Module: RESTFramework::Mixins::BaseModelControllerMixin

Includes:

BaseControllerMixin

Included in:

ModelControllerMixin, ReadOnlyModelControllerMixin

Defined in:

lib/rest_framework/mixins/model_controller_mixin.rb

Overview

This module provides the core functionality for controllers based on models.

Defined Under Namespace

Modules: ClassMethods

Constant Summary

BASE64_REGEX =

/data:(.*);base64,(.*)/

BASE64_TRANSLATE =

->(field, value) {
  return value unless BASE64_REGEX.match?(value)

  _, content_type, payload = value.match(BASE64_REGEX).to_a
  {
    io: StringIO.new(Base64.decode64(payload)),
    content_type: content_type,
    filename: "file_#{field}#{Rack::Mime::MIME_TYPES.invert[content_type]}",
  }
}

ACTIVESTORAGE_KEYS =

[ :io, :content_type, :filename, :identify, :key ]

RRF_BASE_MODEL_CONFIG =

{
  # Core attributes related to models.
  model: nil,
  recordset: nil,

  # Attributes for configuring record fields.
  fields: nil,
  field_config: nil,
  read_only_fields: RESTFramework.config.read_only_fields,
  write_only_fields: RESTFramework.config.write_only_fields,
  hidden_fields: nil,

  # Attributes for finding records.
  find_by_fields: nil,
  find_by_query_param: "find_by".freeze,

  # Options for what should be included/excluded from default fields.
  exclude_associations: false,

  # Options for handling request body parameters.
  allowed_parameters: nil,

  # Attributes for the default native serializer.
  native_serializer_config: nil,
  native_serializer_singular_config: nil,
  native_serializer_plural_config: nil,
  native_serializer_only_query_param: "only".freeze,
  native_serializer_except_query_param: "except".freeze,
  native_serializer_include_query_param: "include".freeze,
  native_serializer_exclude_query_param: "exclude".freeze,
  native_serializer_associations_limit: nil,
  native_serializer_associations_limit_query_param: "associations_limit".freeze,
  native_serializer_include_associations_count: false,

  # Attributes for filtering, ordering, and searching.
  filter_backends: [
    RESTFramework::QueryFilter,
    RESTFramework::OrderingFilter,
    RESTFramework::SearchFilter,
  ].freeze,
  filter_recordset_before_find: true,
  filter_fields: nil,
  ordering_fields: nil,
  ordering_query_param: "ordering".freeze,
  ordering_no_reorder: false,
  search_fields: nil,
  search_query_param: "search".freeze,
  search_ilike: false,
  ransack_options: nil,
  ransack_query_param: "q".freeze,
  ransack_distinct: true,
  ransack_distinct_query_param: "distinct".freeze,

  # Options for association assignment.
  permit_id_assignment: true,
  permit_nested_attributes_assignment: true,

  # Option for `recordset.create` vs `Model.create` behavior.
  create_from_recordset: true,
}

Constants included from BaseControllerMixin

RESTFramework::Mixins::BaseControllerMixin::RRF_BASE_CONFIG

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #bulk_serialize(records) ⇒ Object

  Serialize the records, but also include any errors that might exist.

• #create_from ⇒ Object

  Determine what collection to call create on.

• #get_allowed_parameters ⇒ Object

  Get a hash of strong parameters for the current action.

• #get_body_params(bulk_mode: nil) ⇒ Object (also: #get_create_params, #get_update_params)

  Use strong parameters to filter the request body.

• #get_fields ⇒ Object
• #get_record ⇒ Object

  Get a single record by primary key or another column, if allowed.

• #get_records ⇒ Object

  Filter the recordset and return records this request has access to.

• #get_recordset ⇒ Object

  Get the set of records this controller has access to.

• #get_serializer_class ⇒ Object

Methods included from BaseControllerMixin

#openapi_document, #options, #render_api, #root, #route_groups, #rrf_error_handler, #serialize

Class Method Details

.included(base) ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 486

def self.included(base)
  RESTFramework::BaseControllerMixin.included(base)

  return unless base.is_a?(Class)

  base.extend(ClassMethods)

  # Add class attributes (with defaults) unless they already exist.
  RRF_BASE_MODEL_CONFIG.each do |a, default|
    next if base.respond_to?(a)

    base.class_attribute(a, default: default, instance_accessor: false)
  end
end

Instance Method Details

#bulk_serialize(records) ⇒ Object

Serialize the records, but also include any errors that might exist. This is used for bulk actions, however we include it here so the helper is available everywhere.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 737

def bulk_serialize(records)
  # This is kinda slow, so perhaps we should eventually integrate `errors` serialization into
  # the serializer directly. This would fail for active model serializers, but maybe we don't
  # care?
  s = RESTFramework::Utils.wrap_ams(self.get_serializer_class)
  records.map do |record|
    s.new(record, controller: self).serialize.merge!({ errors: record.errors.presence }.compact)
  end
end

#create_from ⇒ Object

Determine what collection to call create on.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 723

def create_from
  if self.class.create_from_recordset
    # Create with any properties inherited from the recordset. We exclude any `select` clauses
    # in case model callbacks need to call `count` on this collection, which typically raises a
    # SQL `SyntaxError`.
    self.get_recordset.except(:select)
  else
    # Otherwise, perform a "bare" insert_all.
    self.class.get_model
  end
end

#get_allowed_parameters ⇒ Object

Get a hash of strong parameters for the current action.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 506

def get_allowed_parameters
  return @_get_allowed_parameters if defined?(@_get_allowed_parameters)

  @_get_allowed_parameters = self.class.allowed_parameters
  return @_get_allowed_parameters if @_get_allowed_parameters

  # Assemble strong parameters.
  variations = []
  hash_variations = {}
  reflections = self.class.get_model.reflections
  @_get_allowed_parameters = self.get_fields.map { |f|
    f = f.to_s
    config = self.class.field_configuration[f]

    # ActionText Integration:
    if self.class.enable_action_text && reflections.key?("rich_text_#{f}")
      next f
    end

    # ActiveStorage Integration: `has_one_attached`
    if self.class.enable_active_storage && reflections.key?("#{f}_attachment")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next f
    end

    # ActiveStorage Integration: `has_many_attached`
    if self.class.enable_active_storage && reflections.key?("#{f}_attachments")
      hash_variations[f] = ACTIVESTORAGE_KEYS
      next nil
    end

    if config[:reflection]
      # Add `_id`/`_ids` variations for associations.
      if id_field = config[:id_field]
        if id_field.ends_with?("_ids")
          hash_variations[id_field] = []
        else
          variations << id_field
        end
      end

      # Add `_attributes` variations for associations.
      # TODO: Consider adjusting this based on `nested_attributes_options`.
      if self.class.permit_nested_attributes_assignment
        hash_variations["#{f}_attributes"] = (
          config[:sub_fields] + [ "_destroy" ]
        )
      end

      # Associations are not allowed to be submitted in their bare form (if they are submitted
      # that way, they will be translated to either id/ids or nested attributes assignment).
      next nil
    end

    next f
  }.compact
  @_get_allowed_parameters += variations
  @_get_allowed_parameters << hash_variations

  @_get_allowed_parameters
end

#get_body_params(bulk_mode: nil) ⇒ Object Also known as: get_create_params, get_update_params

Use strong parameters to filter the request body.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 573

def get_body_params(bulk_mode: nil)
  data = self.request.request_parameters
  pk = self.class.get_model&.primary_key
  allowed_params = self.get_allowed_parameters

  # Before we filter the data, dynamically dispatch association assignment to either the id/ids
  # assignment ActiveRecord API or the nested assignment ActiveRecord API. Note that there is no
  # need to check for `permit_id_assignment` or `permit_nested_attributes_assignment` here, since
  # that is enforced by strong parameters generated by `get_allowed_parameters`.
  self.class.get_model.reflections.each do |name, ref|
    if payload = data[name]
      if payload.is_a?(Hash) || (payload.is_a?(Array) && payload.all? { |x| x.is_a?(Hash) })
        # Assume nested attributes assignment.
        attributes_key = "#{name}_attributes"
        data[attributes_key] = data.delete(name) unless data[attributes_key]
      elsif id_field = RESTFramework::Utils.id_field_for(name, ref)
        # Assume id/ids assignment.
        data[id_field] = data.delete(name) unless data[id_field]
      end
    end
  end

  # ActiveStorage Integration: Translate base64 encoded attachments to upload objects.
  #
  # rubocop:disable Layout/LineLength
  #
  # Example base64 images (red, green, and blue squares):
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mP8z8BQz0AEYBxVSF+FABJADveWkH6oAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNk+M9Qz0AEYBxVSF+FAAhKDveksOjmAAAAAElFTkSuQmCC
  #   data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAYAAACNMs+9AAAAFUlEQVR42mNkYPhfz0AEYBxVSF+FAP5FDvcfRYWgAAAAAElFTkSuQmCC
  #
  # rubocop:enable Layout/LineLength
  has_many_attached_scalar_data = {}
  if self.class.enable_active_storage
    self.class.get_model.attachment_reflections.keys.each do |k|
      if data[k].is_a?(Array)
        data[k] = data[k].map { |v|
          if v.is_a?(String)
            v = BASE64_TRANSLATE.call(k, v)

            # Remember scalars because Rails strong params will remove it.
            if v.is_a?(String)
              has_many_attached_scalar_data[k] ||= []
              has_many_attached_scalar_data[k] << v
            end
          elsif v.is_a?(Hash)
            if v[:io].is_a?(String)
              v[:io] = StringIO.new(Base64.decode64(v[:io]))
            end
          end

          next v
        }
      elsif data[k].is_a?(Hash)
        if data[k][:io].is_a?(String)
          data[k][:io] = StringIO.new(Base64.decode64(data[k][:io]))
        end
      elsif data[k].is_a?(String)
        data[k] = BASE64_TRANSLATE.call(k, data[k])
      end
    end
  end

  # Filter the request body with strong params. If `bulk` is true, then we apply allowed
  # parameters to the `_json` key of the request body.
  body_params = if allowed_params == true
    ActionController::Parameters.new(data).permit!
  elsif bulk_mode
    pk = bulk_mode == :update ? [ pk ] : []
    ActionController::Parameters.new(data).permit({ _json: allowed_params + pk })
  else
    ActionController::Parameters.new(data).permit(*allowed_params)
  end

  # ActiveStorage Integration: Workaround for Rails strong params not allowing you to permit an
  # array containing a mix of scalars and hashes. This is needed for `has_many_attached`, because
  # API consumers must be able to provide scalar `signed_id` values for existing attachments along
  # with hashes for new attachments. It's worth mentioning that base64 scalars are converted to
  # hashes that conform to the ActiveStorage API.
  has_many_attached_scalar_data.each do |k, v|
    body_params[k].unshift(*v)
  end

  # Filter read-only fields.
  body_params.delete_if do |f, _|
    cfg = self.class.field_configuration[f]
    cfg && cfg[:read_only]
  end

  body_params
end

#get_fields ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 501

def get_fields
  self.class.get_fields(input_fields: self.class.fields)
end

#get_record ⇒ Object

Get a single record by primary key or another column, if allowed.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 689

def get_record
  return @record if @record

  find_by_key = self.class.get_model.primary_key
  is_pk = true

  # Find by another column if it's permitted.
  if find_by_param = self.class.find_by_query_param.presence
    if find_by = params[find_by_param].presence
      find_by_fields = self.class.find_by_fields&.map(&:to_s)

      if !find_by_fields || find_by.in?(find_by_fields)
        is_pk = false unless find_by_key == find_by
        find_by_key = find_by
      end
    end
  end

  # Get the recordset, filtering if configured.
  collection = if self.class.filter_recordset_before_find
    self.get_records
  else
    self.get_recordset
  end

  # Return the record. Route key is always `:id` by Rails' convention.
  if is_pk
    @record = collection.find(request.path_parameters[:id])
  else
    @record = collection.find_by!(find_by_key => request.path_parameters[:id])
  end
end

#get_records ⇒ Object

Filter the recordset and return records this request has access to.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 680

def get_records
  data = self.get_recordset

  @records ||= self.class.filter_backends&.reduce(data) { |d, filter|
    filter.new(controller: self).filter_data(d)
  } || data
end

#get_recordset ⇒ Object

Get the set of records this controller has access to.

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 668

def get_recordset
  return self.class.recordset if self.class.recordset

  # If there is a model, return that model's default scope (all records by default).
  if model = self.class.get_model
    return model.all
  end

  nil
end

#get_serializer_class ⇒ Object

# File 'lib/rest_framework/mixins/model_controller_mixin.rb', line 568

def get_serializer_class
  super || RESTFramework::NativeSerializer
end