whereable 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/README.md +64 -6
- data/lib/whereable.rb +1 -1
- data/lib/whereable.treetop +1 -1
- data/lib/whereable/version.rb +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e05606c44046b2bbc2afb63ad64dc40dfbd950c7e2417f8303ac9d504033fcf9
|
4
|
+
data.tar.gz: e279cfd12a42d0dcc22bd33c2a934875d8c6bf16432c3fd62f53cb3d51bcdb5b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 888cd81cd96258b790b2f789e001572155628837d10bc8e813219618c879540530916b62652249d3334a861ba9e091a2599dfe45acef67e388ad013d79e784f2
|
7
|
+
data.tar.gz: 17764113a90b3dc10742ce4f566029c2a7bb0e9ad7249a701cd598c4666f483e3a4e9dec92a974046f11cb7b65b408cc06f3623f039ebcf3fa2339f730116af0
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,14 +1,13 @@
|
|
1
1
|
# Whereable
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
3
|
+
Translates where-like filter syntax into an Arel-based ActiveRecord scope, so you can safely use SQL syntax in Rails controller parameters.
|
4
|
+
Not as powerful as [Ransack](https://github.com/activerecord-hackery/ransack), but simple and lightweight.
|
6
5
|
|
7
6
|
## Installation
|
8
7
|
|
9
8
|
Add this line to your application's Gemfile:
|
10
9
|
|
11
|
-
```ruby
|
10
|
+
``` ruby
|
12
11
|
gem 'whereable'
|
13
12
|
```
|
14
13
|
|
@@ -22,7 +21,66 @@ Or install it yourself as:
|
|
22
21
|
|
23
22
|
## Usage
|
24
23
|
|
25
|
-
|
24
|
+
Imagine a User model:
|
25
|
+
``` ruby
|
26
|
+
class User < ActiveRecord::Base
|
27
|
+
include Whereable
|
28
|
+
|
29
|
+
validates :username, presence: true, uniqueness: true
|
30
|
+
|
31
|
+
enum role: { standard: 0, admin: 1 }
|
32
|
+
end
|
33
|
+
```
|
34
|
+
With this data:
|
35
|
+
``` ruby
|
36
|
+
User.create!(username: 'Morpheus', role: :admin, born_on: '1961-07-30')
|
37
|
+
User.create!(username: 'Neo', role: :standard, born_on: '1964-09-02')
|
38
|
+
```
|
39
|
+
Let's assume you're allowing filtered API access to your Users,
|
40
|
+
but using the `#standard` scope to keep admins hidden. So your controller might include:
|
41
|
+
``` ruby
|
42
|
+
User.standard.where(params[:filter])
|
43
|
+
```
|
44
|
+
And your white hat API consumers pass in `filter=born_on < '1970-11-11'` to get Users over 50, and …
|
45
|
+
``` ruby
|
46
|
+
User.standard.where("born_on < '1970-11-11'")
|
47
|
+
```
|
48
|
+
returns Neo as expected, so we're all good.
|
49
|
+
|
50
|
+
*Meanwhile…* Your black hat API consumer passes in `filter=true) or (1=1`, and …
|
51
|
+
``` ruby
|
52
|
+
User.standard.where("true) or (1=1")
|
53
|
+
```
|
54
|
+
returns **EVERYONE!!!** *This is how the Matrix gets hacked.*
|
55
|
+
|
56
|
+
Instead add `include Whereable` to your model, and change your controller to:
|
57
|
+
``` ruby
|
58
|
+
User.standard.whereable(params[:filter])
|
59
|
+
```
|
60
|
+
And then …
|
61
|
+
``` ruby
|
62
|
+
User.standard.whereable("born_on < '1970-11-11'")
|
63
|
+
```
|
64
|
+
returns Neo as before, but …
|
65
|
+
``` ruby
|
66
|
+
User.standard.whereable("true) or (1=1")
|
67
|
+
```
|
68
|
+
raises exception …
|
69
|
+
``` ruby
|
70
|
+
Whereable::FilterInvalid ('Invalid filter at ) or (1=1')
|
71
|
+
```
|
72
|
+
|
73
|
+
### Syntax
|
74
|
+
* Supports and/or with nested parentheses as needed
|
75
|
+
* Recognizes these operators: `eq ne gte gt lte lt = != <> >= > <= <`
|
76
|
+
* Column must be to left of operator, and literal to right
|
77
|
+
* Comparing columns is *not* supported
|
78
|
+
* Quotes are optional unless the literal contains spaces or quotes
|
79
|
+
* Supports double or single quotes, and embedded quotes may be backslash escaped
|
80
|
+
* Also supports the PostgreSQL double-single embedded quote
|
81
|
+
* Enum literals must use the *name*, not the database value:
|
82
|
+
* 👍 `User.whereable('role = admin')`
|
83
|
+
* 👎 `User.whereable('role = 1')`
|
26
84
|
|
27
85
|
## Development
|
28
86
|
|
@@ -32,7 +90,7 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
90
|
|
33
91
|
## Contributing
|
34
92
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
93
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/MacksMind/whereable.
|
36
94
|
|
37
95
|
|
38
96
|
## License
|
data/lib/whereable.rb
CHANGED
data/lib/whereable.treetop
CHANGED
@@ -28,7 +28,7 @@ grammar Whereable
|
|
28
28
|
end
|
29
29
|
|
30
30
|
rule operator
|
31
|
-
( 'eq' / 'ne' / 'gte' / 'gt' / 'lte' / 'lt' / '=' / '!=' / '<>' / '>=' / '>' / '<=' / '<' ) <Operator>
|
31
|
+
( 'eq'i / 'ne'i / 'gte'i / 'gt'i / 'lte'i / 'lt'i / '=' / '!=' / '<>' / '>=' / '>' / '<=' / '<' ) <Operator>
|
32
32
|
end
|
33
33
|
|
34
34
|
rule literal
|
data/lib/whereable/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: whereable
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Mack Earnhardt
|
@@ -38,9 +38,10 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
-
description:
|
42
|
-
|
43
|
-
|
41
|
+
description: |
|
42
|
+
Translates where-like filter syntax into an Arel-based ActiveRecord scope,
|
43
|
+
so you can safely use SQL syntax in Rails controller parameters.
|
44
|
+
Not as powerful as Ransack, but simple and lightweight.
|
44
45
|
email:
|
45
46
|
- mack@agilereasoning.com
|
46
47
|
executables: []
|
@@ -78,5 +79,5 @@ requirements: []
|
|
78
79
|
rubygems_version: 3.1.4
|
79
80
|
signing_key:
|
80
81
|
specification_version: 4
|
81
|
-
summary:
|
82
|
+
summary: Translates where-like filter syntax into an Arel-based ActiveRecord scope.
|
82
83
|
test_files: []
|