standardapi 1.0.2 → 1.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 00a4ca4a08d5ea94b8ac4bd32a3594e788df0ff8
-  data.tar.gz: 1e7475c8c767003c8772799c15e2c024b972caed
+  metadata.gz: 69566409eb2d53c206772fd1bba289eb016269a4
+  data.tar.gz: bdbbb1c63b34d2eea506cfe63ef1d87a467074cd
 SHA512:
-  metadata.gz: 512d98d1856c2652f27556e76077163a8b74fd40979fe1d544e8ee7a8014d92ddf00ebd8a5b7b7957e32e727516f265b624e1ee85f29c3ee71d10ca3d5ab5c4d
-  data.tar.gz: b6df1f38fbc139cfd9fa9cfd07dbd50436134fecac245853177ffe5af45cc7a8fc3588b0203f80910afa36fc571d29f82ddb0f9cb9dabe65c6b6dd2425a83490
+  metadata.gz: 602ead9fee5724eabfefa6b61510a71f0bf0e0a8b6f2a669561be5d18e44a5ae942bfdca5c1448221336b033dc0f559b687b18ed4449e422726cf9d0bf8852b5
+  data.tar.gz: 441e7a6b71b9f1bf7aa1d018a3c1c5d3c30753aab585e5fea15afab536b1e82bc26595dbe8e0c3410e356e0015bb7d51d430df549b67d4d158d46ec798ea4471

data/README.md

@@ -1,10 +1,56 @@
-# standardapi
+# StandardAPI
+
 StandardAPI makes it easy to expose a query interface for your Rails models
 
+# Installation
+
+    gem install standardapi
+
+In your Gemfile
+
+    gem 'standardapi', require: 'standard_api'
+
+StandardAPI is a module you can include into any controllers you want to have
+API access to, or in the ApplicationController, giving all inherited controller
+access.
+
+    class ApplicationController < ActiveController::Base
+        include StandardAPI
+
+    end
+
+And example contoller and it's tests.
+
+    class PhotosController < ApplicationController
+        include StandardAPI
+
+        # If you have actions you don't want include be sure to hide them,
+        # otherwise if you include StandardAPI::TestCase and you don't have the
+        # action setup, the test will fail.
+        hide_action :destroy
+
+        # Allowed params
+        def photo_params
+          [:id, :file, :caption]
+        end
+  
+        # Allowed orderings
+        def photo_orders
+          [:id, :created_at, :updated_at, :caption]
+        end
+
+        # Allowed includes
+        # You can include the author and the authors photos in the JSON response
+        def photo_includes
+          { :author => [:photos] }
+        end
 
-required models
-- account { mask }
-- api_keys
+        # Mask for Photo. Provide this method if you want to mask some records
+        # The mask is then applyed to all actions when querring ActiveRecord
+        # Will only allow photos that have id one. For more on the syntax see
+        # the activerecord-filter gem.
+        def current_mask
+            { id: 1 }
+        end
 
-# TODO
-- current_mask
+    end

data/lib/standard_api/includes.rb

@@ -0,0 +1,64 @@
+require 'active_support/core_ext/hash/indifferent_access'
+# require 'active_support/core_ext/hash'
+module StandardAPI
+  module Includes
+
+    # :x                            => { x: {} }
+    # [:x, :y]                      => { x: {}, y: {} }
+    # [ { x: true }, { y: true } ]  => { x: {}, y: {} }
+    # { x: true, y: true }          => { x: {}, y: {} }
+    # { x: { y: true } }            => { x: { y: {} } }
+    # { x: [:y] }                   => { x: { y: {} } }
+    def self.normalize(includes)
+      normalized = ActiveSupport::HashWithIndifferentAccess.new
+
+      case includes
+      when Array
+        includes.flatten.compact.each { |v| normalized.merge!(normalize(v)) }
+      when Hash
+        includes.each_pair { |k, v| normalized[k] = normalize(v) }
+      else
+        if ![true, 'true'].include?(includes)
+          normalized[includes] = {}
+        end
+      end
+
+      normalized
+    end
+
+    # sanitize({:key => {}}, [:key]) # => {:key => {}}
+    # sanitize({:key => {}}, {:key => true}) # => {:key => {}}
+    # sanitize({:key => {}}, :value => {}}, [:key]) => # Raises ParseError
+    # sanitize({:key => {}}, :value => {}}, {:key => true}) => # Raises ParseError
+    # sanitize({:key => {:value => {}}}, {:key => [:value]}) # => {:key => {:value => {}}}
+    # sanitize({:key => {:value => {}}}, {:key => {:value => true}}) # => {:key => {:value => {}}}
+    # sanitize({:key => {:value => {}}}, [:key]) => # Raises ParseError
+    def self.sanitize(includes, permit)
+      includes = normalize(includes)
+      permitted = ActiveSupport::HashWithIndifferentAccess.new
+
+      if permit.is_a?(Array)
+        permit = permit.inject({}) { |acc, v| acc[v] = true; acc }
+      end
+
+      permit = normalize(permit.with_indifferent_access)
+      includes.each do |k, v|
+        if permit.has_key?(k) || ['where', 'order'].include?(k.to_s)
+          permitted[k] = sanitize(v, permit[k] || {})
+        else
+          if [:raise, nil].include?(Rails.configuration.try(:action_on_unpermitted_includes))
+            raise(ActionDispatch::ParamsParser::ParseError.new(<<-ERR.squish, nil))
+              Invalid Include: #{k}"
+              Set config.action_on_unpermitted_includes = :warm to log instead of raise
+            ERR
+          else
+            Rails.logger.try(:warn, "Invalid Include: #{k}")
+          end
+        end
+      end
+
+      permitted
+    end
+
+  end
+end

data/lib/standard_api/test_case/index_tests.rb

@@ -42,10 +42,9 @@ module StandardAPI
       end
 
       test '#index.json params[:include]' do
-        create_model
-
+        create_model(:nested)
+        get :index, include: includes, format: 'json'
         includes.each do |included|
-          get :index, include: [included], format: 'json'
           assert JSON.parse(response.body)[0].key?(included.to_s), "#{included.inspect} not included in response"
         end
       end

data/lib/standard_api/views/application/_model.json.jbuilder

@@ -2,16 +2,21 @@ model.attributes.each do |name, value|
   json.set! name, value
 end
 
-includes.each do |inc|
-  if model.class.reflect_on_association(inc).klass.is_a?(ActiveModel)
+includes.each do |inc, subinc|
+  if model.class.reflect_on_association(inc).klass < ActiveRecord::Base
     json.set! inc do
-      json.partial! 'action_controller/standard_api/_model', locals: { model: model.send(inc) }
+      collection = [:has_many, :has_and_belongs_to_many].include?(model.class.reflect_on_association(inc).macro)
+      if collection
+        json.array! model.send(inc), partial: 'application/model', as: :model, locals: { includes: subinc }
+      else
+        json.partial! 'application/model', model: model.send(inc), includes: subinc
+      end
     end
   else
     json.set! inc, model.send(inc)
   end
 end
 
-if model.errors
+if !model.errors.blank?
   json.set! 'errors', model.errors.to_h
 end

data/lib/standard_api.rb

@@ -11,6 +11,8 @@ if !ActionView::Template.registered_template_handler(:jbuilder)
   ActionView::Template.register_template_handler :jbuilder, JbuilderHandler
 end
 
+require 'standard_api/includes'
+
 module StandardAPI
 
   def self.included(klass)
@@ -85,9 +87,8 @@ module StandardAPI
     model.filter(params[:where]).where(current_mask[model.table_name])
   end
 
-  # TODO: sanitize includes
   def includes
-    params[:include] || []
+    @includes ||= StandardAPI::Includes.normalize(params[:include] || [])
   end
 
   # TODO: sanitize orders

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standardapi
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - James Bracy
@@ -52,6 +52,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '4.2'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: jbuilder
   requirement: !ruby/object:Gem::Requirement
@@ -175,6 +189,7 @@ extra_rdoc_files:
 files:
 - README.md
 - lib/standard_api.rb
+- lib/standard_api/includes.rb
 - lib/standard_api/test_case.rb
 - lib/standard_api/test_case/calculate_tests.rb
 - lib/standard_api/test_case/create_tests.rb