Module: RESTFramework::Mixins::BaseModelControllerMixin

Includes:

BaseControllerMixin

Included in:

ModelControllerMixin, ReadOnlyModelControllerMixin

Defined in:

lib/rest_framework/mixins/model_controller_mixin.rb

Overview

This module provides the core functionality for controllers based on models.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

BASE64_REGEX =

/data:(.*);base64,(.*)/

BASE64_TRANSLATE =

->(field, value) {
  return value unless BASE64_REGEX.match?(value)

  _, content_type, payload = value.match(BASE64_REGEX).to_a
  return {
    io: StringIO.new(Base64.decode64(payload)),
    content_type: content_type,
    filename: "file_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
  }
}

ACTIVESTORAGE_KEYS =

[:io, :content_type, :filename, :identify, :key]

RRF_BASE_MODEL_CONFIG =

{
  # Core attributes related to models.
  model: nil,
  recordset: nil,

  # Attributes for configuring record fields.
  fields: nil,
  field_config: nil,

  # Options for what should be included/excluded from default fields.
  exclude_associations: false,
}

RRF_BASE_MODEL_INSTANCE_CONFIG =

{
  # Attributes for finding records.
  find_by_fields: nil,
  find_by_query_param: "find_by",

  # Options for handling request body parameters.
  allowed_parameters: nil,
  filter_pk_from_request_body: true,
  exclude_body_fields: RESTFramework.config.exclude_body_fields,

  # Attributes for the default native serializer.
  native_serializer_config: nil,
  native_serializer_singular_config: nil,
  native_serializer_plural_config: nil,
  native_serializer_only_query_param: "only",
  native_serializer_except_query_param: "except",
  native_serializer_associations_limit: nil,
  native_serializer_associations_limit_query_param: "associations_limit",
  native_serializer_include_associations_count: false,

  # Attributes for filtering, ordering, and searching.
  filter_backends: [
    RESTFramework::QueryFilter,
    RESTFramework::OrderingFilter,
    RESTFramework::SearchFilter,
  ],
  filter_recordset_before_find: true,
  filter_fields: nil,
  ordering_fields: nil,
  ordering_query_param: "ordering",
  ordering_no_reorder: false,
  search_fields: nil,
  search_query_param: "search",
  search_ilike: false,
  ransack_options: nil,
  ransack_query_param: "q",
  ransack_distinct: true,
  ransack_distinct_query_param: "distinct",

  # Options for association assignment.
  permit_id_assignment: true,
  permit_nested_attributes_assignment: true,

  # Option for `recordset.create` vs `Model.create` behavior.
  create_from_recordset: true,
}

Constants included from BaseControllerMixin

RESTFramework::Mixins::BaseControllerMixin::RRF_BASE_CONFIG, RESTFramework::Mixins::BaseControllerMixin::RRF_BASE_INSTANCE_CONFIG

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #apply_filters(data) ⇒ Object
• #bulk_serialize(records) ⇒ Object

  Serialize the records, but also include any errors that might exist.

• #get_allowed_parameters ⇒ Object

  Get a list of parameters allowed for the current action.

• #get_body_params(bulk_mode: nil) ⇒ Object (also: #get_create_params, #get_update_params)

  Use strong parameters to filter the request body using the configured allowed parameters.

• #get_create_from ⇒ Object

  Determine what collection to call ‘create` on.

• #get_fields ⇒ Object

  Get a list of fields for this controller.

• #get_record ⇒ Object

  Get a single record by primary key or another column, if allowed.

• #get_records ⇒ Object

  Get the records this controller has access to after any filtering is applied.

• #get_recordset ⇒ Object

  Get the set of records this controller has access to.

• #options_metadata ⇒ Object
• #serializer_class ⇒ Object

Methods included from BaseControllerMixin

#api_response, #options, #root, #rrf_error_handler, #serialize

Class Method Details

.included(base) ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 378

def self.included(base)
  RESTFramework::BaseControllerMixin.included(base)

  return unless base.is_a?(Class)

  base.extend(ClassMethods)

  # Add class attributes (with defaults) unless they already exist.
  RRF_BASE_MODEL_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default, instance_accessor: false)
  end
  RRF_BASE_MODEL_INSTANCE_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default)
  end
end

Instance Method Details

#apply_filters(data) ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 471

def apply_filters(data)
  # TODO: Compatibility; remove in 1.0.
  if filtered_data = self.try(:get_filtered_data, data)
    return filtered_data
  end

  return self.filter_backends&.reduce(data) { |d, filter|
    filter.new(controller: self).filter_data(d)
  } || data
end

#bulk_serialize(records) ⇒ Object

Serialize the records, but also include any errors that might exist. This is used for bulk actions, however we include it here so the helper is available everywhere.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 644

def bulk_serialize(records)
  # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
  # the serializer directly. This would fail for active model serializers, but maybe we don't
  # care?
  s = RESTFramework::Utils.wrap_ams(self.serializer_class)
  serialized_records = records.map do |record|
    s.new(record, controller: self).serialize.merge!({errors: record.errors.presence}.compact)
  end

  return serialized_records
end

#get_allowed_parameters ⇒ Object

Get a list of parameters allowed for the current action.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 408

def get_allowed_parameters
  return @_get_allowed_parameters if defined?(@_get_allowed_parameters)

  @_get_allowed_parameters = self.allowed_parameters
  return @_get_allowed_parameters if @_get_allowed_parameters

  # Assemble strong parameters.
  variations = []
  hash_variations = {}
  reflections = self.class.get_model.reflections
  @_get_allowed_parameters = self.get_fields.map { |f|
    f = f.to_s

    # ActiveStorage Integration: `has_one_attached`.
    if reflections.key?("#{f}_attachment")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next f
    end

    # ActiveStorage Integration: `has_many_attached`.
    if reflections.key?("#{f}_attachments")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next nil
    end

    # ActionText Integration.
    if reflections.key?("rich_test_#{f}")
      next f
    end

    # Return field if it's not an association.
    next f unless ref = reflections[f]

    # Add `_id`/`_ids` variations for associations.
    if self.permit_id_assignment && id_field = RESTFramework::Utils.get_id_field(f, ref)
      if id_field.ends_with?("_ids")
        hash_variations[id_field] = []
      else
        variations << id_field
      end
    end

    # Add `_attributes` variations for associations.
    if self.permit_nested_attributes_assignment
      hash_variations["#{f}_attributes"] = (
        self.class.field_config_for(f)[:sub_fields] + ["_destroy"]
      )
    end

    # Associations are not allowed to be submitted in their bare form (if they are submitted that
    # way, they will be translated to either ID assignment or nested attributes assignment).
    next nil
  }.compact
  @_get_allowed_parameters += variations
  @_get_allowed_parameters << hash_variations

  return @_get_allowed_parameters
end

#get_body_params(bulk_mode: nil) ⇒ Object Also known as: get_create_params, get_update_params

Use strong parameters to filter the request body using the configured allowed parameters.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 483

def get_body_params(bulk_mode: nil)
  data = self.request.request_parameters
  pk = self.class.get_model&.primary_key
  allowed_params = self.get_allowed_parameters

  # Before we filter the data, dynamically dispatch association assignment to either the id/ids
  # assignment ActiveRecord API or the nested assignment ActiveRecord API. Note that there is no
  # need to check for `permit_id_assignment` or `permit_nested_attributes_assignment` here, since
  # that is enforced by strong parameters generated by `get_allowed_parameters`.
  self.class.get_model.reflections.each do |name, ref|
    if payload = data[name]
      if payload.is_a?(Hash) || (payload.is_a?(Array) && payload.all? { |x| x.is_a?(Hash) })
        # Assume nested attributes assignment.
        attributes_key = "#{name}_attributes"
        data[attributes_key] = data.delete(name) unless data[attributes_key]
      elsif id_field = RESTFramework::Utils.get_id_field(name, ref)
        # Assume id/ids assignment.
        data[id_field] = data.delete(name) unless data[id_field]
      end
    end
  end

  # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
  #
  # rubocop:disable Layout/LineLength
  #
  # Example base64 images (red, green, and blue squares):
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mP8z8BQz0AEYBxVSF+FABJADveWkH6oAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNk+M9Qz0AEYBxVSF+FAAhKDveksOjmAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNkYPhfz0AEYBxVSF+FAP5FDvcfRYWgAAAAAElFTkSuQmCC
  #
  # rubocop:enable Layout/LineLength
  has_many_attached_scalar_data = {}
  self.class.get_model.attachment_reflections.keys.each do |k|
    if data[k].is_a?(Array)
      data[k] = data[k].map { |v|
        if v.is_a?(String)
          v = BASE64_TRANSLATE.call(k, v)

          # Remember scalars because Rails strong params will remove it.
          if v.is_a?(String)
            has_many_attached_scalar_data[k] ||= []
            has_many_attached_scalar_data[k] << v
          end
        elsif v.is_a?(Hash)
          if v[:io].is_a?(String)
            v[:io] = StringIO.new(Base64.decode64(v[:io]))
          end
        end

        next v
      }
    elsif data[k].is_a?(Hash)
      if data[k][:io].is_a?(String)
        data[k][:io] = StringIO.new(Base64.decode64(data[k][:io]))
      end
    elsif data[k].is_a?(String)
      data[k] = BASE64_TRANSLATE.call(k, data[k])
    end
  end

  # Filter the request body with strong params. If `bulk` is true, then we apply allowed
  # parameters to the `_json` key of the request body.
  body_params = if allowed_params == true
    ActionController::Parameters.new(data).permit!
  elsif bulk_mode
    pk = bulk_mode == :update ? [pk] : []
    ActionController::Parameters.new(data).permit({_json: allowed_params + pk})
  else
    ActionController::Parameters.new(data).permit(*allowed_params)
  end

  # ActiveStorage Integration: Workaround for Rails strong params not allowing you to permit an
  # array containing a mix of scalars and hashes. This is needed for `has_many_attached`, because
  # API consumers must be able to provide scalar `signed_id` values for existing attachments along
  # with hashes for new attachments. It's worth mentioning that base64 scalars are converted to
  # hashes that conform to the ActiveStorage API.
  has_many_attached_scalar_data.each do |k, v|
    body_params[k].unshift(*v)
  end

  # Filter primary key, if configured.
  if self.filter_pk_from_request_body && bulk_mode != :update
    body_params.delete(pk)
  end

  # Filter fields in `exclude_body_fields`.
  (self.exclude_body_fields || []).each { |f| body_params.delete(f) }

  return body_params
end

#get_create_from ⇒ Object

Determine what collection to call ‘create` on.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 630

def get_create_from
  if self.create_from_recordset
    # Create with any properties inherited from the recordset. We exclude any `select` clauses
    # in case model callbacks need to call `count` on this collection, which typically raises a
    # SQL `SyntaxError`.
    self.get_recordset.except(:select)
  else
    # Otherwise, perform a "bare" insert_all.
    self.class.get_model
  end
end

#get_fields ⇒ Object

Get a list of fields for this controller.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 399

def get_fields
  return self.class.get_fields(input_fields: self.class.fields)
end

#get_record ⇒ Object

Get a single record by primary key or another column, if allowed. The return value is memoized and exposed to the view as the ‘@record` instance variable.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 596

def get_record
  return @record if @record

  find_by_key = self.class.get_model.primary_key
  is_pk = true

  # Find by another column if it's permitted.
  if find_by_param = self.find_by_query_param.presence
    if find_by = params[find_by_param].presence
      find_by_fields = self.find_by_fields&.map(&:to_s)

      if !find_by_fields || find_by.in?(find_by_fields)
        is_pk = false unless find_by_key == find_by
        find_by_key = find_by
      end
    end
  end

  # Get the recordset, filtering if configured.
  collection = if self.filter_recordset_before_find
    self.get_records
  else
    self.get_recordset
  end

  # Return the record. Route key is always `:id` by Rails' convention.
  if is_pk
    return @record = collection.find(request.path_parameters[:id])
  else
    return @record = collection.find_by!(find_by_key => request.path_parameters[:id])
  end
end

#get_records ⇒ Object

Get the records this controller has access to after any filtering is applied.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 590

def get_records
  return @records ||= self.apply_filters(self.get_recordset)
end

#get_recordset ⇒ Object

Get the set of records this controller has access to.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 578

def get_recordset
  return self.class.recordset if self.class.recordset

  # If there is a model, return that model's default scope (all records by default).
  if model = self.class.get_model
    return model.all
  end

  return nil
end

#options_metadata ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 403

def options_metadata
  return self.class.options_metadata
end

#serializer_class ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 467

def serializer_class
  return super || RESTFramework::NativeSerializer
end