standardapi 6.0.0.32 → 6.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f8e9f6eee237614e9c303c8fe9e2e624b081272627f9a7aa3f680276872c1a9
-  data.tar.gz: 73ede0c9b6229117b4781071441ac0581a06b16592f95f04959932c010ecb8f0
+  metadata.gz: 7134ec77418da381ff4cb9aa8717f797784ab1f4d45faefde89261e6e7a82ad9
+  data.tar.gz: 83e924e7fd2ded8c5d4239f9d775ef232fa985a4daa838aec374105eed65df2e
 SHA512:
-  metadata.gz: 904192ff81007b628b672e094dfaad19f4b2c49a0e4119631dd46c320a85d0e2c06200b5570d29d3b70ded73046b843dfd28ce3e40358d3b2294bbf9bb7b50f6
-  data.tar.gz: f9ed735aabd0830d6b2c7a390d4f2bca3bf8bcc1d8b806b615a76462404f58c9b65241c75e7b7e62abe84539705249ed10c82f9f5dcc4cc1ee4911e51513200f
+  metadata.gz: 6e477baa763d068d112a29a9539145b75edf47be726c21e679fc4842ae63157914c8b2753f0f7e338c43fe2e328cbe85c4cb3681958113b5533af478bcb43fc3
+  data.tar.gz: 551a57b70b62f0f6c27f97aba97930b220a40b80799058a7c1a35d0d4a0afa787dd760ac01d42110d050a4d0d0f1387d6b00d63629c523c96e0b49a6910b77c1

data/lib/standard_api.rb

@@ -16,3 +16,7 @@ require 'standard_api/helpers'
 require 'standard_api/route_helpers'
 require 'standard_api/active_record/connection_adapters/postgresql/schema_statements'
 require 'standard_api/railtie'
+
+module StandardAPI
+  autoload :AccessControlList, 'standard_api/access_control_list'
+end

data/lib/standard_api/access_control_list.rb

@@ -0,0 +1,114 @@
+module StandardAPI
+  module AccessControlList
+
+    def self.traverse(path, prefix: nil, &block)
+      path.children.each do |child|
+        if child.file? && child.basename('.rb').to_s.ends_with?('_acl')
+          block.call([prefix, child.basename('.rb').to_s].compact.join('/'))
+        elsif child.directory?
+          traverse(child, prefix: [prefix, child.basename.to_s].compact.join('/'), &block)
+        end
+      end
+    end
+
+    def self.included(application_controller)
+      acl_dir = Rails.application.root.join('app', 'controllers', 'acl')
+      return if !acl_dir.exist?
+
+      traverse(acl_dir) do |child|
+        mod = child.classify.constantize
+        prefix = child.delete_suffix('_acl').gsub('/', '_')
+
+        [:orders, :includes, :attributes].each do |m|
+          next if !mod.instance_methods.include?(m)
+          mod.send :alias_method, "#{prefix}_#{m}".to_sym, m
+          mod.send :remove_method, m
+        end
+
+        if mod.instance_methods.include?(:nested)
+          mod.send :alias_method, "nested_#{prefix}_attributes".to_sym, :nested
+          mod.send :remove_method, :nested
+        end
+
+        if mod.instance_methods.include?(:filter)
+          mod.send :alias_method, "filter_#{prefix}_params".to_sym, :filter
+          mod.send :remove_method, :filter
+        end
+
+        application_controller.include mod
+      end
+    end
+
+    def model_orders
+      if self.respond_to?("#{model.model_name.singular}_orders", true)
+        self.send("#{model.model_name.singular}_orders")
+      else
+        []
+      end
+    end
+
+    def model_params
+      if self.respond_to?("filter_#{model_name(model)}_params", true)
+        self.send("filter_#{model_name(model)}_params", params[model_name(model)], id: params[:id])
+      else
+        filter_model_params(params[model_name(model)], model.base_class)
+      end
+    end
+
+    def filter_model_params(model_params, model, id: nil, allow_id: nil)
+      permitted_params = if self.respond_to?("#{model_name(model)}_attributes", true)
+        permits = self.send("#{model_name(model)}_attributes")
+
+        allow_id ? model_params.permit(permits, :id) : model_params.permit(permits)
+      else
+        ActionController::Parameters.new
+      end
+
+      if self.respond_to?("nested_#{model_name(model)}_attributes", true)
+        self.send("nested_#{model_name(model)}_attributes").each do |relation|
+          relation = model.reflect_on_association(relation)
+          attributes_key = "#{relation.name}_attributes"
+
+          if model_params.has_key?(attributes_key)
+            filter_method = "filter_#{relation.klass.base_class.model_name.singular}_params"
+            if model_params[attributes_key].nil?
+              permitted_params[attributes_key] = nil
+            elsif model_params[attributes_key].is_a?(Array) && model_params[attributes_key].all? { |a| a.keys.map(&:to_sym) == [:id] }
+              permitted_params["#{relation.name.to_s.singularize}_ids"] = model_params[attributes_key].map{|a| a['id']}
+            elsif self.respond_to?(filter_method, true)
+              permitted_params[attributes_key] = if model_params[attributes_key].is_a?(Array)
+                model_params[attributes_key].map { |i| self.send(filter_method, i, allow_id: true) }
+              else
+                self.send(filter_method, model_params[attributes_key], allow_id: true)
+              end
+            else
+              permitted_params[attributes_key] = if model_params[attributes_key].is_a?(Array)
+                model_params[attributes_key].map { |i| filter_model_params(i, relation.klass.base_class, allow_id: true) }
+              else
+                filter_model_params(model_params[attributes_key], relation.klass.base_class, allow_id: true)
+              end
+            end
+          elsif relation.collection? && model_params.has_key?("#{relation.name.to_s.singularize}_ids")
+            permitted_params["#{relation.name.to_s.singularize}_ids"] = model_params["#{relation.name.to_s.singularize}_ids"]
+          elsif model_params.has_key?(relation.foreign_key)
+            permitted_params[relation.foreign_key] = model_params[relation.foreign_key]
+            permitted_params[relation.foreign_type] = model_params[relation.foreign_type] if relation.polymorphic?
+          end
+
+          permitted_params.permit!
+        end
+      end
+
+      permitted_params
+    end
+
+    def model_name(model)
+      if model.model_name.singular.starts_with?('habtm_')
+        model.reflect_on_all_associations.map { |a| a.klass.base_class.model_name.singular }.sort.join('_')
+      else
+        model.model_name.singular
+      end
+    end
+
+  end
+end

data/lib/standard_api/controller.rb

@@ -107,12 +107,16 @@ module StandardAPI
 
     def remove_resource
       resource = resources.find(params[:id])
-      subresource_class = resource.association(params[:relationship]).klass
-      subresource = subresource_class.find_by_id(params[:resource_id])
+      association = resource.association(params[:relationship])
+      subresource = association.klass.find_by_id(params[:resource_id])
 
       if(subresource)
-        result = resource.send(params[:relationship]).delete(subresource)
-        head result ? :no_content : :bad_request
+        if association.is_a? ActiveRecord::Associations::HasManyAssociation
+          resource.send(params[:relationship]).delete(subresource)
+        else
+          resource.send("#{params[:relationship]}=", nil)
+        end
+        head :no_content
       else
         head :not_found
       end
@@ -120,11 +124,15 @@ module StandardAPI
 
     def add_resource
       resource = resources.find(params[:id])
+      association = resource.association(params[:relationship])
+      subresource = association.klass.find_by_id(params[:resource_id])
 
-      subresource_class = resource.association(params[:relationship]).klass
-      subresource = subresource_class.find_by_id(params[:resource_id])
       if(subresource)
-        result = resource.send(params[:relationship]) << subresource
+        if association.is_a? ActiveRecord::Associations::HasManyAssociation
+          result = resource.send(params[:relationship]) << subresource
+        else
+          result = resource.send("#{params[:relationship]}=", subresource)
+        end
         head result ? :created : :bad_request
       else
         head :not_found
@@ -189,7 +197,7 @@ module StandardAPI
       if self.respond_to?("#{model.model_name.singular}_params", true)
         params.require(model.model_name.singular).permit(self.send("#{model.model_name.singular}_params"))
       else
-        []
+        ActionController::Parameters.new
       end
     end
 
@@ -207,7 +215,8 @@ module StandardAPI
     end
 
     def resources
-      query = model.filter(params['where']).filter(current_mask[model.table_name])
+      mask = current_mask[model.table_name] || current_mask[model.table_name.to_sym]
+      query = model.filter(params['where']).filter(mask)
 
       if params[:distinct_on]
         query = query.distinct_on(params[:distinct_on])
@@ -309,7 +318,19 @@ module StandardAPI
       @selects = []
       @selects << params[:group_by] if params[:group_by]
       Array(params[:select]).each do |select|
-        select.each do |func, column|
+        select.each do |func, value|
+          distinct = false
+
+          column = case value
+          when ActionController::Parameters
+            # TODO: Add support for other aggregate expressions
+            # https://www.postgresql.org/docs/current/sql-expressions.html#SYNTAX-AGGREGATES
+            distinct = !value[:distinct].nil?
+            value[:distinct]
+          else
+            value
+          end
+
           if (parts = column.split(".")).length > 1
             @model = parts[0].singularize.camelize.constantize
             column = parts[1]
@@ -318,7 +339,7 @@ module StandardAPI
           column = column == '*' ? Arel.star : column.to_sym
           if functions.include?(func.to_s.downcase)
             node = (defined?(@model) ? @model : model).arel_table[column].send(func)
-            node.distinct = true if params[:distinct]
+            node.distinct = distinct
             @selects << node
           end
         end

data/lib/standard_api/helpers.rb

@@ -80,9 +80,10 @@ module StandardAPI
       end
     end
 
-    def can_cache_relation?(klass, relation, subincludes)
+    def can_cache_relation?(record, relation, subincludes)
+      return false if record.new_record?
       cache_columns = ["#{relation}_cached_at"] + cached_at_columns_for_includes(subincludes).map {|c| "#{relation}_#{c}"}
-      if (cache_columns - klass.column_names).empty?
+      if (cache_columns - record.class.column_names).empty?
         true
       else
         false
@@ -91,7 +92,7 @@ module StandardAPI
 
     def association_cache_key(record, relation, subincludes)
       timestamp = ["#{relation}_cached_at"] + cached_at_columns_for_includes(subincludes).map {|c| "#{relation}_#{c}"}
-      timestamp.map! { |col| record.send(col) }
+      timestamp = (timestamp & record.class.column_names).map! { |col| record.send(col) }
       timestamp = timestamp.max
 
       case association = record.class.reflect_on_association(relation)

data/lib/standard_api/includes.rb

@@ -20,6 +20,15 @@ module StandardAPI
           normalized[k] = case k.to_s
           when 'when', 'where', 'order'
             case v
+            when Array
+              v.map do |x|
+                case x
+                when Hash then x.to_h
+                when ActionController::Parameters then x.to_unsafe_h
+                else
+                  x
+                end
+              end
             when Hash then v.to_h
             when ActionController::Parameters then v.to_unsafe_h
             end

data/lib/standard_api/middleware/query_encoding.rb

@@ -13,8 +13,8 @@ require 'msgpack'
 module StandardAPI
   module Middleware
     class QueryEncoding
-      MSGPACK_MIME_TYPE = "application/msgpack".freeze
-      HTTP_METHOD_OVERRIDE_HEADER = "HTTP_QUERY_ENCODING".freeze
+      MSGPACK_MIME_TYPE = "application/msgpack"
+      HTTP_METHOD_OVERRIDE_HEADER = "HTTP_QUERY_ENCODING"
 
       def initialize(app)
         @app = app
@@ -31,4 +31,4 @@ module StandardAPI
 
     end
   end
-end
+end

data/lib/standard_api/railtie.rb

@@ -1,10 +1,21 @@
 module StandardAPI
   class Railtie < ::Rails::Railtie
 
-    initializer 'standardapi' do
+    initializer 'standardapi', :before => :set_autoload_paths do |app|
+      if app.root.join('app', 'controllers', 'acl').exist?
+        ActiveSupport::Inflector.inflections(:en) do |inflect|
+          inflect.acronym 'ACL'
+        end
+
+        app.config.autoload_paths << app.root.join('app', 'controllers', 'acl').to_s
+      end
+
+      ActiveSupport.on_load(:before_configuration) do
+        ::ActionDispatch::Routing::Mapper.send :include, StandardAPI::RouteHelpers
+      end
+
       ActiveSupport.on_load(:action_view) do
         ::ActionView::Base.send :include, StandardAPI::Helpers
-        ::ActionDispatch::Routing::Mapper.send :include, StandardAPI::RouteHelpers
       end
     end
 

data/lib/standard_api/route_helpers.rb

@@ -1,10 +1,10 @@
 module StandardAPI
   module RouteHelpers
-    
+
     # StandardAPI wrapper for ActionDispatch::Routing::Mapper::Resources#resources
     #
     # Includes the following routes
-    #   
+    #
     #   GET /schema
     #   GET /calculate
     #
@@ -20,7 +20,7 @@ module StandardAPI
     #   end
     def standard_resources(*resources, &block)
       options = resources.extract_options!.dup
-      
+
       resources(*resources, options) do
         get :schema, on: :collection
         get :calculate, on: :collection
@@ -33,7 +33,7 @@ module StandardAPI
     # StandardAPI wrapper for ActionDispatch::Routing::Mapper::Resources#resource
     #
     # Includes the following routes
-    #   
+    #
     #   GET /schema
     #   GET /calculate
     #
@@ -49,7 +49,7 @@ module StandardAPI
     #   end
     def standard_resource(*resource, &block)
       options = resource.extract_options!.dup
-      
+
       resource(*resource, options) do
         get :schema, on: :collection
         get :calculate, on: :collection

data/lib/standard_api/test_case.rb

@@ -25,8 +25,7 @@ module StandardAPI::TestCase
     end
 
     begin
-      model_class_name = klass.name.gsub(/ControllerTest$/, '').singularize
-      model_class = model_class_name.constantize
+      model_class = klass.name.gsub(/Test$/, '').constantize.model
 
       klass.send(:filters=, model_class.attribute_names)
       klass.send(:orders=, model_class.attribute_names)
@@ -138,8 +137,19 @@ module StandardAPI::TestCase
 
   def view_attributes(record)
     return [] if record.nil?
-    record.attributes.select { |x| !@controller.send(:excludes_for, record.class).include?(x.to_sym) }
+    record.attributes.select do |x|
+      !@controller.send(:excludes_for, record.class).include?(x.to_sym)
+    end
+  end
+
+  def update_attributes(record)
+    return [] if record.nil?
+    record.attributes.select do |x|
+      !record.class.readonly_attributes.include?(x.to_s) &&
+      !@controller.send(:excludes_for, record.class).include?(x.to_sym)
+    end
   end
+  alias_method :create_attributes, :update_attributes
 
   module ClassMethods
 

data/lib/standard_api/test_case/calculate_tests.rb

@@ -26,8 +26,14 @@ module StandardAPI
         calculations = @controller.instance_variable_get('@calculations')
         expectations = selects.map { |s| model.send(s.keys.first, column.name) }
         expectations = [expectations] if expectations.length > 1
-        assert_equal expectations,
-          calculations
+
+        if math_column
+          assert_equal expectations.map { |a| a.map { |b| b.round(9) } },
+            calculations.map { |a| a.map { |b| b.round(9) } }
+        else
+          assert_equal expectations.map { |b| b.round(9) },
+            calculations.map { |b| b.round(9) }
+        end
       end
 
       test '#calculate.json params[:where]' do

data/lib/standard_api/test_case/create_tests.rb

@@ -22,7 +22,7 @@ module StandardAPI
           json = JSON.parse(response.body)
           assert json.is_a?(Hash)
 
-          view_attributes(m.reload).select { |x| attrs.keys.map(&:to_s).include?(x) }.each do |key, value|
+          create_attributes(m.reload).select { |x| attrs.keys.map(&:to_s).include?(x) }.each do |key, value|
             message = "Model / Attribute: #{m.class.name}##{key}"
             if value.is_a?(BigDecimal)
               assert_equal_or_nil normalize_to_json(m, key, attrs[key.to_sym]).to_s.to_f, json[key.to_s].to_s.to_f, message
@@ -53,9 +53,9 @@ module StandardAPI
           json = JSON.parse(response.body)
           assert json.is_a?(Hash)
           m.reload
-          view_attributes(m).select { |x| attrs.keys.map(&:to_s).include?(x) }.each do |key, value|
+          create_attributes(m).select { |x| attrs.keys.map(&:to_s).include?(x) }.each do |key, value|
             message = "Model / Attribute: #{m.class.name}##{key}"
-            assert_equal_or_nil normalize_attribute(m, key, attrs[key.to_sym]), value, message
+            assert_equal_or_nil normalize_attribute(m, key, attrs[key.to_sym]), normalize_attribute(m, key, value), message
           end
         end
       end
@@ -64,8 +64,7 @@ module StandardAPI
         trait = FactoryBot.factories[singular_name].definition.defined_traits.any? { |x| x.name.to_s == 'invalid' }
 
         if !trait
-          Rails.logger.try(:warn, "No invalid trait for #{model.name}. Skipping invalid tests")
-          warn("No invalid trait for #{model.name}. Skipping invalid tests")
+          skip("No invalid trait for #{model.name}. Skipping invalid tests")
           return
         end
 
@@ -106,8 +105,7 @@ module StandardAPI
         trait = FactoryBot.factories[singular_name].definition.defined_traits.any? { |x| x.name.to_s == 'invalid' }
 
         if !trait
-          Rails.logger.try(:warn, "No invalid trait for #{model.name}. Skipping invalid tests")
-          warn("No invalid trait for #{model.name}. Skipping invalid tests")
+          skip("No invalid trait for #{model.name}. Skipping invalid tests")
           return
         end
 
@@ -146,7 +144,7 @@ module StandardAPI
               next if !association
 
               if ['belongs_to', 'has_one'].include?(association.macro.to_s)
-                view_attributes(m.send(included)) do |key, value|
+                create_attributes(m.send(included)) do |key, value|
                   assert_equal json[included.to_s][key.to_s], normalize_to_json(m, key, value)
                 end
               else
@@ -160,7 +158,7 @@ module StandardAPI
                   nil
                 end
 
-                view_attributes(m2).each do |key, value|
+                create_attributes(m2).each do |key, value|
                   message = "Model / Attribute: #{m2.class.name}##{key}"
                   if m_json[key.to_s].nil?
                     assert_nil normalize_to_json(m2, key, value), message