standardapi 6.0.0.26 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6327d5995d8b86de6c3f0513a922bc45115a002290fe0ad1e4f0cf639ade1427
-  data.tar.gz: 83bf723915282b111cd22f17845b6c30e9140e5bf03832966bae4c548c380388
+  metadata.gz: 7134ec77418da381ff4cb9aa8717f797784ab1f4d45faefde89261e6e7a82ad9
+  data.tar.gz: 83e924e7fd2ded8c5d4239f9d775ef232fa985a4daa838aec374105eed65df2e
 SHA512:
-  metadata.gz: c916b7ac39169c32ab99f285c4f3bc6cf8c67b790b4e8055c530c22658ed51382baf66e966b317a48996e8bc7820e0f483ac3bb0abc83ea0f803060cf220e1b6
-  data.tar.gz: f42efcea4be0ed86b9ff2ccd66799cadfb8058e3d5d32dfa02bffca257c644f011632da98d796c8fbf6295e6915e58bfdb4cab75941543a490da3a99976b0ab2
+  metadata.gz: 6e477baa763d068d112a29a9539145b75edf47be726c21e679fc4842ae63157914c8b2753f0f7e338c43fe2e328cbe85c4cb3681958113b5533af478bcb43fc3
+  data.tar.gz: 551a57b70b62f0f6c27f97aba97930b220a40b80799058a7c1a35d0d4a0afa787dd760ac01d42110d050a4d0d0f1387d6b00d63629c523c96e0b49a6910b77c1

data/README.md

@@ -105,11 +105,12 @@ including the author, the photos that the author took can also be included.
 # API Usage
 Resources can be queried via REST style end points
 ```
-GET     /records/:id    fetch record
-PATCH   /records/:id    update record
-GET     /records        fetch records
-POST    /records        create record
-DELETE  /records        destroy record
+GET     /records/:id        fetch record
+PATCH   /records/:id        update record
+GET     /records/           fetch records
+GET     /records/calculate  apply count and other functions on record(s)
+POST    /records            create record
+DELETE  /records            destroy record
 ```
 
 All resource end points can be filtered, ordered, limited, offset, and have includes. All options are passed via query string in a nested URI encoded format.
@@ -163,8 +164,16 @@ location: {within: 0106000020e6...}         WHERE ST_Within("listings"."location
 
 // On Relationships
 property: {size: 10000}         JOIN properties WHERE properties.size = 10000"
+```
+## Calculations
+
+The only change on calculate routes is the `selects` paramater contains the functions to apply. Currently just `minimum`, `maximum`, `average`, `sum`, and `count`.
 
-// 
+```
+{ count: '*' }                                          SELECT COUNT(*)
+[{ count: '*' }]                                        SELECT COUNT(*)
+[{ count: '*', maximum: :id, minimum: :id }]            SELECT COUNT(*), MAXIMUM(id), MINIMUM(id)
+[{ maximum: :id }, { maximum: :count }]                 SELECT MAXIMUM(id), MAXIMUM(count)
 ```
 
 # Testing

data/lib/standard_api.rb

@@ -14,4 +14,9 @@ require 'standard_api/includes'
 require 'standard_api/controller'
 require 'standard_api/helpers'
 require 'standard_api/route_helpers'
+require 'standard_api/active_record/connection_adapters/postgresql/schema_statements'
 require 'standard_api/railtie'
+
+module StandardAPI
+  autoload :AccessControlList, 'standard_api/access_control_list'
+end

data/lib/standard_api/access_control_list.rb

@@ -0,0 +1,114 @@
+module StandardAPI
+  module AccessControlList
+
+    def self.traverse(path, prefix: nil, &block)
+      path.children.each do |child|
+        if child.file? && child.basename('.rb').to_s.ends_with?('_acl')
+          block.call([prefix, child.basename('.rb').to_s].compact.join('/'))
+        elsif child.directory?
+          traverse(child, prefix: [prefix, child.basename.to_s].compact.join('/'), &block)
+        end
+      end
+    end
+
+    def self.included(application_controller)
+      acl_dir = Rails.application.root.join('app', 'controllers', 'acl')
+      return if !acl_dir.exist?
+
+      traverse(acl_dir) do |child|
+        mod = child.classify.constantize
+        prefix = child.delete_suffix('_acl').gsub('/', '_')
+
+        [:orders, :includes, :attributes].each do |m|
+          next if !mod.instance_methods.include?(m)
+          mod.send :alias_method, "#{prefix}_#{m}".to_sym, m
+          mod.send :remove_method, m
+        end
+
+        if mod.instance_methods.include?(:nested)
+          mod.send :alias_method, "nested_#{prefix}_attributes".to_sym, :nested
+          mod.send :remove_method, :nested
+        end
+
+        if mod.instance_methods.include?(:filter)
+          mod.send :alias_method, "filter_#{prefix}_params".to_sym, :filter
+          mod.send :remove_method, :filter
+        end
+
+        application_controller.include mod
+      end
+    end
+
+    def model_orders
+      if self.respond_to?("#{model.model_name.singular}_orders", true)
+        self.send("#{model.model_name.singular}_orders")
+      else
+        []
+      end
+    end
+
+    def model_params
+      if self.respond_to?("filter_#{model_name(model)}_params", true)
+        self.send("filter_#{model_name(model)}_params", params[model_name(model)], id: params[:id])
+      else
+        filter_model_params(params[model_name(model)], model.base_class)
+      end
+    end
+
+    def filter_model_params(model_params, model, id: nil, allow_id: nil)
+      permitted_params = if self.respond_to?("#{model_name(model)}_attributes", true)
+        permits = self.send("#{model_name(model)}_attributes")
+
+        allow_id ? model_params.permit(permits, :id) : model_params.permit(permits)
+      else
+        ActionController::Parameters.new
+      end
+
+      if self.respond_to?("nested_#{model_name(model)}_attributes", true)
+        self.send("nested_#{model_name(model)}_attributes").each do |relation|
+          relation = model.reflect_on_association(relation)
+          attributes_key = "#{relation.name}_attributes"
+
+          if model_params.has_key?(attributes_key)
+            filter_method = "filter_#{relation.klass.base_class.model_name.singular}_params"
+            if model_params[attributes_key].nil?
+              permitted_params[attributes_key] = nil
+            elsif model_params[attributes_key].is_a?(Array) && model_params[attributes_key].all? { |a| a.keys.map(&:to_sym) == [:id] }
+              permitted_params["#{relation.name.to_s.singularize}_ids"] = model_params[attributes_key].map{|a| a['id']}
+            elsif self.respond_to?(filter_method, true)
+              permitted_params[attributes_key] = if model_params[attributes_key].is_a?(Array)
+                model_params[attributes_key].map { |i| self.send(filter_method, i, allow_id: true) }
+              else
+                self.send(filter_method, model_params[attributes_key], allow_id: true)
+              end
+            else
+              permitted_params[attributes_key] = if model_params[attributes_key].is_a?(Array)
+                model_params[attributes_key].map { |i| filter_model_params(i, relation.klass.base_class, allow_id: true) }
+              else
+                filter_model_params(model_params[attributes_key], relation.klass.base_class, allow_id: true)
+              end
+            end
+          elsif relation.collection? && model_params.has_key?("#{relation.name.to_s.singularize}_ids")
+            permitted_params["#{relation.name.to_s.singularize}_ids"] = model_params["#{relation.name.to_s.singularize}_ids"]
+          elsif model_params.has_key?(relation.foreign_key)
+            permitted_params[relation.foreign_key] = model_params[relation.foreign_key]
+            permitted_params[relation.foreign_type] = model_params[relation.foreign_type] if relation.polymorphic?
+          end
+
+          permitted_params.permit!
+        end
+      end
+
+      permitted_params
+    end
+
+    def model_name(model)
+      if model.model_name.singular.starts_with?('habtm_')
+        model.reflect_on_all_associations.map { |a| a.klass.base_class.model_name.singular }.sort.join('_')
+      else
+        model.model_name.singular
+      end
+    end
+
+  end
+end

data/lib/standard_api/active_record/connection_adapters/postgresql/schema_statements.rb

@@ -0,0 +1,21 @@
+module ActiveRecord
+  module ConnectionAdapters
+    class PostgreSQLAdapter < AbstractAdapter
+
+      # Returns a comment stored in database for given table
+      def database_comment(database_name=nil) # :nodoc:
+        database_name ||= current_database
+
+        scope = quoted_scope(database_name, type: "BASE TABLE")
+        if scope[:name]
+          query_value(<<~SQL, "SCHEMA")
+            SELECT pg_catalog.shobj_description(d.oid, 'pg_database')
+            FROM   pg_catalog.pg_database d
+            WHERE  datname = #{scope[:name]};
+          SQL
+        end
+      end
+
+    end
+  end
+end

data/lib/standard_api/controller.rb

@@ -1,10 +1,13 @@
 module StandardAPI
   module Controller
 
+    delegate :preloadables, to: :helpers
+
     def self.included(klass)
-      klass.helper_method :includes, :orders, :model, :resource_limit,
-        :default_limit, :preloadables
+      klass.helper_method :includes, :orders, :model, :models, :resource_limit,
+        :default_limit
       klass.before_action :set_standardapi_headers
+      klass.rescue_from StandardAPI::ParameterMissing, with: :bad_request
       klass.rescue_from StandardAPI::UnpermittedParameters, with: :bad_request
       klass.append_view_path(File.join(File.dirname(__FILE__), 'views'))
       klass.extend(ClassMethods)
@@ -13,11 +16,17 @@ module StandardAPI
     def tables
       Rails.application.eager_load! if !Rails.application.config.eager_load
 
-      controllers = ApplicationController.descendants
-      controllers.select! { |c| c.ancestors.include?(self.class) && c != self.class }
-      controllers.map!(&:model).compact!
-      controllers.map!(&:table_name)
-      render json: controllers
+      tables = ApplicationController.descendants
+      tables.select! { |c| c.ancestors.include?(self.class) && c != self.class }
+      tables.map!(&:model).compact!
+      tables.map!(&:table_name)
+      render json: tables
+    end
+
+    if Rails.env == 'development'
+      def schema
+        Rails.application.eager_load! if !Rails.application.config.eager_load
+      end
     end
 
     def index
@@ -34,7 +43,7 @@ module StandardAPI
         end
       end
       @calculations = Hash[@calculations] if @calculations[0].is_a?(Array) && params[:group_by]
-      
+
       render json: @calculations
     end
 
@@ -95,32 +104,40 @@ module StandardAPI
       resources.find(params[:id]).destroy!
       head :no_content
     end
-    
+
     def remove_resource
       resource = resources.find(params[:id])
-      subresource_class = resource.association(params[:relationship]).klass
-      subresource = subresource_class.find_by_id(params[:resource_id])
-      
+      association = resource.association(params[:relationship])
+      subresource = association.klass.find_by_id(params[:resource_id])
+
       if(subresource)
-        result = resource.send(params[:relationship]).delete(subresource)
-        head result ? :no_content : :bad_request
+        if association.is_a? ActiveRecord::Associations::HasManyAssociation
+          resource.send(params[:relationship]).delete(subresource)
+        else
+          resource.send("#{params[:relationship]}=", nil)
+        end
+        head :no_content
       else
         head :not_found
       end
     end
-    
+
     def add_resource
       resource = resources.find(params[:id])
-      
-      subresource_class = resource.association(params[:relationship]).klass
-      subresource = subresource_class.find_by_id(params[:resource_id])
+      association = resource.association(params[:relationship])
+      subresource = association.klass.find_by_id(params[:resource_id])
+
       if(subresource)
-        result = resource.send(params[:relationship]) << subresource
+        if association.is_a? ActiveRecord::Associations::HasManyAssociation
+          result = resource.send(params[:relationship]) << subresource
+        else
+          result = resource.send("#{params[:relationship]}=", subresource)
+        end
         head result ? :created : :bad_request
       else
         head :not_found
       end
-      
+
     end
 
     # Override if you want to support masking
@@ -129,7 +146,7 @@ module StandardAPI
     end
 
     module ClassMethods
-    
+
       def model
         return @model if defined?(@model)
         @model = name.sub(/Controller\z/, '').singularize.camelize.safe_constantize
@@ -151,6 +168,15 @@ module StandardAPI
       self.class.model
     end
 
+    def models
+      return @models if defined?(@models)
+      Rails.application.eager_load! if !Rails.application.config.eager_load
+
+      @models = ApplicationController.descendants
+      @models.select! { |c| c.ancestors.include?(self.class) && c != self.class }
+      @models.map!(&:model).compact!
+    end
+
     def model_includes
       if self.respond_to?("#{model.model_name.singular}_includes", true)
         self.send("#{model.model_name.singular}_includes")
@@ -171,7 +197,7 @@ module StandardAPI
       if self.respond_to?("#{model.model_name.singular}_params", true)
         params.require(model.model_name.singular).permit(self.send("#{model.model_name.singular}_params"))
       else
-        []
+        ActionController::Parameters.new
       end
     end
 
@@ -189,82 +215,41 @@ module StandardAPI
     end
 
     def resources
-      query = model.filter(params['where']).filter(current_mask[model.table_name])
-      
+      mask = current_mask[model.table_name] || current_mask[model.table_name.to_sym]
+      query = model.filter(params['where']).filter(mask)
+
       if params[:distinct_on]
         query = query.distinct_on(params[:distinct_on])
       elsif params[:distinct]
         query = query.distinct
       end
-      
+
       if params[:join]
         query = query.joins(params[:join].to_sym)
       end
-      
+
       if params[:group_by]
         query = query.group(params[:group_by])
       end
-      
+
       query
     end
 
     def includes
       @includes ||= StandardAPI::Includes.sanitize(params[:include], model_includes)
     end
-    
-    def preloadables(record, includes)
-      preloads = {}
-      
-      includes.each do |key, value|
-        if reflection = record.klass.reflections[key]
-          case value
-          when true
-            preloads[key] = value
-          when Hash, ActiveSupport::HashWithIndifferentAccess
-            if !value.keys.any? { |x| ['when', 'where', 'limit', 'offset', 'order', 'distinct'].include?(x) }
-              if !reflection.polymorphic?
-                preloads[key] = preloadables_hash(reflection.klass, value)
-              end
-            end
-          end
-        end
-      end
-      
-      preloads.empty? ? record : record.preload(preloads)
-    end
-
-    def preloadables_hash(klass, iclds)
-      preloads = {}
-
-      iclds.each do |key, value|
-        if reflection = klass.reflections[key] 
-          case value
-          when true
-            preloads[key] = value
-          when Hash, ActiveSupport::HashWithIndifferentAccess
-            if !value.keys.any? { |x| ['when', 'where', 'limit', 'offset', 'order', 'distinct'].include?(x) }
-              if !reflection.polymorphic?
-                preloads[key] = preloadables_hash(reflection.klass, value)
-              end
-            end
-          end
-        end
-      end
-  
-      preloads
-    end
-    
+
     def required_orders
       []
     end
-    
+
     def default_orders
       nil
     end
 
     def orders
       exluded_required_orders = required_orders.map(&:to_s)
-      
+
       case params[:order]
       when Hash, ActionController::Parameters
         exluded_required_orders -= params[:order].keys.map(&:to_s)
@@ -280,7 +265,7 @@ module StandardAPI
       when String
         exluded_required_orders.delete(params[:order])
       end
-      
+
       if !exluded_required_orders.empty?
         params[:order] = exluded_required_orders.unshift(params[:order])
       end
@@ -309,9 +294,9 @@ module StandardAPI
         limit = params.permit(:limit)[:limit]&.to_i || default_limit
 
         if !limit
-          raise ActionController::ParameterMissing.new(:limit)
+          raise StandardAPI::ParameterMissing.new(:limit)
         elsif limit > resource_limit
-          raise ActionController::UnpermittedParameters.new([:limit, limit])
+          raise StandardAPI::UnpermittedParameters.new([:limit, limit])
         end
 
         limit
@@ -333,16 +318,28 @@ module StandardAPI
       @selects = []
       @selects << params[:group_by] if params[:group_by]
       Array(params[:select]).each do |select|
-        select.each do |func, column|
+        select.each do |func, value|
+          distinct = false
+
+          column = case value
+          when ActionController::Parameters
+            # TODO: Add support for other aggregate expressions
+            # https://www.postgresql.org/docs/current/sql-expressions.html#SYNTAX-AGGREGATES
+            distinct = !value[:distinct].nil?
+            value[:distinct]
+          else
+            value
+          end
+
           if (parts = column.split(".")).length > 1
             @model = parts[0].singularize.camelize.constantize
             column = parts[1]
           end
-          
+
           column = column == '*' ? Arel.star : column.to_sym
           if functions.include?(func.to_s.downcase)
             node = (defined?(@model) ? @model : model).arel_table[column].send(func)
-            node.distinct = true if params[:distinct]
+            node.distinct = distinct
             @selects << node
           end
         end