sharepoint_api 1.0.3 → 2.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a04ca042235cb062f83374dc540fd27d12b2068bb356bf52b54716e48b15c905
-  data.tar.gz: 6923a225c514c6a53c8f08d7b95e072fc75272db591f232c4148ed7eece95c95
+  metadata.gz: c6b07883d80dbfaf3b87f352c8df343b61b8b7ae2a02825725429ed0c5a47915
+  data.tar.gz: 18fa74004691d59f173bc5c5e95718c51c1e1d237d5c14efe4e3b6c490e5b901
 SHA512:
-  metadata.gz: 96c52d86e21e98b0e2e2430b151fe91a253412b98dac1d2952b983e8fa37e605839cd58ea3c6e640901a4fcb14caa58637ff1391e1a068f44894d69d0102df1e
-  data.tar.gz: 37a24f9c97d3e279be6a438dadd276030d319b62964347570f9ab2d3a81320b31cd82da3b04a95f0b9b2495364ef56f87d4e8ee36a8f150d2d7d3576eabffdb4
+  metadata.gz: a9e176e297670491aca1a556f4c019f498e409637ca17c144b6a76cfd183c02c1de2d5b0359d24d1659381e4b7a62b506b96d023db8d91453a1b4af8726f5274
+  data.tar.gz: eaf88cbd106de7ed5546861e55b74444d7db253e917b62fd317584048243c7db559bf9c6b6a05ddaabcfd822a98bd29542eadadda6866c9a7edfb50362dd6cba

data/CHANGELOG.md

@@ -1,3 +1,13 @@
+## [2.2.0] - 2021-07-06
+  * Use $select queries to vastly speed up FileInfo#version lookup.
+
+## [2.1.0] - 2021-07-06
+  * Drop feature of add_file creating a folder if one didn't exist as it introduced a security issue where a folder could be created that didn't have access restricted to routing participants.
+
+## [2.0.0] - 2021-06-28
+  * Update proof-sharepoint-ruby to escape apostrophes.
+  * Change usage of apostrophe escaping.
+
 ## [1.0.3] - 2021-01-12
   * Handle edge case where FileInfo file#modified_by refers to a user that no longer exists.
 

data/Gemfile.lock

@@ -1,14 +1,14 @@
 PATH
   remote: .
   specs:
-    sharepoint_api (1.0.3)
+    sharepoint_api (2.2.1)
       addressable (~> 2.7)
-      proof-sharepoint-ruby (~> 1.0)
+      proof-sharepoint-ruby (~> 2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.7.0)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
     ast (2.4.1)
     byebug (11.1.3)
@@ -49,7 +49,7 @@ GEM
     parallel (1.20.1)
     parser (2.7.2.0)
       ast (~> 2.4.1)
-    proof-sharepoint-ruby (1.0.0)
+    proof-sharepoint-ruby (2.0.0)
       curb (~> 0.8, <= 0.9.10)
     pry (0.13.1)
       coderay (~> 1.1)

data/lib/sharepoint_api/file_info.rb

@@ -4,6 +4,31 @@ class SharepointApi
   class FileInfo
     class FileInfoError < SharepointError; end
 
+    ##
+    # Get all data required to build a FileInfo object without subsequent API calls.
+    FILE_SELECT_QUERY_WITH_VERSIONS = begin
+      sub_query = %w[
+        ModifiedBy/LoginName
+        ListItemAllFields/Id
+        Versions/Id
+        Versions/Created
+        Versions/IsCurrentVersion
+        Versions/CreatedBy/LoginName
+        Versions/Url
+      ].join(',')
+      "$select=Name,UpdatedAt,MajorVersion,TimeLastModified,#{sub_query}&$expand=#{sub_query}"
+    end.freeze
+
+    ##
+    # Get just enough data to build a FileInfo object that suports to_h
+    FILE_SELECT_QUERY = begin
+      sub_query = %w[
+        ModifiedBy/LoginName
+        ListItemAllFields/Id
+      ].join(',')
+      "$select=Name,UpdatedAt,MajorVersion,TimeLastModified,Versions,#{sub_query}&$expand=#{sub_query}"
+    end.freeze
+
     extend Forwardable
     attr_reader :version, :version_id, :file, :updated_at
 
@@ -45,7 +70,7 @@ class SharepointApi
           file_version.id,
           created_at: Time.parse(file_version.created),
           current: file_version.is_current_version,
-          creator_login: file_version.creator&.login_name
+          creator_login: safe_created_by(file_version)&.login_name
         )
       end
 
@@ -75,5 +100,16 @@ class SharepointApi
 
       raise(FileInfoError, e.message)
     end
+
+    def safe_created_by(file_version)
+      return file_version.creator if file_version.data['CreatedBy']['__deferred']
+      return file_version.created_by if file_version.data['CreatedBy']['__metadata']
+
+      nil
+    rescue Sharepoint::SPException => e
+      return nil if e.message =~ /User cannot be found/
+
+      raise(FileInfoError, e.message)
+    end
   end
 end

data/lib/sharepoint_api/file_system.rb

@@ -9,26 +9,19 @@ class SharepointApi
     def add_file(path, content)
       folder_path = File.dirname(path)
       file_name = encode_path(File.basename(path))
-      begin
-        retries ||= 0
-        FileInfo.wrap(
-          site.query(
-            :post,
-            "GetFolderByServerRelativeUrl('#{site_relative_path(folder_path)}')/Files" \
-            "/Add(overwrite=true,url='#{file_name}')",
-            content
-          )
+      FileInfo.wrap(
+        site.query(
+          :post,
+          "GetFolderByServerRelativeUrl('#{site_relative_path(folder_path)}')/Files" \
+          "/Add(overwrite=true,url='#{file_name}')?#{FileInfo::FILE_SELECT_QUERY}",
+          content
         )
-      rescue Sharepoint::SPException => e
-        reraise_if_lock_error(e)
-
-        log_as(__method__, e)
-        log_as(__method__, "adding folder with path #{folder_path}")
-        add_folder(folder_path)
-        retry if (retries += 1) < 2
-        log_as(__method__, e, level: :warn)
-        nil
-      end
+      )
+    rescue Sharepoint::SPException => e
+      reraise_if_lock_error(e)
+
+      log_as(__method__, e)
+      nil
     end
 
     def file_exists?(path)
@@ -39,11 +32,18 @@ class SharepointApi
       false
     end
 
+    ##
+    # Querying a non-existent file will raise a 500 error so we check for existence first.
     def find_file(path)
+      return nil unless file_exists?(path)
+
       server_path = server_relative_path(path)
-      FileInfo.wrap(
-        site.query(:get, "GetFileByServerRelativeUrl('#{server_path}')")
-      )
+      result = site.query(:get, "GetFileByServerRelativeUrl('#{server_path}')?#{FileInfo::FILE_SELECT_QUERY_WITH_VERSIONS}", nil, true)
+      result = JSON.parse(result)
+      result['d']['Versions'] = Sharepoint::Site.make_object_from_response(site, { 'd' => result['d']['Versions'] })
+      file = Sharepoint::Site.make_object_from_response(site, result)
+
+      FileInfo.wrap(file)
     rescue Sharepoint::SPException => e
       log_as(__method__, e)
       nil
@@ -117,8 +117,14 @@ class SharepointApi
 
     def files_in_folder(path)
       server_path = server_relative_path(path)
-      site.query(:get, "GetFolderByServerRelativeUrl('#{server_path}')/Files").
-        map { |file| FileInfo.new(file) }
+      result = site.query(:get, "GetFolderByServerRelativeUrl('#{server_path}')/Files?#{FileInfo::FILE_SELECT_QUERY_WITH_VERSIONS}", nil, true)
+      result = JSON.parse(result)
+      result.dig('d', 'results')&.map do |file_result|
+        file_result['Versions'] = Sharepoint::Site.make_object_from_response(site, { 'd' => file_result['Versions'] })
+      end
+      files = Sharepoint::Site.make_object_from_response(site, result)
+
+      files.map { |file| FileInfo.new(file) }
     rescue Sharepoint::SPException => e
       log_as(__method__, e)
       nil

data/lib/sharepoint_api/version.rb

@@ -1,3 +1,3 @@
 class SharepointApi
-  VERSION = '1.0.3'.freeze
+  VERSION = '2.2.1'.freeze
 end

data/lib/sharepoint_api.rb

@@ -62,11 +62,11 @@ class SharepointApi
     @site = build_connection
   end
 
-  def site_relative_path(path, preview: false)
+  def site_relative_path(path, safe_quote: true)
     file_path = [
       library_name, path
     ].reject { |p| p.nil? || p == '' }.join('/')
-    encode_path(file_path, preview: preview)
+    encode_path(file_path, safe_quote: safe_quote)
   end
 
   def server_relative_path(path)
@@ -81,9 +81,9 @@ class SharepointApi
     "#{protocol}://#{host}/#{site_path}"
   end
 
-  def encode_path(path, preview: false)
+  def encode_path(path, safe_quote: true)
     path = Addressable::URI.encode(path)
-    path.gsub!(/'/, '%27%27') unless preview
+    path.gsub!(/'/, '%27%27') if safe_quote
     path.gsub!('+', '%2B')
     path
   end

data/sharepoint_api.gemspec

@@ -17,7 +17,7 @@ Gem::Specification.new do |spec|
   spec.metadata['changelog_uri'] = 'https://github.com/proofgov/sharepoint_api/blob/master/CHANGELOG.md'
 
   spec.add_runtime_dependency('addressable', '~> 2.7')
-  spec.add_runtime_dependency('proof-sharepoint-ruby', '~> 1.0')
+  spec.add_runtime_dependency('proof-sharepoint-ruby', '~> 2.0')
 
   # Specify which files should be added to the gem when it is released.
   # The `git ls-files -z` loads the files in the RubyGem that have been added into git.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sharepoint_api
 version: !ruby/object:Gem::Version
-  version: 1.0.3
+  version: 2.2.1
 platform: ruby
 authors:
 - Andrew Kalek
@@ -10,7 +10,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-01-12 00:00:00.000000000 Z
+date: 2021-10-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -32,14 +32,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.0'
+        version: '2.0'
 description: A tool to make it easier to talk to sharepoint (via the proof-sharepoint-ruby
   gem)
 email: