jsonapi.rb
jsonapi.rb copied to clipboard
stas
filtering by (ransack) scopes does not work
Expected Behavior
filtering by scopes should work with jsonapi.rb and ransack, see: https://github.com/activerecord-hackery/ransack#using-scopesclass-methods
Actual Behavior
it seems not to work properly, only filtering by allowed attributes works.
i created a branch and added failing tests:
https://github.com/stas/jsonapi.rb/compare/master...easyPEP:feature/ransack-scopes
i would like to start working on a solution to make it work. do you have any specific recommendations?
first draft:
see: https://github.com/stas/jsonapi.rb/compare/master...easyPEP:feature/ransack-scopes
what i like:
- it should keep it backward compatible.
what i don't like:
- we have to manage ransack (model.ransackable_scopes) and jsonapi.rb (allowed_scopes) scopes
to resolve that we could:
- move responsibility for
ransortable_attributesandransackable_scopesback to the ransack gem. this adds some complexity for first time users and is properly not backwards compatible but might make it a little clearer.
we can remove logic from the gem (allowed_fields, allowed_scopes) e.g. from jsonapi_filter_params and rely on the ransack Authorization on the Model level with ransortable_attributes and ransackable_scopes ransackable_associations, ...
- dynamicly add the method
ransackable_scopeson the model class
ressource = User.last
allowed_scopes = ['created_before']
ressource.class.send(:define_singleton_method, 'ransackable_scopes') do
allowed_scopes
end
User.ransackable_scopes
- hint in the docs how we can pass in the attributes and scopes:
e.g.:
jsonapi_filter(User.all, jsonapi_allowed_attributes, jsonapi_allowed_scopes, options)
...
def jsonapi_allowed_attributes
User.ransackable_attributes(current_user)
end
def jsonapi_allowed_scopes
User.ransackable_scopes(current_user)
end
Hi there @fluxsaas and thanks for the issue :bow:
I'm a bit confused on what's not working tbh :see_no_evil: If you add the Ransack scope name to the list of allowed filterables it should work just fine. I don't see why these should be separated, please correct me if I'm wrong.
I've been using ransackers for a while with no changes btw :)
mh, maybe i have an error in my config
i created a new branch with only the failing specs:
https://github.com/stas/jsonapi.rb/commit/c78f73fa8e215b84aa0190e1b786687c39670954
if i run the tests i get some failing specs:
1) UsersController GET /users with users returns users filtered by scope ensures ransack scopes are working properly
Failure/Error: expect(ransack.result.to_sql).to eq(expected_sql)
expected: "SELECT \"users\".* FROM \"users\" WHERE (created_at < '2013-02-01')"
got: "SELECT \"users\".* FROM \"users\""
(compared using ==)
# ./spec/filtering_spec.rb:113:in `block (5 levels) in <top (required)>'
2) UsersController GET /users with users returns users filtered by scope should return only
Failure/Error: expect(response_json['data'].size).to eq(1)
expected: 1
got: 3
(compared using ==)
# ./spec/filtering_spec.rb:118:in `block (5 levels) in <top (required)>'
Finished in 0.33584 seconds (files took 2.03 seconds to load)
29 examples, 2 failures
update
replacing created_before with created_before_gt does not seem to fix it
https://github.com/stas/jsonapi.rb/compare/master...easyPEP:feature/ransack-scopes-failing-test?expand=1
update 2:
i enabled the github actions on my repository:
https://github.com/easyPEP/jsonapi.rb/runs/2076179007?check_suite_focus=true
@fluxsaas apologies for the late reply.
I took a look at the PR you shared and I can see how that can be useful. Still, I'd like us to use the allowed_fields list to pass the scopes where/when needed. If you find some time to prepare a PR, I'd be happy to merge it! :bow:
I confirm that ransack_scopes also doesn't seem to be working with my jsonapi.rb endpoint.
