Module: JSONAPI::ResourceActions

Extended by:
ActiveSupport::Concern
Includes:
ActiveStorageSupport
Included in:
BaseController
Defined in:
lib/json_api/controllers/concerns/resource_actions.rb

Instance Method Summary collapse

Methods included from ActiveStorageSupport

#active_storage_attachment?, #append_only_enabled?, #attach_active_storage_files, #extract_active_storage_params_from_hash, #filter_active_storage_from_includes, #filter_polymorphic_from_includes, #find_blob_by_signed_id, #find_relationship_definition, #process_active_storage_attachment, #purge_on_nil_enabled?, #serialize_active_storage_relationship, #serialize_blob_identifier

Instance Method Details

#build_resource_from_paramsObject 



124
125
126
127
128
129
130
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 124

def build_resource_from_params
  params_hash = deserialize_params(:create)
  attachment_params = extract_active_storage_params_from_hash(params_hash, model_class)
  # Remove attachment params from regular params
  attachment_params.each_key { |key| params_hash.delete(key.to_s) }
  model_class.new(params_hash)
end

#createObject 



44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 44

def create
  # Determine STI class from type in payload
  sti_class = determine_sti_class_for_create

  # Use subtype model class for deserialization so it finds the correct resource class
  params_hash = deserialize_params(:create, model_class: sti_class)
  attachment_params = extract_active_storage_params_from_hash(params_hash, sti_class)
  # Remove attachment params from regular params
  attachment_params.each_key { |key| params_hash.delete(key.to_s) }

  # Remove type from params_hash if present - STI handles type automatically
  params_hash.delete("type")
  params_hash.delete(:type)

  # For STI base class, ensure type is set explicitly (Rails STI doesn't always set it for base class)
  # Only set type if this is actually an STI base class (has type column and base_class == class)
  if sti_class.respond_to?(:base_class) &&
     sti_class.base_class == sti_class &&
     sti_class.column_names.include?("type")
    params_hash["type"] = sti_class.name
  end

  resource = sti_class.new(params_hash)
  authorize_resource_action!(resource, action: :create)

  # Attach files before saving so validation can check files.attached?
  # ActiveStorage allows attaching to unsaved records and will persist attachments when the record is saved
  sti_resource_class = determine_sti_resource_class_for_create
  attach_active_storage_files(resource, attachment_params, resource_class: sti_resource_class)

  if resource.save
    emit_resource_event(:created, resource)
    render json: serialize_resource(resource), status: :created, location: resource_url(resource)
  else
    render_validation_errors(resource)
  end
rescue ArgumentError => e
  if e.message.match?(/invalid.*subtype/i)
    render_invalid_subtype_error(e)
  else
    render_invalid_relationship_error(e)
  end
rescue ActiveSupport::MessageVerifier::InvalidSignature => e
  render_invalid_signed_id_error(e)
end

#deserialize_params(action = :update, model_class: nil) ⇒ Object 



132
133
134
135
136
137
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 132

def deserialize_params(action = :update, model_class: nil)
  params_hash = raw_jsonapi_data
  target_model_class = model_class || self.model_class
  deserializer = JSONAPI::Deserializer.new(params_hash, model_class: target_model_class, action:)
  deserializer.to_model_attributes
end

#destroyObject 



112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 112

def destroy
  authorize_resource_action!(@resource, action: :destroy)
  resource_id = @resource.id
  resource_type_name = resource_type
  if @resource.destroy
    emit_resource_event(:deleted, @resource, resource_id:, resource_type: resource_type_name)
    head :no_content
  else
    render_validation_errors(@resource)
  end
end

#determine_sti_class_for_create(_subtype = nil) ⇒ Object 



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 147

def determine_sti_class_for_create(_subtype = nil)
  # Check the type directly from the payload
  type_from_payload = raw_jsonapi_data&.dig(:type)

  return model_class unless type_from_payload

  # If the payload type differs from the controller's type,
  # resolve the class for the specific type.
  if type_from_payload == params[:resource_type]
    model_class
  else
    resource_class = JSONAPI::ResourceLoader.find(type_from_payload)
    resource_class.model_class
  end
rescue JSONAPI::ResourceLoader::MissingResourceClass
  model_class
end

#determine_sti_resource_class_for_create(_subtype = nil) ⇒ Object 



165
166
167
168
169
170
171
172
173
174
175
176
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 165

def determine_sti_resource_class_for_create(_subtype = nil)
  type_from_payload = raw_jsonapi_data&.dig(:type)
  return @resource_class unless type_from_payload

  if type_from_payload == params[:resource_type]
    @resource_class
  else
    JSONAPI::ResourceLoader.find(type_from_payload)
  end
rescue JSONAPI::ResourceLoader::MissingResourceClass
  @resource_class
end

#indexObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 19

def index
  initial_scope = @preloaded_resources || model_class.all
  scoped = apply_authorization_scope(initial_scope, action: :index)

  query = JSONAPI::CollectionQuery.new(
    scoped,
    definition: @resource_class,
    model_class: model_class,
    filter_params: parse_filter_param,
    sort_params: parse_sort_param,
    page_params: parse_page_param
  ).execute

  @total_count = query.total_count
  @pagination_applied = query.pagination_applied

  render json: serialize_collection(query.scope), status: :ok
end

#render_invalid_signed_id_error(error) ⇒ Object 



139
140
141
142
143
144
145
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 139

def render_invalid_signed_id_error(error)
  render_jsonapi_error(
    status: 400,
    title: "Invalid Signed ID",
    detail: "Invalid signed blob ID provided: #{error.message}"
  )
end

#showObject 



38
39
40
41
42
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 38

def show
  resource = @preloaded_resource || @resource
  authorize_resource_action!(resource, action: :show)
  render json: serialize_resource(resource), status: :ok
end

#updateObject 



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
 
# File 'lib/json_api/controllers/concerns/resource_actions.rb', line 90

def update
  authorize_resource_action!(@resource, action: :update)
  params_hash = deserialize_params(:update)
  attachment_params = extract_active_storage_params_from_hash(params_hash, model_class)
  # Remove attachment params from regular params
  attachment_params.each_key { |key| params_hash.delete(key.to_s) }

  if @resource.update(params_hash)
    attach_active_storage_files(@resource, attachment_params, resource_class: @resource_class)
    emit_resource_event(:updated, @resource)
    render json: serialize_resource(@resource), status: :ok
  else
    render_validation_errors(@resource)
  end
rescue ArgumentError => e
  render_invalid_relationship_error(e)
rescue JSONAPI::Exceptions::ParameterNotAllowed => e
  render_parameter_not_allowed_error(e)
rescue ActiveSupport::MessageVerifier::InvalidSignature => e
  render_invalid_signed_id_error(e)
end