File Coverage

blib/lib/WebAPI/DBIC/Resource/Role/DBICParams.pm

Criterion	Covered	Total	%
statement	12	130	9.2
branch	0	78	0.0
condition	0	16	0.0
subroutine	4	20	20.0
pod	0	3	0.0
total	16	247	6.4

line	stmt	bran	cond	sub	pod	time	code
1							package WebAPI::DBIC::Resource::Role::DBICParams;
2							$WebAPI::DBIC::Resource::Role::DBICParams::VERSION = '0.003002';
3
4	2			2		15649929	use Carp;
	2					11
	2					339
5	2			2		10	use Scalar::Util qw(blessed);
	2					2
	2					338
6	2			2		1120	use Try::Tiny;
	2					5080
	2					103
7
8	2			2		1019	use Moo::Role;
	2					40098
	2					10
9
10
11							requires 'set';
12							requires 'throwable';
13							requires 'prefetch';
14
15							# TODO the params supported by a resource should be determined by the roles
16							# consumed by that resource, plus any extra params it wants to declare support for.
17							# So this should be reworked to enable that.
18
19
20							# we use malformed_request() call from Web::Machine to trigger parameter processing
21							sub malformed_request {
22	0			0	0		my $self = shift;
23
24	0						$self->handle_request_params;
25
26	0						return 0;
27							}
28
29
30							# used to a) define order that params are handled,
31							# and b) to force calling of a handler even if param is missing
32							sub get_param_order {
33	0			0	0		return qw(page rows sort);
34							}
35
36
37							# call _handle_${basename}_param methods for each parameter
38							# where basename is the name with any .suffix removed ('me.id' => 'me')
39							sub handle_request_params {
40	0			0	0		my $self = shift;
41
42	0						my %queue;
43	0						for my $param ($self->param) {
44	0	0					next if $param eq ""; # ignore empty parameters
45
46	0						my @v = $self->param($param);
47							# XXX we don't handle multiple params which appear more than once
48	0	0					die "Multiple $param parameters are not supported\n" if @v > 1;
49
50							# parameters with names containing a '.' are assumed to be search criteria
51							# this covers both 'me.field=foo' and 'relname.field=bar'
52	0	0					if ($param =~ /^\w+\.\w+/) {
53	0						$param =~ s/^me\.(\w+\.\w+)/$1/; # handle deprecated 'me.relname.fieldname' form
54	0						$queue{search_criteria}->{$param} = $v[0];
55	0						next;
56							}
57	0	0					die "Explicit search_criteria param not allowed"
58							if $param eq 'search_criteria';
59
60							# for parameters with names like foo[x]=3&foo[y]=4
61							# we accumulate the value as a hash { x => 3, y => 4 }
62	0	0					if ($param =~ /^(\w+)\[(\w+)\]$/) {
63	0	0	0				die "$param=$v[0] can't follow $param=$queue{$param} parameter\n"
64							if $queue{$1} and not ref $queue{$1};
65	0						$queue{$1}{$2} = $v[0];
66							}
67							else {
68	0	0	0				die "$param=$v[0] can't follow $param=$queue{$param} parameter\n"
69							if $queue{$param} and ref $queue{$param};
70	0	0					$param = 'sort' if $param eq 'order'; # XXX back-compat
71	0						$queue{$param} = $v[0];
72							}
73							}
74
75							# call handlers in desired order, then any remaining ones
76	0						my %done;
77	0						for my $param ($self->get_param_order, keys %queue) {
78	0	0					next if $done{$param}++;
79	0						my $value = delete $queue{$param};
80
81	0						my $method = "_handle_${param}_param";
82	0	0					unless ($self->can($method)) {
83	0						die "The $param parameter is not supported by the $self resource\n";
84							}
85	0						$self->$method($value, $param);
86							}
87
88	0						return 0;
89							}
90
91
92							## no critic (ProhibitUnusedPrivateSubroutines)
93
94							sub _handle_rows_param {
95	0			0			my ($self, $value) = @_;
96	0	0					$value = 30 unless defined $value;
97	0						$self->set( $self->set->search_rs(undef, { rows => $value }) );
98	0						return;
99							}
100
101
102							sub _handle_page_param {
103	0			0			my ($self, $value) = @_;
104	0	0					$value = 1 unless defined $value;
105	0						$self->set( $self->set->search_rs(undef, { page => $value }) );
106	0						return;
107							}
108
109
110	0			0			sub _handle_with_param { }
111
112
113	0			0			sub _handle_rollback_param { }
114
115
116							sub _handle_search_criteria_param {
117	0			0			my ($self, $value) = @_;
118	0						$self->set( $self->set->search_rs($value) );
119	0						return;
120							}
121
122							sub _handle_prefetch_param {
123	0			0			my ($self, $value) = @_;
124
125							# Prefetchs/join in DBIC accepts either:
126							# prefetch => relname OR
127							# prefetch => [relname1, relname2] OR
128							# prefetch => {relname1 => relname_on_relname1} OR
129							# prefetch => [{relname1 => [{relname_on_relname1 => relname_on_relname_on_relname1}, other_relname_on_relaname1]},relname2] ETC
130
131							# Noramalise all prefetches to most complicated form.
132							#Â eg &prefetch=foo,bar or &prefetch.json={...}
133	0						my $prefetch = $self->_resolve_prefetch($value, $self->set->result_source);
134
135	0	0					return unless scalar @$prefetch;
136							# XXX hack?: perhaps use {embedded}{$key} = sub { ... };
137							# see lib/WebAPI/DBIC/Resource/Role/DBIC.pm
138	0						$self->prefetch( $prefetch ); # include self, even if deleted below
139	0						$prefetch = [grep { !defined $_->{self}} @$prefetch];
	0
140
141	0	0					my $prefetch_or_join = $self->param('fields') ? 'join' : 'prefetch';
142	0	0					$self->set( $self->set->search_rs(undef, { $prefetch_or_join => $prefetch }))
143							if scalar @$prefetch;
144
145	0						return;
146							}
147
148							sub _resolve_prefetch {
149	0			0			my ($self, $prefetch, $result_class) = @_;
150	0						my @errors;
151
152							# Here we recursively resolve each of the prefetches to normalise them all to the most complicated
153							# form that can exist. The results will be a ArrayRef of HashRefs that can be passed to DBIC
154							# directly.
155							# This code is largely taken from the _resolve_join subroutine in DBIx::Class
156
157	0	0	0				return [] unless defined $prefetch and length $prefetch;
158	0						my @return;
159
160	0	0					if (ref $prefetch eq 'ARRAY') {
		0
		0
161	0						push @return, map {
162	0						$self->_resolve_prefetch($_, $result_class)
163							} @$prefetch;
164							} elsif (ref $prefetch eq 'HASH') {
165	0						for my $rel (keys %$prefetch) {
166	0	0					next if $rel eq 'self';
167
168	0	0					if (my @validate_errors = $self->_validate_relationship($result_class, $rel)) {
169	0						push @errors, @validate_errors;
170							} else {
171	0						push @return, {
172							$rel => $self->_resolve_prefetch($prefetch->{$rel}, $result_class->related_source($rel))
173							};
174							}
175							}
176							} elsif (ref $prefetch) {
177	0						push @errors,
178							"No idea how to resolve prefetch reftype ".ref $prefetch;
179							} else {
180	0						for my $rel (split ',', $prefetch) {
181	0						my @validate_errors = $self->_validate_relationship($result_class, $rel);
182	0	0	0				if ($rel ne 'self' && scalar @validate_errors) {
183	0						push @errors, @validate_errors;
184							} else {
185	0						push @return, {
186							$rel => {},
187							};
188							}
189							}
190							}
191
192	0	0					$self->throwable->throw_bad_request(400, errors => \@errors)
193							if @errors;
194
195	0						return \@return;
196							}
197
198							sub _validate_relationship {
199	0			0			my ($self, $result_class, $rel) = @_;
200	0						my @errors;
201
202							my $rel_info;
203							try {
204	0			0			$rel_info = $result_class->relationship_info($rel);
205	0						local $SIG{__DIE__}; # avoid strack trace from these dies:
206	0	0					die "no relationship with that name\n"
207							if not $rel_info;
208	0	0					die "relationship is $rel_info->{attrs}{accessor} but only single, filter and multi are supported\n"
209							if not $rel_info->{attrs}{accessor} =~ m/^(?:single\|filter\|multi)$/; # sanity
210							}
211							catch {
212	0			0			push @errors, {
213							$rel => $_,
214							_meta => {
215							relationship => $rel_info,
216							relationships => [ sort $result_class->relationships ]
217							}, # XXX
218							};
219	0						};
220
221	0						return @errors;
222							}
223
224							sub _handle_fields_param {
225	0			0			my ($self, $value) = @_;
226	0						my @columns;
227
228	0	0					if (ref $value eq 'ARRAY') {
229	0						@columns = @$value;
230							}
231							else {
232	0						@columns = split /\s,\s/, $value;
233							}
234
235	0						for my $clause (@columns) {
236							# we take care to avoid injection risks
237	0						my ($field) = ($clause =~ /^ ([a-z0-9_\.]*) $/x);
238	0	0					$self->throwable->throw_bad_request(400, errors => [{
239							parameter => "invalid fields clause",
240							_meta => { fields => $field, }, # XXX
241							}]) if not defined $field;
242							}
243
244	0	0					$self->set( $self->set->search_rs(undef, { columns => \@columns }) )
245							if @columns;
246
247	0						return;
248							}
249
250
251							sub _handle_sort_param {
252	0			0			my ($self, $value) = @_;
253	0						my @order_spec;
254
255							# to support sort[typename]=... we need to be able to make type names
256							# to relationship names that map to the type and are included in the query
257							# (there might be more than one relationship on 'me' that leads to
258							# the same resource type so there's a potential ambiguity)
259	0	0					if (ref $value) {
260	0						$self->throwable->throw_bad_request(400, errors => [{
261							parameter => "per-type sort specifiers are not supported yet",
262							_meta => { sort => $value, }, # XXX
263							}]);
264							}
265
266	0	0					if (not defined $value) {
267	0						$value = (join ",", map { "me.$_" } $self->set->result_source->primary_columns);
	0
268							}
269
270	0						for my $clause (split /,/, $value) {
271
272							# we take care to avoid injection risks
273	0						my ($field, $dir);
274	0	0					if ($clause =~ /^ ([a-z0-9_\.]*)\b (?:\s+(asc\|desc))? $/xi) {
		0
275	0		0				($field, $dir) = ($1, $2 \|\| 'asc');
276							}
277							elsif ($clause =~ /^ (-?) ([a-z0-9_\.]*)$/xi) {
278	0	0					($field, $dir) = ($2, ($1) ? 'desc' : 'asc');
279							}
280
281	0	0					unless (defined $field) {
282	0						$self->throwable->throw_bad_request(400, errors => [{
283							parameter => "invalid order clause",
284							_meta => { order => $clause, }, # XXX
285							}]);
286							}
287
288							# https://metacpan.org/pod/SQL::Abstract#ORDER-BY-CLAUSES
289	0						push @order_spec, { "-$dir" => $field };
290							}
291
292	0	0					$self->set( $self->set->search_rs(undef, { order_by => \@order_spec }) )
293							if @order_spec;
294
295	0						return;
296							}
297
298
299							sub _handle_distinct_param {
300	0			0			my ($self, $value) = @_;
301	0						my @errors;
302
303							# these restrictions avoid edge cases we don't want to deal with yet
304	0		0				my $sort = $self->param('sort') \|\| $self->param('order'); #Â XXX insufficient
305	0	0					push @errors, "distinct param requires sort (or order) param"
306							unless $sort;
307	0	0					push @errors, "distinct param requires fields param"
308							unless $self->param('fields');
309	0	0					push @errors, "distinct param requires fields and orders parameters to have same value"
310							unless $self->param('fields') eq $sort;
311	0						my $errors = join(", ", @errors);
312	0	0					die "$errors\n" if $errors; # TODO throw?
313
314	0						$self->set( $self->set->search_rs(undef, { distinct => $value }) );
315
316	0						return;
317							}
318
319
320
321							1;
322
323							__END__
324
325							=pod
326
327							=encoding UTF-8
328
329							=head1 NAME
330
331							WebAPI::DBIC::Resource::Role::DBICParams
332
333							=head1 VERSION
334
335							version 0.003002
336
337							=head1 NAME
338
339							WebAPI::DBIC::Resource::Role::DBICParams - methods for handling url parameters
340
341							=head1 AUTHOR
342
343							Tim Bunce <Tim.Bunce@pobox.com>
344
345							=head1 COPYRIGHT AND LICENSE
346
347							This software is copyright (c) 2015 by Tim Bunce.
348
349							This is free software; you can redistribute it and/or modify it under
350							the same terms as the Perl 5 programming language system itself.
351
352							=cut