skinny_controllers 0.10.6 → 0.10.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 4b9b095f6a365b6f06431c544fd1a7146e545083
-  data.tar.gz: d196ad00f8899a0acea246b05d328ef5820468db
+  metadata.gz: ec8abdfb85c06f6eb9502eed56d1c9aaefe44dae
+  data.tar.gz: 1cb87906f028c8e73e8c6cffb0d1c4e4ede94b4f
 SHA512:
-  metadata.gz: a78d527c37406567ddabd23f646069dde3823ce96d9b1158645f890a9526a332b41f9d922f7d84b7b6ec1dceb0ff28fae0aafc76e472df3d32834ee075afa869
-  data.tar.gz: 77927377b4f721cb662790d308df61df1c070022b174728db9515869991872edda42da55093201ef0bca8a6f24a83cdc689dde7c0f889fa4850898a286216434
+  metadata.gz: 93867fac825426ab77574c718b2a8b4027dc3c32a2c0e72dd7764757c49e2a612e87aa1445f217e1a160534cb7f72859e72c4e771e3a5e56a3859f60f3300eab
+  data.tar.gz: 89bc46531b3fa9fe7a0c1dac5cc7f877181814a0a457460d88fe8477ce145d782ecd466d7009c8ec546889a76a3fde7706f6fd6d01ab723de6462ad59639ef7a

data/README.md

@@ -38,20 +38,6 @@ or
 gem install skinny_controllers
 ```
 
-
-## Generators
-
-```bash
-rails g operation event_summary
-# => create  app/operations/event_summary_operations.rb
-
-rails g policy event_summary
-# create  app/policies/event_summary_policy.rb
-
-rails g skinny_controller event_summaries
-# create  app/controllers/event_summaries_controller.rb
-```
-
 # Usage
 
 ## In a controller:
@@ -65,117 +51,6 @@ render json: model
 
 and that's it!
 
-The above does a multitude of assumptions to make sure that you can type the least amount code possible.
-
-1. Your controller name is the name of your _resource_.
-2. Any defined policies or operations follow the formats (though they don't have to exist):
-  - `class #{resource_name}Policy`
-  - `module #{resource_name}Operations`
-3. Your model responds to `find`, and `where`
-4. If relying on the default / implicit operations for create and update, the params key for your model's changes much be formatted as `{ Model.name.underscore => { attributes }}`
-5. If using strong parameters, SkinnyControllers will look for `{action}_{model}_params` then `{model}_params` and then `params`. See the `strong_parameters_spec.rb` test to see an example.
-
-### Per Controller Configuration
-
-```ruby
-skinny_controllers_config model_class: AClass,
-                          parent_class: ParentClass,
-                          asociation_name: :association_aclasses,
-                          model_params_key: :aclass
-```
-
-#### model_class
-Lets say you have a JSON API resource that you'd like to render that has some additional/subset of data.
-Maybe the model is an `Event`, and the resource an `EventSummary` (which could do some aggregation of `Event` data).
-
-The naming of all the objects should be as follows:
- - `EventSummariesController`
- - `EventSummaryOperations::*`
- - `EventSummaryPolicy`
- - and the model is still `Event`
-
-In `EventSummariesController`, you would make the following additions:
-```ruby
-class EventSummariesController < ApiController # or whatever your superclass is
-  include SkinnyControllers::Diet
-
-  skinny_controllers_config model_class: Event
-
-  def index
-    render json: model, each_serializer: EventSummariesSerializer
-  end
-
-  def show
-    render json: model, serializer: EventSummariesSerializer
-  end
-end
-```
-
-Note that `each_serializer` and `serializer` is not part of `SkinnyControllers`, and is part of [ActiveModel::Serializers](https://github.com/rails-api/active_model_serializers).
-
-Also note that setting `model_class` may be required if your model is namespaced.
-
-#### parent_class and association_name
-
-If you want to scope the finding of a resource to a parent object, `parent_class` must be set
-
-```ruby
-skinny_controllers_config parent_class: ParentClass,
-                          assaciation_name: :children,
-                          model_class: Child
-```
-
-Given the above configuration in a controller, and a request with the params:
-
-```
-{
-  id: 2,
-  parent_id: 78  
-}
-```
-
-The following query will be made:
-
-```ruby
-Parent.find(78).children.find(2)
-```
-
-#### model_params_key
-
-Date stored another a different key in `params`?
-
-```ruby
-skinny_controllers_config model_class: Child,
-                          model_params_key: :progeny
-```
-
-Given the above configuration in a controller, and a request with the params:
-
-```
-{
-  progeny: {
-    attribute1: 'value'
-  }
-}
-```
-
-The attributes inside the `progeny` sub hash will be used instead of the default, `child`.
-
-### What if your model is namespaced?
-
-All you have to do is set the `model_class`, and `model_key`.
-
-```ruby
-class ItemsController < ApiController # or whatever your superclass is
-  include SkinnyControllers::Diet
-
-  skinny_controllers_config model_class: NameSpace::Item
-                            model_params_key: :item
-end
-```
-`model_key` specifies the key to look for params when creating / updating the model.
-
-Note that while `model_key` doesn't *have* to be specified, it would default to name_space/item. So, just keep that in mind.
 
 ### What if you want to call your own operations?
 
@@ -227,314 +102,6 @@ end
 
 Note that we don't need the id under the data hash, because in a RESTful api, the id will be available to us through the top level params hash.
 
-
-## Defining Operations
-
-Operations should be placed in `app/operations` of your rails app.
-
-For operations concerning an `Event`, they should be under `app/operations/event_operations/`.
-
-Using the example from the specs:
-```ruby
-module EventOperations
-  class Read < SkinnyControllers::Operation::Base
-    def run
-      model if allowed?
-    end
-  end
-end
-```
-
-alternatively, all operation verbs can be stored in the same file under (for example) `app/operations/user_operations.rb`
-
-```ruby
-module UserOperations
-  class Read < SkinnyControllers::Operation::Base
-    def run
-      model if allowed?
-    end
-  end
-
-  class ReadAll < SkinnyControllers::Operation::Base
-    def run
-      model if allowed?
-    end
-  end
-end
-```
-
-### Creating
-
-To achieve default functionality, this operation *may* be defined -- though, it is implicitly assumed to function this way if not defined.
-```ruby
-module UserOperations
-  class Create < SkinnyControllers::Operation::Base
-    def run
-      @model = User.new(model_params)
-
-      # raising an exception here allows the corresponding resource controller to
-      # `rescue_from SkinnyControllers::DeniedByPolicy` and have a uniform error
-      # returned to the frontend
-      raise SkinnyControllers::DeniedByPolicy.new('Something Horrible') unless allowed?
-
-      @model.save
-      return @model # or just `model`
-    end
-  end
-end
-```
-
-### Updating
-```ruby
-module UserOperations
-  class Update < SkinnyControllers::Operation::Base
-    def run
-      # this throws a DeniedByPolicy exception if `allowed?` returns false
-      check_allowed!
-
-      model.update(model_params)
-      model
-    end
-  end
-end
-```
-
-### Deleting
-
-Goal: Users should only be able to delete themselves
-
-To achieve default functionality, this operation *may* be defined -- though, it is implicitly assumed to function this way if not defined.
-```ruby
-module UserOperations
-  class Delete < SkinnyControllers::Operation::Base
-    def run
-      model.destroy if allowed?
-    end
-  end
-end
-```
-
-NOTE: `allowed?` is `true` by default via the `SkinnyControllers.allow_by_default` option.
-
-## Defining Policies
-
-Policies should be placed in `app/policies` of your rails app.
-These are where you define your access logic, and how to decide if a user has access to the `object`
-
-```ruby
-class EventPolicy < SkinnyControllers::Policy::Base
-  def read?(event = object)
-    event.user == user
-  end
-end
-```
-
-
-## More Advanced Usage
-
-These are snippets taking from other projects.
-
-### Using ransack
-
-```ruby
-# config/initializers/skinny_controllers.rb
-SkinnyControllers.search_proc = lambda do |relation|
-  relation.ransack(params[:q]).result
-end
-```
-
-### Finding a record when the id parameter isn't passed
-
-```ruby
-module HostOperations
-  class Read < SkinnyControllers::Operation::Base
-    def run
-       # always allowed, never restricted
-       # (because there is now call to allowed?)
-      model
-    end
-
-    # the params to this method should include the subdomain
-    # e.g.: { subdomain: 'swingin2015' }
-    def model_from_params
-      subdomain = params[:subdomain]
-      host = Host.find_by_subdomain(subdomain)
-    end
-  end
-end
-```
-
-### The built in model-finding methods can be completely ignored
-
-The `model` method does not need to be overridden. `run` is what is called on the operation.
-
-```ruby
-module MembershipRenewalOperations
-  # MembershipRenewalsController#index
-  class ReadAll < SkinnyControllers::Operation::Base
-
-    def run
-      # default 'model' functionality is avoided
-      latest_renewals
-    end
-
-    private
-
-    def organization
-      id = params[:organization_id]
-      Organization.find(id)
-    end
-
-    def renewals
-      options = organization.membership_options.includes(renewals: [:user, :membership_option])
-      options.map(&:renewals).flatten
-    end
-
-    def latest_renewals
-      sorted_renewals = renewals.sort_by{|r| [r.user_id,r.updated_at]}.reverse
-
-      # unique picks the first option.
-      # so, because the list is sorted by user id, then updated at,
-      # for each user, the first renewal will be chosen...
-      # and because it is descending, that means the most recent renewal
-      sorted_renewals.uniq { |r| r.user_id }
-    end
-  end
-
-end
-```
-
-### Updating / Deleting the current_user
-
-This is something you could do if you always know your model ahead of time.
-
-```ruby
-module UserOperations
-  class Update < SkinnyControllers::Operation::Base
-    def run
-      return unless allowed_for?(current_user)
-      # update with password provided by Devise
-      current_user.update_with_password(model_params)
-      current_user
-    end
-  end
-
-  class Delete < SkinnyControllers::Operation::Base
-    def run
-      if allowed_for?(current_user)
-        if current_user.upcoming_events.count > 0
-          current_user.errors.add(
-            :base,
-            "You cannot delete your account when you are about to attend an event."
-          )
-        else
-          current_user.destroy
-        end
-
-        current_user
-      end
-    end
-  end
-
-end
-```
-
-## Testing
-
-The whole goal of this project is to minimize the complexity or existence of controller tests, and provide
-a way to unit test business logic.
-
-In the following examples, I'll be using RSpec -- but there isn't anything that would prevent you from using a different testing framework, if you so choose.
-
-### Operations
-
-```ruby
-describe HostOperations do
-  describe HostOperations::Read do
-    context 'model_from_params' do
-      let(:subdomain){ 'subdomain' }
-      # an operation takes a user, and a list of params
-      # there are optional parameters as well, but generally may not be required.
-      # see: `SkinnyControllers:::Operation::Base`
-      let(:operation){ HostOperations::Read.new(nil, { subdomain: subdomain }) }
-
-      it 'finds an event' do
-        host = create(:host, domain: subdomain)
-        model = operation.run
-        expect(model).to eq host
-      end
-      #...
-```
-
-### Policies
-
-With policies, I like to test using Procs, because the setup is the same for most actions, and it's easier to set up different scenarios.
-
-```ruby
-describe PackagePolicy do
-  # will test if the owner of this object can access it
-  let(:by_owner){
-    ->(method){
-      package = create(:package)
-      # a policy takes a user and an object
-      policy = PackagePolicy.new(package.event.hosted_by, package)
-      policy.send(method)
-    }
-  }
-
-  # will test if the person registering with this package has permission
-  let(:by_registrant){
-    ->(method){
-      event = create(:event)
-      package = create(:package, event: event)
-      attendance = create(:attendance, host: event, package: package)
-      # a policy takes a user and an object
-      policy = PackagePolicy.new(attendance.attendee, package)
-      policy.send(method)
-    }
-  }
-
-  context 'can be read?' do
-    it 'by the event owner' do
-      result = by_owner.call(:read?)
-      expect(result).to eq true
-    end
-
-    it 'by a registrant' do
-      result = by_registrant.call(:read?)
-      expect(result).to eq true
-    end
-  end
-
-  context 'can be updated?' do
-    it 'by the event owner' do
-      result = by_owner.call(:update?)
-      expect(result).to eq true
-    end
-
-    it 'by a registrant' do
-      result = by_registrant.call(:update?)
-      expect(result).to eq false
-    end
-  end
-```
-
-
-## Globally Configurable Options
-
-The following options are available:
-
-|Option|Default|Note|
-|------|-------|----|
-|`operations_namespace` | '' | Optional namespace to put all the operations in. |
-|`operations_suffix`|`'Operations'` | Default suffix for the operations namespaces. |
-|`policy_suffix`|`'Policy'`  | Default suffix for policies classes. |
-|`controller_namespace`|`''`| Global Namespace for all controllers (e.g.: `'API'`) |
-|`allow_by_default`| `true` | Default permission |
-|`action_map`| see [skinny_controllers.rb](./lib/skinny_controllers.rb#L61)| |
-| `search_proc`| passthrough | can be used to filter results, such as with using ransack |
-
-
 -------------------------------------------------------
 
 ## How is this different from trailblazer?
@@ -549,3 +116,14 @@ This may not be horribly apparent, but here is a table overviewing some highleve
 | Additional objects|-| none | contacts, representers, callbacks, cells |
 | Rendering |-|  done in the controller, and up to the dev to decide how that is done. `ActiveModel::Serializers` with JSON-API is highly recommended |-| representers provide a way to define serializers for json, xml, json-api, etc |
 | App Structure |-|  same as rails. `app/operations` and `app/policies` are added | encourages a new structure 'concepts', where cells, view templates, assets, operations, etc are all under `concepts/{model-name}` |
+
+
+# Contributing
+
+Please refer to each project's style guidelines and guidelines for submitting patches and additions. In general, we follow the "fork-and-pull" Git workflow.
+
+ 1. **Fork** the repo on GitHub
+ 2. **Clone** the project to your own machine
+ 3. **Commit** changes to your own branch
+ 4. **Push** your work back up to your fork
+ 5. Submit a **Pull request** so that we can review your changes

data/lib/skinny_controllers/diet.rb

@@ -77,7 +77,9 @@ module SkinnyControllers
 
     # In order of most specific, to least specific:
     # - {action}_{model_name}_params
-    # - {model_name}_params
+    # - {action}_params
+    # - {model_key}_params
+    # - resource_params
     # - params
     #
     # It's recommended to use whitelisted strong parameters on
@@ -100,16 +102,26 @@ module SkinnyControllers
           _lookup.model_name.underscore
         end
 
-      action_params_method = "#{action_name}_#{model_key}_params"
-      model_params_method = "#{model_key}_params"
+      params_lookups = [
+        # e.g.: create_post_params
+        "#{action_name}_#{model_key}_params",
+        # generic for action
+        "#{action_name}_params",
+        # e.g.: post_params
+        "#{model_key}_params",
+        # most generic
+        'resource_params'
+      ]
+
+      lookup_params_for_action(params_lookups)
+    end
 
-      if respond_to?(action_params_method, true)
-        send(action_params_method)
-      elsif respond_to?(model_params_method, true)
-        send(model_params_method)
-      else
-        params
+    def lookup_params_for_action(lookups)
+      lookups.each do |method_name|
+        return send(method_name) if respond_to?(method_name, true)
       end
+
+      params
     end
 
     # action name is inherited from ActionController::Base

data/lib/skinny_controllers/policy/base.rb

@@ -64,10 +64,6 @@ module SkinnyControllers
       # TODO: think of a way to override the authorized_via_parent functionality
       def read_all?
         return true if authorized_via_parent
-
-        # Might be deceptive...
-        return true if object.nil? || object.empty?
-
         # This is expensive, so try to avoid it
         # TODO: look in to creating a cache for
         # these look ups that's invalidated upon

data/lib/skinny_controllers/version.rb

@@ -1,4 +1,4 @@
 # frozen_string_literal: true
 module SkinnyControllers
-  VERSION = '0.10.6'
+  VERSION = '0.10.7'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: skinny_controllers
 version: !ruby/object:Gem::Version
-  version: 0.10.6
+  version: 0.10.7
 platform: ruby
 authors:
 - L. Preston Sego III
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-15 00:00:00.000000000 Z
+date: 2017-07-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -235,8 +235,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 2.6.8
 signing_key: 
 specification_version: 4
-summary: SkinnyControllers-0.10.6
+summary: SkinnyControllers-0.10.7
 test_files: []