
+          defined_fields_select || fields_select || nested_fields_select || attachment_fields_select
         end
 
         def model_fields_select
-          @model_fields_select ||= begin
-            fields = fields_select&.split(",")
-            fields = fields&.map { |field| "#{klass.table_name}.#{field}" }&.join(",")
-            fields || model_attributes
-          end
+          @model_fields_select ||= select_selected_fields.presence || model_attributes
+        end
+
+        def select_selected_fields
+          @select_selected_fields ||= defined_fields_select | fields_select.split(",").map(&:to_s)
         end
 
         def model_attributes
-          @model_attributes ||= klass.new.attributes.keys
+          @model_attributes ||= klass.attribute_names - unallowed_model_fields_select
+        end
+
+        def defined_fields_select
+          return [] unless field_class_rules&.const_defined?(:MODEL_FIELDS_SELECT)
+
+          (field_class_rules::MODEL_FIELDS_SELECT || []).map(&:to_s)
+        end
+
+        def unallowed_model_fields_select
+          return [] unless field_class_rules&.const_defined?(:UNALLOWED_MODEL_FIELDS_SELECT)
+
+          (field_class_rules::UNALLOWED_MODEL_FIELDS_SELECT || []).map(&:to_s)
         end
 
         def valid_nested_fields_select
@@ -79,7 +91,7 @@ module Restme
         end
 
         def fields_select
-          @fields_select ||= controller_query_params[:fields_select]
+          @fields_select ||= controller_query_params[:fields_select] || ""
         end
 
         def nested_fields_select

data/lib/restme/scope/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 require_relative "filter/rules"
@@ -20,7 +20,7 @@ module Restme
       include ::Restme::Scope::Filter::Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       attr_reader :filterable_scope_response
       attr_writer :restme_scope_errors, :restme_scope_status
@@ -30,6 +30,7 @@ module Restme
         unknown_sortable_fields_errors
         unallowed_filter_fields_errors
         unallowed_select_fields_errors
+        unallowed_attachment_fields_error
       ].freeze
 
       def pagination_response
@@ -99,7 +100,22 @@ module Restme
       end
 
       def user_scope
-        @user_scope ||= none_user_scope || scope_rules_class.try(method_scope) || none_scope
+        @user_scope ||= none_user_scope || process_user_scope || none_scope
+      end
+
+      def process_user_scope
+        scopes = user_scope_methods.map { |m| scope_rules_class.try(m) }
+
+        processed_scope = scopes.reduce { |combined, s| combined.or(s) }
+
+        user_scope_methods.many? ? processed_scope&.distinct : processed_scope
+      end
+
+      def user_scope_methods
+        @user_scope_methods ||=
+          restme_methods_scopes.select do |method_scope|
+            scope_rules_class.respond_to?(method_scope)
+          end
       end
 
       def none_user_scope
@@ -110,8 +126,10 @@ module Restme
         klass.none
       end
 
-      def method_scope
-        "#{restme_current_user_role}_scope"
+      def restme_methods_scopes
+        @restme_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{restme_role}_scope"
+        end
       end
 
       def scope_rules_class

data/lib/restme/shared/restme_current_user_roles.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module Restme
+  module Shared
+    # Returns the roles associated with the user, always normalized as an Array of symbols.
+    module RestmeCurrentUserRoles
+      def restme_current_user_roles
+        Array.wrap(user_roles).map do |role|
+          role.respond_to?(:to_sym) ? role.to_sym : role.to_s.to_sym
+        end
+      end
+
+      def user_roles
+        @user_roles ||= restme_current_user&.try(::Restme::Configuration.user_role_field)
+      end
+    end
+  end
+end

data/lib/restme/update/rules.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-require_relative "../shared/restme_current_user_role"
+require_relative "../shared/restme_current_user_roles"
 require_relative "../shared/current_model"
 require_relative "../shared/controller_params"
 
@@ -10,7 +10,7 @@ module Restme
     module Rules
       include ::Restme::Shared::ControllerParams
       include ::Restme::Shared::CurrentModel
-      include ::Restme::Shared::RestmeCurrentUserRole
+      include ::Restme::Shared::RestmeCurrentUserRoles
 
       attr_reader :update_temp_record
 
@@ -36,7 +36,7 @@ module Restme
       end
 
       def restme_update_status
-        return :unprocessable_entity if update_record_errors
+        return :unprocessable_content if update_record_errors
 
         :ok
       end
@@ -74,9 +74,13 @@ module Restme
       def updateable_scope?
         return true unless restme_current_user
 
-        method_scope = "#{updateable_current_action}_#{restme_current_user_role}_scope?"
+        restme_update_methods_scopes.any? { |method_scope| update_rules_class.try(method_scope) }
+      end
 
-        update_rules_class.try(method_scope) || false
+      def restme_update_methods_scopes
+        @restme_update_methods_scopes ||= restme_current_user_roles.map do |restme_role|
+          "#{updateable_current_action}_#{restme_role}_scope?"
+        end
       end
 
       def updateable_record_errors_messages
@@ -88,7 +92,7 @@ module Restme
       end
 
       def updateable_current_action
-        return true unless restme_current_user
+        return unless update_rules_class
 
         current_action.presence_in update_rules_class.class::UPDATABLE_ACTIONS_RULES
       rescue StandardError

data/lib/restme/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Restme
-  VERSION = "1.2.2"
+  VERSION = "1.3.1"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: restme
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.3.1
 platform: ruby
 authors:
 - everson-ever
@@ -46,7 +46,7 @@ files:
 - lib/restme/scope/sort/rules.rb
 - lib/restme/shared/controller_params.rb
 - lib/restme/shared/current_model.rb
-- lib/restme/shared/restme_current_user_role.rb
+- lib/restme/shared/restme_current_user_roles.rb
 - lib/restme/update/rules.rb
 - lib/restme/version.rb
 - sig/restme.rbs

data/lib/restme/shared/restme_current_user_role.rb

@@ -1,12 +0,0 @@
-# frozen_string_literal: true
-
-module Restme
-  module Shared
-    # Returns the roles associated with the user, if any exist.
-    module RestmeCurrentUserRole
-      def restme_current_user_role
-        restme_current_user&.try(::Restme::Configuration.user_role_field)
-      end
-    end
-  end
-end