Module: StandardAPI::Includes
- Defined in:
- lib/standard_api/includes.rb
Class Method Summary collapse
-
.normalize(includes) ⇒ Object
:x => { x: {} } [:x, :y] => { x: {}, y: {} } [ { x: true }, { y: true } ] => { x: {}, y: {} } { x: true, y: true } => { x: {}, y: {} } { x: { y: true } } => { x: { y: {} } } { x: [:y] } => { x: { y: {} } } { x: { where: { y: false } } } => { x: { where: { y: false } } } { x: { order: { y: :asc } } } => { x: { order: { y: :asc } } }.
-
.sanitize(includes, permit, normalized = false) ⇒ Object
sanitize(=> {}, [:key]) # => => {} sanitize(=> {}, => true) # => => {} sanitize(=> {}, :value => {}}, [:key]) => # Raises ParseError sanitize(=> {}, :value => {}}, => true) => # Raises ParseError sanitize(=> {:value => {}}, => [:value]) # => => {:value => {}} sanitize(=> {:value => {}}, => {:value => true}) # => => {:value => {}} sanitize(=> {:value => {}}, [:key]) => # Raises ParseError.
Class Method Details
.normalize(includes) ⇒ Object
:x => { x: {} }
- :x, :y
-
> { x: {}, y: {} }
- { x: true }, { y: true }
-
> { x: {}, y: {} }
{ x: true, y: true } => { x: {}, y: {} } { x: { y: true } } => { x: { y: {} } } { x: [:y] } => { x: { y: {} } } { x: { where: { y: false } } } => { x: { where: { y: false } } } { x: { order: { y: :asc } } } => { x: { order: { y: :asc } } }
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/standard_api/includes.rb', line 12 def self.normalize(includes) normalized = ActiveSupport::HashWithIndifferentAccess.new case includes when Array includes.flatten.compact.each { |v| normalized.merge!(normalize(v)) } when Hash, ActionController::Parameters includes.each_pair do |k, v| if ['limit', 'when', 'where', 'order'].include?(k.to_s) # Where and order are not normalized (sanitation happens in activerecord-filter) normalized[k] = case v when Hash then v.to_h when ActionController::Parameters then v.to_unsafe_h end elsif k.to_s == 'distinct' normalized[k] = case v when String then v end else normalized[k] = normalize(v) end end when nil {} else if ![true, 'true'].include?(includes) normalized[includes] = {} end end normalized end |
.sanitize(includes, permit, normalized = false) ⇒ Object
sanitize(=> {}, [:key]) # => => {} sanitize(=> {}, => true) # => => {} sanitize(=> {}, :value => {}}, [:key]) => # Raises ParseError sanitize(=> {}, :value => {}}, => true) => # Raises ParseError sanitize(=> {:value => {}}, => [:value]) # => => {:value => {}} sanitize(=> {:value => {}}, => {:value => true}) # => => {:value => {}} sanitize(=> {:value => {}}, [:key]) => # Raises ParseError
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/standard_api/includes.rb', line 51 def self.sanitize(includes, permit, normalized=false) includes = normalize(includes) if !normalized permitted = ActiveSupport::HashWithIndifferentAccess.new if permit.is_a?(Array) permit = permit.inject({}) { |acc, v| acc[v] = true; acc } end permit = normalize(permit.with_indifferent_access) includes.each do |k, v| if permit.has_key?(k) || ['limit', 'when', 'where', 'order', 'distinct'].include?(k.to_s) permitted[k] = sanitize(v, permit[k] || {}, true) else if [:raise, nil].include?(Rails.configuration.try(:action_on_unpermitted_includes)) raise ActionController::UnpermittedParameters.new([k]) else Rails.logger.try(:warn, "Invalid Include: #{k}") end end end permitted end |