Module: RESTFramework::BaseModelControllerMixin

Includes:

BaseControllerMixin

Included in:

ModelControllerMixin, ReadOnlyModelControllerMixin

Defined in:

lib/rest_framework/controller_mixins/models.rb

Overview

This module provides the core functionality for controllers based on models.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

BASE64_REGEX =

/data:(.*);base64,(.*)/

BASE64_TRANSLATE =

->(field, value) {
  _, content_type, payload = value.match(BASE64_REGEX).to_a
  return {
    io: StringIO.new(Base64.decode64(payload)),
    content_type: content_type,
    filename: "image_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
  }
}

RRF_BASE_MODEL_CONFIG =

{
  # Core attributes related to models.
  model: nil,
  recordset: nil,

  # Attributes for configuring record fields.
  fields: nil,
  field_config: nil,

  # Options for what should be included/excluded from default fields.
  exclude_associations: false,
  include_active_storage: false,
  include_action_text: false,
}

RRF_BASE_MODEL_INSTANCE_CONFIG =

{
  # Attributes for finding records.
  find_by_fields: nil,
  find_by_query_param: "find_by",

  # Options for handling request body parameters.
  allowed_parameters: nil,
  filter_pk_from_request_body: true,
  exclude_body_fields: %w[
    created_at
    created_by
    created_by_id
    updated_at
    updated_by
    updated_by_id
    _method
    utf8
    authenticity_token
  ].freeze,

  # Attributes for the default native serializer.
  native_serializer_config: nil,
  native_serializer_singular_config: nil,
  native_serializer_plural_config: nil,
  native_serializer_only_query_param: "only",
  native_serializer_except_query_param: "except",
  native_serializer_associations_limit: nil,
  native_serializer_associations_limit_query_param: "associations_limit",
  native_serializer_include_associations_count: false,

  # Attributes for default model filtering, ordering, and searching.
  filterset_fields: nil,
  ordering_fields: nil,
  ordering_query_param: "ordering",
  ordering_no_reorder: false,
  search_fields: nil,
  search_query_param: "search",
  search_ilike: false,

  # Options for association assignment.
  permit_id_assignment: true,
  permit_nested_attributes_assignment: true,

  # Option for `recordset.create` vs `Model.create` behavior.
  create_from_recordset: true,

  # Control if filtering is done before find.
  filter_recordset_before_find: true,

  # Options for `ransack` filtering.
  ransack_options: nil,
  ransack_query_param: "q",
  ransack_distinct: true,
  ransack_distinct_query_param: "distinct",
}

Constants included from BaseControllerMixin

RESTFramework::BaseControllerMixin::RRF_BASE_CONFIG, RESTFramework::BaseControllerMixin::RRF_BASE_INSTANCE_CONFIG

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #bulk_serialize(records) ⇒ Object

  Serialize the records, but also include any errors that might exist.

• #get_allowed_parameters ⇒ Object

  Get a list of parameters allowed for the current action.

• #get_body_params(bulk_mode: nil) ⇒ Object (also: #get_create_params, #get_update_params)

  Use strong parameters to filter the request body using the configured allowed parameters.

• #get_create_from ⇒ Object

  Determine what collection to call ‘create` on.

• #get_fields ⇒ Object

  Get a list of fields for this controller.

• #get_filter_backends ⇒ Object

  Get filtering backends, defaulting to using ‘ModelQueryFilter`, `ModelOrderingFilter`, and `ModelSearchFilter`.

• #get_options_metadata ⇒ Object

  Pass fields to get dynamic metadata based on which fields are available.

• #get_record ⇒ Object

  Get a single record by primary key or another column, if allowed.

• #get_records ⇒ Object

  Get the records this controller has access to after any filtering is applied.

• #get_recordset ⇒ Object

  Get the set of records this controller has access to.

• #get_recordset_with_includes ⇒ Object

  Get the recordset but with any associations included to avoid N+1 queries.

• #get_serializer_class ⇒ Object

  Get the configured serializer class, or ‘NativeSerializer` as a default.

Methods included from BaseControllerMixin

#api_response, #get_filtered_data, #options, #root, #rrf_error_handler, #serialize

Class Method Details

.included(base) ⇒ Object

# File 'lib/rest_framework/controller_mixins/models.rb', line 389

def self.included(base)
  RESTFramework::BaseControllerMixin.included(base)

  return unless base.is_a?(Class)

  base.extend(ClassMethods)

  # Add class attributes (with defaults) unless they already exist.
  RRF_BASE_MODEL_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default, instance_accessor: false)
  end
  RRF_BASE_MODEL_INSTANCE_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default)
  end
end

Instance Method Details

#bulk_serialize(records) ⇒ Object

Serialize the records, but also include any errors that might exist. This is used for bulk actions, however we include it here so the helper is available everywhere.

# File 'lib/rest_framework/controller_mixins/models.rb', line 648

def bulk_serialize(records)
  # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
  # the serializer directly. This would fail for active model serializers, but maybe we don't
  # care?
  serializer_class = self.get_serializer_class
  serialized_records = records.map do |record|
    serializer_class.new(record, controller: self).serialize.merge!(
      {errors: record.errors.presence}.compact,
    )
  end

  return serialized_records
end

#get_allowed_parameters ⇒ Object

Get a list of parameters allowed for the current action.

# File 'lib/rest_framework/controller_mixins/models.rb', line 420

def get_allowed_parameters
  return @_get_allowed_parameters if defined?(@_get_allowed_parameters)

  @_get_allowed_parameters = self.allowed_parameters
  return @_get_allowed_parameters if @_get_allowed_parameters

  # For fields, automatically add `_id`/`_ids` and `_attributes` variations for associations.
  variations = []
  hash_variations = {}
  reflections = self.class.get_model.reflections
  @_get_allowed_parameters = self.get_fields.map { |f|
    f = f.to_s

    # ActiveStorage Integration: `has_one_attached`.
    if reflections.key?("#{f}_attachment")
      next f
    end

    # ActiveStorage Integration: `has_many_attached`.
    if reflections.key?("#{f}_attachments")
      hash_variations[f] = []
      next nil
    end

    # ActionText Integration.
    if reflections.key?("rich_test_#{f}")
      next f
    end

    # Return field if it's not an association.
    next f unless ref = reflections[f]

    if self.permit_id_assignment && id_field = RESTFramework::Utils.get_id_field(f, ref)
      if id_field.ends_with?("_ids")
        hash_variations[id_field] = []
      else
        variations << id_field
      end
    end

    if self.permit_nested_attributes_assignment
      hash_variations["#{f}_attributes"] = self.class.get_field_config(f)[:sub_fields]
    end

    # Associations are not allowed to be submitted in their bare form.
    next nil
  }.compact
  @_get_allowed_parameters += variations
  @_get_allowed_parameters << hash_variations
  return @_get_allowed_parameters
end

#get_body_params(bulk_mode: nil) ⇒ Object Also known as: get_create_params, get_update_params

Use strong parameters to filter the request body using the configured allowed parameters.

# File 'lib/rest_framework/controller_mixins/models.rb', line 488

def get_body_params(bulk_mode: nil)
  data = self.request.request_parameters
  pk = self.class.get_model&.primary_key
  allowed_params = self.get_allowed_parameters

  # Before we filter the data, dynamically dispatch association assignment to either the id/ids
  # assignment ActiveRecord API or the nested assignment ActiveRecord API. Note that there is no
  # need to check for `permit_id_assignment` or `permit_nested_attributes_assignment` here, since
  # that is enforced by strong parameters generated by `get_allowed_parameters`.
  self.class.get_model.reflections.each do |name, ref|
    if payload = data[name]
      if payload.is_a?(Hash) || (payload.is_a?(Array) && payload.all? { |x| x.is_a?(Hash) })
        # Assume nested attributes assignment.
        attributes_key = "#{name}_attributes"
        data[attributes_key] = data.delete(name) unless data[attributes_key]
      elsif id_field = RESTFramework::Utils.get_id_field(name, ref)
        # Assume id/ids assignment.
        data[id_field] = data.delete(name) unless data[id_field]
      end
    end
  end

  # Filter the request body with strong params. If `bulk` is true, then we apply allowed
  # parameters to the `_json` key of the request body.
  body_params = if allowed_params == true
    ActionController::Parameters.new(data).permit!
  elsif bulk_mode
    pk = bulk_mode == :update ? [pk] : []
    ActionController::Parameters.new(data).permit({_json: allowed_params + pk})
  else
    ActionController::Parameters.new(data).permit(*allowed_params)
  end

  # Filter primary key if configured.
  if self.filter_pk_from_request_body && bulk_mode != :update
    body_params.delete(pk)
  end

  # Filter fields in `exclude_body_fields`.
  (self.exclude_body_fields || []).each { |f| body_params.delete(f) }

  # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
  #
  # rubocop:disable Layout/LineLength
  #
  # Good example base64 image:
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAYCAYAAADgdz34AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAApgAAAKYB3X3/OAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAANCSURBVEiJtZZPbBtFFMZ/M7ubXdtdb1xSFyeilBapySVU8h8OoFaooFSqiihIVIpQBKci6KEg9Q6H9kovIHoCIVQJJCKE1ENFjnAgcaSGC6rEnxBwA04Tx43t2FnvDAfjkNibxgHxnWb2e/u992bee7tCa00YFsffekFY+nUzFtjW0LrvjRXrCDIAaPLlW0nHL0SsZtVoaF98mLrx3pdhOqLtYPHChahZcYYO7KvPFxvRl5XPp1sN3adWiD1ZAqD6XYK1b/dvE5IWryTt2udLFedwc1+9kLp+vbbpoDh+6TklxBeAi9TL0taeWpdmZzQDry0AcO+jQ12RyohqqoYoo8RDwJrU+qXkjWtfi8Xxt58BdQuwQs9qC/afLwCw8tnQbqYAPsgxE1S6F3EAIXux2oQFKm0ihMsOF71dHYx+f3NND68ghCu1YIoePPQN1pGRABkJ6Bus96CutRZMydTl+TvuiRW1m3n0eDl0vRPcEysqdXn+jsQPsrHMquGeXEaY4Yk4wxWcY5V/9scqOMOVUFthatyTy8QyqwZ+kDURKoMWxNKr2EeqVKcTNOajqKoBgOE28U4tdQl5p5bwCw7BWquaZSzAPlwjlithJtp3pTImSqQRrb2Z8PHGigD4RZuNX6JYj6wj7O4TFLbCO/Mn/m8R+h6rYSUb3ekokRY6f/YukArN979jcW+V/S8g0eT/N3VN3kTqWbQ428m9/8k0P/1aIhF36PccEl6EhOcAUCrXKZXXWS3XKd2vc/TRBG9O5ELC17MmWubD2nKhUKZa26Ba2+D3P+4/MNCFwg59oWVeYhkzgN/JDR8deKBoD7Y+ljEjGZ0sosXVTvbc6RHirr2reNy1OXd6pJsQ+gqjk8VWFYmHrwBzW/n+uMPFiRwHB2I7ih8ciHFxIkd/3Omk5tCDV1t+2nNu5sxxpDFNx+huNhVT3/zMDz8usXC3ddaHBj1GHj/As08fwTS7Kt1HBTmyN29vdwAw+/wbwLVOJ3uAD1wi/dUH7Qei66PfyuRj4Ik9is+hglfbkbfR3cnZm7chlUWLdwmprtCohX4HUtlOcQjLYCu+fzGJH2QRKvP3UNz8bWk1qMxjGTOMThZ3kvgLI5AzFfo379UAAAAASUVORK5CYII=
  #
  # rubocop:enable Layout/LineLength
  self.class.get_model.attachment_reflections.keys.each do |k|
    next unless (body_params[k].is_a?(String) && body_params[k].match?(BASE64_REGEX)) ||
      (body_params[k].is_a?(Array) && body_params[k].all? { |v|
        v.is_a?(String) && v.match?(BASE64_REGEX)
      })

    if body_params[k].is_a?(Array)
      body_params[k] = body_params[k].map { |v| BASE64_TRANSLATE.call(k, v) }
    else
      body_params[k] = BASE64_TRANSLATE.call(k, body_params[k])
    end
  end

  return body_params
end

#get_create_from ⇒ Object

Determine what collection to call ‘create` on.

# File 'lib/rest_framework/controller_mixins/models.rb', line 634

def get_create_from
  if self.create_from_recordset
    # Create with any properties inherited from the recordset. We exclude any `select` clauses
    # in case model callbacks need to call `count` on this collection, which typically raises a
    # SQL `SyntaxError`.
    self.get_recordset.except(:select)
  else
    # Otherwise, perform a "bare" insert_all.
    self.class.get_model
  end
end

#get_fields ⇒ Object

Get a list of fields for this controller.

# File 'lib/rest_framework/controller_mixins/models.rb', line 410

def get_fields
  return self.class.get_fields(input_fields: self.class.fields)
end

#get_filter_backends ⇒ Object

Get filtering backends, defaulting to using ‘ModelQueryFilter`, `ModelOrderingFilter`, and `ModelSearchFilter`.

# File 'lib/rest_framework/controller_mixins/models.rb', line 479

def get_filter_backends
  return self.filter_backends || [
    RESTFramework::ModelQueryFilter,
    RESTFramework::ModelOrderingFilter,
    RESTFramework::ModelSearchFilter,
  ]
end

#get_options_metadata ⇒ Object

Pass fields to get dynamic metadata based on which fields are available.

# File 'lib/rest_framework/controller_mixins/models.rb', line 415

def get_options_metadata
  return self.class.get_options_metadata
end

#get_record ⇒ Object

Get a single record by primary key or another column, if allowed. The return value is cached and exposed to the view as the ‘@record` instance variable.

# File 'lib/rest_framework/controller_mixins/models.rb', line 600

def get_record
  # Cache the result.
  return @record if instance_variable_defined?(:@record)

  recordset = self.get_recordset
  find_by_key = self.class.get_model.primary_key
  is_pk = true

  # Find by another column if it's permitted.
  if find_by_param = self.find_by_query_param.presence
    if find_by = params[find_by_param].presence
      find_by_fields = self.find_by_fields&.map(&:to_s)

      if !find_by_fields || find_by.in?(find_by_fields)
        is_pk = false unless find_by_key == find_by
        find_by_key = find_by
      end
    end
  end

  # Filter recordset, if configured.
  if self.filter_recordset_before_find
    recordset = self.get_records
  end

  # Return the record. Route key is always `:id` by Rails convention.
  if is_pk
    return @record = recordset.find(request.path_parameters[:id])
  else
    return @record = recordset.find_by!(find_by_key => request.path_parameters[:id])
  end
end

#get_records ⇒ Object

Get the records this controller has access to after any filtering is applied.

# File 'lib/rest_framework/controller_mixins/models.rb', line 592

def get_records
  return @records if instance_variable_defined?(:@records)

  return @records = self.get_filtered_data(self.get_recordset_with_includes)
end

#get_recordset ⇒ Object

Get the set of records this controller has access to. The return value is cached and exposed to the view as the ‘@recordset` instance variable.

# File 'lib/rest_framework/controller_mixins/models.rb', line 557

def get_recordset
  return @recordset if instance_variable_defined?(:@recordset)
  return (@recordset = self.class.recordset) if self.class.recordset

  # If there is a model, return that model's default scope (all records by default).
  if (model = self.class.get_model)
    return @recordset = model.all
  end

  return @recordset = nil
end

#get_recordset_with_includes ⇒ Object

Get the recordset but with any associations included to avoid N+1 queries.

# File 'lib/rest_framework/controller_mixins/models.rb', line 570

def get_recordset_with_includes
  reflections = self.class.get_model.reflections
  associations = self.get_fields.map { |f|
    if reflections.key?(f)
      f.to_sym
    elsif reflections.key?("rich_text_#{f}")
      :"rich_text_#{f}"
    elsif reflections.key?("#{f}_attachment")
      :"#{f}_attachment"
    elsif reflections.key?("#{f}_attachments")
      :"#{f}_attachments"
    end
  }.compact

  if associations.any?
    return self.get_recordset.includes(associations)
  end

  return self.get_recordset
end

#get_serializer_class ⇒ Object

Get the configured serializer class, or ‘NativeSerializer` as a default.

# File 'lib/rest_framework/controller_mixins/models.rb', line 473

def get_serializer_class
  return super || RESTFramework::NativeSerializer
end