Module: RESTFramework::Mixins::BaseModelControllerMixin

Includes:
BaseControllerMixin
Included in:
ModelControllerMixin, ReadOnlyModelControllerMixin
Defined in:
lib/rest_framework/mixins/model_controller_mixin.rb

Overview

This module provides the core functionality for controllers based on models.

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

BASE64_REGEX =
/data:(.*);base64,(.*)/
BASE64_TRANSLATE =
->(field, value) {
  return value unless BASE64_REGEX.match?(value)

  _, content_type, payload = value.match(BASE64_REGEX).to_a
  {
    io: StringIO.new(Base64.decode64(payload)),
    content_type: content_type,
    filename: "file_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
  }
}
ACTIVESTORAGE_KEYS =
[ :io, :content_type, :filename, :identify, :key ]
RRF_BASE_MODEL_CONFIG =
{
  # Core attributes related to models.
  model: nil,
  recordset: nil,

  # Attributes for configuring record fields.
  fields: nil,
  field_config: nil,

  # Attributes for finding records.
  find_by_fields: nil,
  find_by_query_param: "find_by",

  # Options for what should be included/excluded from default fields.
  exclude_associations: false,

  # Options for handling request body parameters.
  allowed_parameters: nil,
  filter_pk_from_request_body: true,
  exclude_body_fields: RESTFramework.config.exclude_body_fields,

  # Attributes for the default native serializer.
  native_serializer_config: nil,
  native_serializer_singular_config: nil,
  native_serializer_plural_config: nil,
  native_serializer_only_query_param: "only",
  native_serializer_except_query_param: "except",
  native_serializer_associations_limit: nil,
  native_serializer_associations_limit_query_param: "associations_limit",
  native_serializer_include_associations_count: false,

  # Attributes for filtering, ordering, and searching.
  filter_backends: [
    RESTFramework::QueryFilter,
    RESTFramework::OrderingFilter,
    RESTFramework::SearchFilter,
  ],
  filter_recordset_before_find: true,
  filter_fields: nil,
  ordering_fields: nil,
  ordering_query_param: "ordering",
  ordering_no_reorder: false,
  search_fields: nil,
  search_query_param: "search",
  search_ilike: false,
  ransack_options: nil,
  ransack_query_param: "q",
  ransack_distinct: true,
  ransack_distinct_query_param: "distinct",

  # Options for association assignment.
  permit_id_assignment: true,
  permit_nested_attributes_assignment: true,

  # Option for `recordset.create` vs `Model.create` behavior.
  create_from_recordset: true,
}

Constants included from BaseControllerMixin

RESTFramework::Mixins::BaseControllerMixin::RRF_BASE_CONFIG

Class Method Summary collapse

Instance Method Summary collapse

Methods included from BaseControllerMixin

#openapi_document, #options, #render_api, #root, #route_groups, #rrf_error_handler, #serialize

Class Method Details

.included(base) ⇒ Object



465
466
467
468
469
470
471
472
473
474
475
476
477
478
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 465

def self.included(base)
  RESTFramework::BaseControllerMixin.included(base)

  return unless base.is_a?(Class)

  base.extend(ClassMethods)

  # Add class attributes (with defaults) unless they already exist.
  RRF_BASE_MODEL_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default, instance_accessor: false)
  end
end

Instance Method Details

#bulk_serialize(records) ⇒ Object

Serialize the records, but also include any errors that might exist. This is used for bulk actions, however we include it here so the helper is available everywhere.



718
719
720
721
722
723
724
725
726
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 718

def bulk_serialize(records)
  # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
  # the serializer directly. This would fail for active model serializers, but maybe we don't
  # care?
  s = RESTFramework::Utils.wrap_ams(self.get_serializer_class)
  records.map do |record|
    s.new(record, controller: self).serialize.merge!({ errors: record.errors.presence }.compact)
  end
end

#get_allowed_parametersObject

Get a hash of strong parameters for the current action.



485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 485

def get_allowed_parameters
  return @_get_allowed_parameters if defined?(@_get_allowed_parameters)

  @_get_allowed_parameters = self.class.allowed_parameters
  return @_get_allowed_parameters if @_get_allowed_parameters

  # Assemble strong parameters.
  variations = []
  hash_variations = {}
  reflections = self.class.get_model.reflections
  @_get_allowed_parameters = self.get_fields.map { |f|
    f = f.to_s
    config = self.class.field_configuration[f]

    # ActionText Integration:
    if self.class.enable_action_text && reflections.key?("rich_test_#{f}")
      next f
    end

    # ActiveStorage Integration: `has_one_attached`
    if self.class.enable_active_storage && reflections.key?("#{f}_attachment")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next f
    end

    # ActiveStorage Integration: `has_many_attached`
    if self.class.enable_active_storage && reflections.key?("#{f}_attachments")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next nil
    end

    if config[:reflection]
      # Add `_id`/`_ids` variations for associations.
      if id_field = config[:id_field]
        if id_field.ends_with?("_ids")
          hash_variations[id_field] = []
        else
          variations << id_field
        end
      end

      # Add `_attributes` variations for associations.
      # TODO: Consider adjusting this based on `nested_attributes_options`.
      if self.class.permit_nested_attributes_assignment
        hash_variations["#{f}_attributes"] = (
          config[:sub_fields] + [ "_destroy" ]
        )
      end

      # Associations are not allowed to be submitted in their bare form (if they are submitted
      # that way, they will be translated to either id/ids or nested attributes assignment).
      next nil
    end

    next f
  }.compact
  @_get_allowed_parameters += variations
  @_get_allowed_parameters << hash_variations

  @_get_allowed_parameters
end

#get_body_params(bulk_mode: nil) ⇒ Object Also known as: get_create_params, get_update_params

Use strong parameters to filter the request body.



552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 552

def get_body_params(bulk_mode: nil)
  data = self.request.request_parameters
  pk = self.class.get_model&.primary_key
  allowed_params = self.get_allowed_parameters

  # Before we filter the data, dynamically dispatch association assignment to either the id/ids
  # assignment ActiveRecord API or the nested assignment ActiveRecord API. Note that there is no
  # need to check for `permit_id_assignment` or `permit_nested_attributes_assignment` here, since
  # that is enforced by strong parameters generated by `get_allowed_parameters`.
  self.class.get_model.reflections.each do |name, ref|
    if payload = data[name]
      if payload.is_a?(Hash) || (payload.is_a?(Array) && payload.all? { |x| x.is_a?(Hash) })
        # Assume nested attributes assignment.
        attributes_key = "#{name}_attributes"
        data[attributes_key] = data.delete(name) unless data[attributes_key]
      elsif id_field = RESTFramework::Utils.id_field_for(name, ref)
        # Assume id/ids assignment.
        data[id_field] = data.delete(name) unless data[id_field]
      end
    end
  end

  # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
  #
  # rubocop:disable Layout/LineLength
  #
  # Example base64 images (red, green, and blue squares):
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mP8z8BQz0AEYBxVSF+FABJADveWkH6oAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNk+M9Qz0AEYBxVSF+FAAhKDveksOjmAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNkYPhfz0AEYBxVSF+FAP5FDvcfRYWgAAAAAElFTkSuQmCC
  #
  # rubocop:enable Layout/LineLength
  has_many_attached_scalar_data = {}
  if self.class.enable_active_storage
    self.class.get_model.attachment_reflections.keys.each do |k|
      if data[k].is_a?(Array)
        data[k] = data[k].map { |v|
          if v.is_a?(String)
            v = BASE64_TRANSLATE.call(k, v)

            # Remember scalars because Rails strong params will remove it.
            if v.is_a?(String)
              has_many_attached_scalar_data[k] ||= []
              has_many_attached_scalar_data[k] << v
            end
          elsif v.is_a?(Hash)
            if v[:io].is_a?(String)
              v[:io] = StringIO.new(Base64.decode64(v[:io]))
            end
          end

          next v
        }
      elsif data[k].is_a?(Hash)
        if data[k][:io].is_a?(String)
          data[k][:io] = StringIO.new(Base64.decode64(data[k][:io]))
        end
      elsif data[k].is_a?(String)
        data[k] = BASE64_TRANSLATE.call(k, data[k])
      end
    end
  end

  # Filter the request body with strong params. If `bulk` is true, then we apply allowed
  # parameters to the `_json` key of the request body.
  body_params = if allowed_params == true
    ActionController::Parameters.new(data).permit!
  elsif bulk_mode
    pk = bulk_mode == :update ? [ pk ] : []
    ActionController::Parameters.new(data).permit({ _json: allowed_params + pk })
  else
    ActionController::Parameters.new(data).permit(*allowed_params)
  end

  # ActiveStorage Integration: Workaround for Rails strong params not allowing you to permit an
  # array containing a mix of scalars and hashes. This is needed for `has_many_attached`, because
  # API consumers must be able to provide scalar `signed_id` values for existing attachments along
  # with hashes for new attachments. It's worth mentioning that base64 scalars are converted to
  # hashes that conform to the ActiveStorage API.
  has_many_attached_scalar_data.each do |k, v|
    body_params[k].unshift(*v)
  end

  # Filter primary key, if configured.
  if self.class.filter_pk_from_request_body && bulk_mode != :update
    body_params.delete(pk)
  end

  # Filter fields in `exclude_body_fields`.
  (self.class.exclude_body_fields || []).each { |f| body_params.delete(f) }

  body_params
end

#get_create_fromObject

Determine what collection to call ‘create` on.



704
705
706
707
708
709
710
711
712
713
714
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 704

def get_create_from
  if self.class.create_from_recordset
    # Create with any properties inherited from the recordset. We exclude any `select` clauses
    # in case model callbacks need to call `count` on this collection, which typically raises a
    # SQL `SyntaxError`.
    self.get_recordset.except(:select)
  else
    # Otherwise, perform a "bare" insert_all.
    self.class.get_model
  end
end

#get_fieldsObject



480
481
482
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 480

def get_fields
  self.class.get_fields(input_fields: self.class.fields)
end

#get_recordObject

Get a single record by primary key or another column, if allowed.



670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 670

def get_record
  return @record if @record

  find_by_key = self.class.get_model.primary_key
  is_pk = true

  # Find by another column if it's permitted.
  if find_by_param = self.class.find_by_query_param.presence
    if find_by = params[find_by_param].presence
      find_by_fields = self.class.find_by_fields&.map(&:to_s)

      if !find_by_fields || find_by.in?(find_by_fields)
        is_pk = false unless find_by_key == find_by
        find_by_key = find_by
      end
    end
  end

  # Get the recordset, filtering if configured.
  collection = if self.class.filter_recordset_before_find
    self.get_records
  else
    self.get_recordset
  end

  # Return the record. Route key is always `:id` by Rails' convention.
  if is_pk
    @record = collection.find(request.path_parameters[:id])
  else
    @record = collection.find_by!(find_by_key => request.path_parameters[:id])
  end
end

#get_recordsObject

Filter the recordset and return records this request has access to.



661
662
663
664
665
666
667
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 661

def get_records
  data = self.get_recordset

  @records ||= self.class.filter_backends&.reduce(data) { |d, filter|
    filter.new(controller: self).filter_data(d)
  } || data
end

#get_recordsetObject

Get the set of records this controller has access to.



649
650
651
652
653
654
655
656
657
658
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 649

def get_recordset
  return self.class.recordset if self.class.recordset

  # If there is a model, return that model's default scope (all records by default).
  if model = self.class.get_model
    return model.all
  end

  nil
end

#get_serializer_classObject



547
548
549
# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 547

def get_serializer_class
  super || RESTFramework::NativeSerializer
end