File Coverage

blib/lib/Catalyst/Controller/DBIC/API/StaticArguments.pm

Criterion	Covered	Total	%
statement	23	23	100.0
branch	4	4	100.0
condition			n/a
subroutine	5	5	100.0
pod			n/a
total	32	32	100.0

line	stmt	bran	sub	time	code
1					package Catalyst::Controller::DBIC::API::StaticArguments;
2					$Catalyst::Controller::DBIC::API::StaticArguments::VERSION = '2.008001';
3					#ABSTRACT: Provides controller level configuration arguments
4	16		16	15126	use Moose::Role;
	16			50
	16			160
5	16		16	87697	use MooseX::Types::Moose(':all');
	16			46
	16			206
6	16		16	137455	use namespace::autoclean;
	16			48
	16			151
7
8					requires 'check_column_relation';
9
10
11					foreach my $var (
12					qw( create_requires create_allows update_requires update_allows ))
13					{
14					has $var => (
15					is => 'ro',
16					isa => ArrayRef [ Str \| HashRef ],
17					traits => ['Array'],
18					default => sub { [] },
19					trigger => sub {
20					my ( $self, $new ) = @_;
21					$self->check_column_relation( $_, 1 ) for @$new;
22					},
23					handles => {
24					"get_${var}_column" => 'get',
25					"set_${var}_column" => 'set',
26					"delete_${var}_column" => 'delete',
27					"insert_${var}_column" => 'insert',
28					"count_${var}_column" => 'count',
29					"all_${var}_columns" => 'elements',
30					}
31					);
32
33					before "set_${var}_column" =>
34					sub { $_[0]->check_column_relation( $_[2], 1 ) };
35					before "insert_${var}_column" =>
36					sub { $_[0]->check_column_relation( $_[2], 1 ) };
37					}
38
39
40					has 'prefetch_allows' => (
41					is => 'ro',
42					writer => '_set_prefetch_allows',
43					isa => ArrayRef [ ArrayRef \| Str \| HashRef ],
44					default => sub { [] },
45					predicate => 'has_prefetch_allows',
46					traits => ['Array'],
47					handles => { all_prefetch_allows => 'elements', },
48					);
49
50					has 'prefetch_validator' => (
51					is => 'ro',
52					isa => 'Catalyst::Controller::DBIC::API::Validator',
53					lazy_build => 1,
54					);
55
56					sub _build_prefetch_validator {
57	2		2	6	my $self = shift;
58
59					sub _check_rel {
60	5		5	18	my ( $self, $rel, $static, $validator ) = @_;
61	5	100		17	if ( ArrayRef->check($rel) ) {
		100
62	2			1394	foreach my $rel_sub (@$rel) {
63	2			22	_check_rel( $self, $rel_sub, $static, $validator );
64					}
65					}
66					elsif ( HashRef->check($rel) ) {
67	1			1322	while ( my ( $k, $v ) = each %$rel ) {
68	1			7	$self->check_has_relation( $k, $v, undef, $static );
69					}
70	1			6	$validator->load($rel);
71					}
72					else {
73	2			2685	$self->check_has_relation( $rel, undef, undef, $static );
74	2			28	$validator->load($rel);
75					}
76					}
77
78	2			99	my $validator = Catalyst::Controller::DBIC::API::Validator->new;
79
80	2			109	foreach my $rel ( $self->all_prefetch_allows ) {
81	3			376	_check_rel( $self, $rel, 1, $validator );
82					}
83
84	2			663	return $validator;
85					}
86
87
88					has 'count_arg' => ( is => 'ro', isa => Str, default => 'list_count' );
89
90
91					has 'page_arg' => ( is => 'ro', isa => Str, default => 'list_page' );
92
93
94					has 'offset_arg' => ( is => 'ro', isa => Str, default => 'list_offset' );
95
96
97					has 'select_arg' => ( is => 'ro', isa => Str, default => 'list_returns' );
98
99
100					has 'as_arg' => ( is => 'ro', isa => Str, default => 'as' );
101
102
103					has 'search_arg' => ( is => 'ro', isa => Str, default => 'search' );
104
105
106					has 'grouped_by_arg' =>
107					( is => 'ro', isa => Str, default => 'list_grouped_by' );
108
109
110					has 'ordered_by_arg' =>
111					( is => 'ro', isa => Str, default => 'list_ordered_by' );
112
113
114					has 'prefetch_arg' => ( is => 'ro', isa => Str, default => 'list_prefetch' );
115
116
117					has 'stash_key' => ( is => 'ro', isa => Str, default => 'response' );
118
119
120					has 'data_root' => ( is => 'ro', isa => Str, default => 'list' );
121
122
123					has 'item_root' => ( is => 'ro', isa => Str, default => 'data' );
124
125
126					has 'total_entries_arg' =>
127					( is => 'ro', isa => Str, default => 'totalcount' );
128
129
130					has 'use_json_boolean' => ( is => 'ro', isa => Bool, default => 0 );
131
132
133					has 'return_object' => ( is => 'ro', isa => Bool, default => 0 );
134
135
136					1;
137
138					__END__
139
140					=pod
141
142					=head1 NAME
143
144					Catalyst::Controller::DBIC::API::StaticArguments - Provides controller level configuration arguments
145
146					=head1 VERSION
147
148					version 2.008001
149
150					=head1 DESCRIPTION
151
152					StaticArguments is a role that is composed by the controller to provide
153					configuration parameters such as where to find specific elements in the request
154					data and if to use JSON boolean types.
155
156					=head1 PUBLIC_ATTRIBUTES
157
158					=head2 create_requires create_allows update_requires update_allows
159
160					These attributes control requirements and limits to columns when creating or
161					updating objects.
162
163					Each provides a number of handles:
164
165					"get_${var}_column" => 'get'
166					"set_${var}_column" => 'set'
167					"delete_${var}_column" => 'delete'
168					"insert_${var}_column" => 'insert'
169					"count_${var}_column" => 'count'
170					"all_${var}_columns" => 'elements'
171
172					=head2 prefetch_allows
173
174					prefetch_allows limits what relations may be prefetched when executing searches
175					with joins. This is necessary to avoid denial of service attacks in form of
176					queries which would return a large number of data and unwanted disclosure of
177					data.
178
179					Like the synopsis in DBIC::API shows, you can declare a "template" of what is
180					allowed (by using an '*'). Each element passed in, will be converted into a
181					Data::DPath and added to the validator.
182
183					prefetch_allows => [ 'cds', { cds => tracks }, { cds => producers } ] # to be explicit
184					prefetch_allows => [ 'cds', { cds => '*' } ] # wildcard means the same thing
185
186					=head2 count_arg
187
188					Controls how to reference 'count' in the the request_data, defaults to
189					'list_count'.
190
191					=head2 page_arg
192
193					Controls how to reference 'page' in the the request_data, defaults to
194					'list_page'.
195
196					=head2 offset_arg
197
198					Controls how to reference 'offset' in the the request_data, defaults to
199					'list_offset'.
200
201					=head2 select_arg
202
203					Controls how to reference 'select' in the the request_data, defaults to
204					'list_returns'.
205
206					=head2 as_arg
207
208					Controls how to reference 'as' in the the request_data, defaults to 'as'.
209
210					=head2 search_arg
211
212					Controls how to reference 'search' in the the request_data, defaults to
213					'search'.
214
215					=head2 grouped_by_arg
216
217					Controls how to reference 'grouped_by' in the the request_data, defaults to
218					'list_grouped_by'.
219
220					=head2 ordered_by_arg
221
222					Controls how to reference 'ordered_by' in the the request_data, defaults to
223					'list_ordered_by'.
224
225					=head2 prefetch_arg
226
227					Controls how to reference 'prefetch' in the the request_data, defaults to
228					'list_prefetch'.
229
230					=head2 stash_key
231
232					Controls where in the stash the request_data should be stored, defaults to
233					'response'.
234
235					=head2 data_root
236
237					Controls how to reference where the data is in the the request_data, defaults to
238					'list'.
239
240					=head2 item_root
241
242					Controls how to reference where the data for single object requests is in the
243					the request_data, defaults to 'data'.
244
245					=head2 total_entries_arg
246
247					Controls how to reference 'total_entries' in the the request_data, defaults to
248					'totalcount'.
249
250					=head2 use_json_boolean
251
252					Controls whether JSON boolean types are used in the success parameter of the
253					response or if raw strings are used, defaults to false.
254
255					=head2 return_object
256
257					Controls whether the results of create/update are serialized and returned in
258					the response, defaults to false.
259
260					=head1 AUTHORS
261
262					=over 4
263
264					=item *
265
266					Nicholas Perez <nperez@cpan.org>
267
268					=item *
269
270					Luke Saunders <luke.saunders@gmail.com>
271
272					=item *
273
274					Alexander Hartmaier <abraxxa@cpan.org>
275
276					=item *
277
278					Florian Ragwitz <rafl@debian.org>
279
280					=item *
281
282					Oleg Kostyuk <cub.uanic@gmail.com>
283
284					=item *
285
286					Samuel Kaufman <sam@socialflow.com>
287
288					=back
289
290					=head1 COPYRIGHT AND LICENSE
291
292					This software is copyright (c) 2019 by Luke Saunders, Nicholas Perez, Alexander Hartmaier, et al.
293
294					This is free software; you can redistribute it and/or modify it under
295					the same terms as the Perl 5 programming language system itself.
296
297					=cut