[catagits/Catalyst-Controller-DBIC-API.git] / lib / Catalyst / Controller / DBIC / API / StaticArguments.pm

package Catalyst::Controller::DBIC::API::StaticArguments;

#ABSTRACT: Provides controller level configuration arguments
use Moose::Role;
use MooseX::Types::Moose(':all');
use namespace::autoclean;

requires 'check_column_relation';

=attribute_public create_requires create_allows update_requires update_allows

These attributes control requirements and limits to columns when creating or
updating objects.

Each provides a number of handles:

    "get_${var}_column" => 'get'
    "set_${var}_column" => 'set'
    "delete_${var}_column" => 'delete'
    "insert_${var}_column" => 'insert'
    "count_${var}_column" => 'count'
    "all_${var}_columns" => 'elements'

=cut

foreach my $var (
    qw( create_requires create_allows update_requires update_allows ))
{
    has $var => (
        is      => 'ro',
        isa     => ArrayRef [ Str | HashRef ],
        traits  => ['Array'],
        default => sub { [] },
        trigger => sub {
            my ( $self, $new ) = @_;
            $self->check_column_relation( $_, 1 ) for @$new;
        },
        handles => {
            "get_${var}_column"    => 'get',
            "set_${var}_column"    => 'set',
            "delete_${var}_column" => 'delete',
            "insert_${var}_column" => 'insert',
            "count_${var}_column"  => 'count',
            "all_${var}_columns"   => 'elements',
        }
    );

    before "set_${var}_column" =>
        sub { $_[0]->check_column_relation( $_[2], 1 ) };
    before "insert_${var}_column" =>
        sub { $_[0]->check_column_relation( $_[2], 1 ) };
}

=attribute_public prefetch_allows

prefetch_allows limits what relations may be prefetched when executing searches
with joins. This is necessary to avoid denial of service attacks in form of
queries which would return a large number of data and unwanted disclosure of
data.

Like the synopsis in DBIC::API shows, you can declare a "template" of what is
allowed (by using an '*'). Each element passed in, will be converted into a
Data::DPath and added to the validator.

    prefetch_allows => [ 'cds', { cds => tracks }, { cds => producers } ] # to be explicit
    prefetch_allows => [ 'cds', { cds => '*' } ] # wildcard means the same thing

=cut

has 'prefetch_allows' => (
    is        => 'ro',
    writer    => '_set_prefetch_allows',
    isa       => ArrayRef [ ArrayRef | Str | HashRef ],
    default   => sub { [] },
    predicate => 'has_prefetch_allows',
    traits    => ['Array'],
    handles   => { all_prefetch_allows => 'elements', },
);

has 'prefetch_validator' => (
    is         => 'ro',
    isa        => 'Catalyst::Controller::DBIC::API::Validator',
    lazy_build => 1,
);

sub _build_prefetch_validator {
    my $self = shift;

    sub _check_rel {
        my ( $self, $rel, $static, $validator ) = @_;
        if ( ArrayRef->check($rel) ) {
            foreach my $rel_sub (@$rel) {
                _check_rel( $self, $rel_sub, $static, $validator );
            }
        }
        elsif ( HashRef->check($rel) ) {
            while ( my ( $k, $v ) = each %$rel ) {
                $self->check_has_relation( $k, $v, undef, $static );
            }
            $validator->load($rel);
        }
        else {
            $self->check_has_relation( $rel, undef, undef, $static );
            $validator->load($rel);
        }
    }

    my $validator = Catalyst::Controller::DBIC::API::Validator->new;

    foreach my $rel ( $self->all_prefetch_allows ) {
        _check_rel( $self, $rel, 1, $validator );
    }

    return $validator;
}

=attribute_public count_arg

Controls how to reference 'count' in the the request_data, defaults to
'list_count'.

=cut

has 'count_arg' => ( is => 'ro', isa => Str, default => 'list_count' );

=attribute_public page_arg

Controls how to reference 'page' in the the request_data, defaults to
'list_page'.

=cut

has 'page_arg' => ( is => 'ro', isa => Str, default => 'list_page' );

=attribute_public offset_arg

Controls how to reference 'offset' in the the request_data, defaults to
'list_offset'.

=cut

has 'offset_arg' => ( is => 'ro', isa => Str, default => 'list_offset' );

=attribute_public select_arg

Controls how to reference 'select' in the the request_data, defaults to
'list_returns'.

=cut

has 'select_arg' => ( is => 'ro', isa => Str, default => 'list_returns' );

=attribute_public as_arg

Controls how to reference 'as' in the the request_data, defaults to 'as'.

=cut

has 'as_arg' => ( is => 'ro', isa => Str, default => 'as' );

=attribute_public search_arg

Controls how to reference 'search' in the the request_data, defaults to
'search'.

=cut

has 'search_arg' => ( is => 'ro', isa => Str, default => 'search' );

=attribute_public grouped_by_arg

Controls how to reference 'grouped_by' in the the request_data, defaults to
'list_grouped_by'.

=cut

has 'grouped_by_arg' =>
    ( is => 'ro', isa => Str, default => 'list_grouped_by' );

=attribute_public ordered_by_arg

Controls how to reference 'ordered_by' in the the request_data, defaults to
'list_ordered_by'.

=cut

has 'ordered_by_arg' =>
    ( is => 'ro', isa => Str, default => 'list_ordered_by' );

=attribute_public prefetch_arg

Controls how to reference 'prefetch' in the the request_data, defaults to
'list_prefetch'.

=cut

has 'prefetch_arg' => ( is => 'ro', isa => Str, default => 'list_prefetch' );

=attribute_public stash_key

Controls where in the stash the request_data should be stored, defaults to
'response'.

=cut

has 'stash_key' => ( is => 'ro', isa => Str, default => 'response' );

=attribute_public data_root

Controls how to reference where the data is in the the request_data, defaults to
'list'.

=cut

has 'data_root' => ( is => 'ro', isa => Str, default => 'list' );

=attribute_public item_root

Controls how to reference where the data for single object requests is in the
the request_data, defaults to 'data'.

=cut

has 'item_root' => ( is => 'ro', isa => Str, default => 'data' );

=attribute_public total_entries_arg

Controls how to reference 'total_entries' in the the request_data, defaults to
'totalcount'.

=cut

has 'total_entries_arg' =>
    ( is => 'ro', isa => Str, default => 'totalcount' );

=attribute_public use_json_boolean

Controls whether JSON boolean types are used in the success parameter of the
response or if raw strings are used, defaults to false.

=cut

has 'use_json_boolean' => ( is => 'ro', isa => Bool, default => 0 );

=attribute_public return_object

Controls whether the results of create/update are serialized and returned in
the response, defaults to false.

=cut

has 'return_object' => ( is => 'ro', isa => Bool, default => 0 );

=head1 DESCRIPTION

StaticArguments is a role that is composed by the controller to provide
configuration parameters such as where to find specific elements in the request
data and if to use JSON boolean types.

=cut

1;
Commit	Line	Data
d2739840	1	package Catalyst::Controller::DBIC::API::StaticArguments;
	2
	3	#ABSTRACT: Provides controller level configuration arguments
	4	use Moose::Role;
	5	use MooseX::Types::Moose(':all');
	6	use namespace::autoclean;
	7
	8	requires 'check_column_relation';
	9
	10	=attribute_public create_requires create_allows update_requires update_allows
	11
c0c8e1c6	12	These attributes control requirements and limits to columns when creating or
c0c8e1c6	13	updating objects.
d2739840	14
	15	Each provides a number of handles:
	16
	17	"get_${var}_column" => 'get'
	18	"set_${var}_column" => 'set'
	19	"delete_${var}_column" => 'delete'
	20	"insert_${var}_column" => 'insert'
	21	"count_${var}_column" => 'count'
	22	"all_${var}_columns" => 'elements'
	23
	24	=cut
	25
8ea592cb	26	foreach my $var (
8ea592cb	27	qw( create_requires create_allows update_requires update_allows ))
d2739840	28	{
8ea592cb	29	has $var => (
	30	is => 'ro',
	31	isa => ArrayRef [ Str \| HashRef ],
	32	traits => ['Array'],
d2739840	33	default => sub { [] },
8ea592cb	34	trigger => sub {
	35	my ( $self, $new ) = @_;
	36	$self->check_column_relation( $_, 1 ) for @$new;
d2739840	37	},
8ea592cb	38	handles => {
	39	"get_${var}_column" => 'get',
	40	"set_${var}_column" => 'set',
d2739840	41	"delete_${var}_column" => 'delete',
d2739840	42	"insert_${var}_column" => 'insert',
8ea592cb	43	"count_${var}_column" => 'count',
8ea592cb	44	"all_${var}_columns" => 'elements',
d2739840	45	}
	46	);
	47
8ea592cb	48	before "set_${var}_column" =>
	49	sub { $_[0]->check_column_relation( $_[2], 1 ) };
	50	before "insert_${var}_column" =>
	51	sub { $_[0]->check_column_relation( $_[2], 1 ) };
d2739840	52	}
d2739840	53
c0c8e1c6	54	=attribute_public prefetch_allows
4e5983f2	55
c0c8e1c6	56	prefetch_allows limits what relations may be prefetched when executing searches
	57	with joins. This is necessary to avoid denial of service attacks in form of
	58	queries which would return a large number of data and unwanted disclosure of
	59	data.
4e5983f2	60
c0c8e1c6	61	Like the synopsis in DBIC::API shows, you can declare a "template" of what is
	62	allowed (by using an '*'). Each element passed in, will be converted into a
	63	Data::DPath and added to the validator.
4e5983f2	64
	65	prefetch_allows => [ 'cds', { cds => tracks }, { cds => producers } ] # to be explicit
	66	prefetch_allows => [ 'cds', { cds => '*' } ] # wildcard means the same thing
	67
	68	=cut
	69
	70	has 'prefetch_allows' => (
8ea592cb	71	is => 'ro',
	72	writer => '_set_prefetch_allows',
	73	isa => ArrayRef [ ArrayRef \| Str \| HashRef ],
	74	default => sub { [] },
4e5983f2	75	predicate => 'has_prefetch_allows',
8ea592cb	76	traits => ['Array'],
8ea592cb	77	handles => { all_prefetch_allows => 'elements', },
4e5983f2	78	);
	79
	80	has 'prefetch_validator' => (
8ea592cb	81	is => 'ro',
8ea592cb	82	isa => 'Catalyst::Controller::DBIC::API::Validator',
4e5983f2	83	lazy_build => 1,
	84	);
	85
	86	sub _build_prefetch_validator {
	87	my $self = shift;
	88
	89	sub _check_rel {
8ea592cb	90	my ( $self, $rel, $static, $validator ) = @_;
	91	if ( ArrayRef->check($rel) ) {
	92	foreach my $rel_sub (@$rel) {
	93	_check_rel( $self, $rel_sub, $static, $validator );
4e5983f2	94	}
4e5983f2	95	}
8ea592cb	96	elsif ( HashRef->check($rel) ) {
	97	while ( my ( $k, $v ) = each %$rel ) {
	98	$self->check_has_relation( $k, $v, undef, $static );
4e5983f2	99	}
	100	$validator->load($rel);
	101	}
8ea592cb	102	else {
8ea592cb	103	$self->check_has_relation( $rel, undef, undef, $static );
4e5983f2	104	$validator->load($rel);
	105	}
	106	}
	107
	108	my $validator = Catalyst::Controller::DBIC::API::Validator->new;
	109
8ea592cb	110	foreach my $rel ( $self->all_prefetch_allows ) {
8ea592cb	111	_check_rel( $self, $rel, 1, $validator );
4e5983f2	112	}
	113
	114	return $validator;
	115	}
	116
c0c8e1c6	117	=attribute_public count_arg
d2739840	118
c0c8e1c6	119	Controls how to reference 'count' in the the request_data, defaults to
c0c8e1c6	120	'list_count'.
d2739840	121
	122	=cut
	123
	124	has 'count_arg' => ( is => 'ro', isa => Str, default => 'list_count' );
	125
c0c8e1c6	126	=attribute_public page_arg
d2739840	127
c0c8e1c6	128	Controls how to reference 'page' in the the request_data, defaults to
c0c8e1c6	129	'list_page'.
d2739840	130
	131	=cut
	132
	133	has 'page_arg' => ( is => 'ro', isa => Str, default => 'list_page' );
	134
c0c8e1c6	135	=attribute_public offset_arg
33003023	136
c0c8e1c6	137	Controls how to reference 'offset' in the the request_data, defaults to
c0c8e1c6	138	'list_offset'.
33003023	139
	140	=cut
	141
	142	has 'offset_arg' => ( is => 'ro', isa => Str, default => 'list_offset' );
	143
c0c8e1c6	144	=attribute_public select_arg
d2739840	145
c0c8e1c6	146	Controls how to reference 'select' in the the request_data, defaults to
c0c8e1c6	147	'list_returns'.
d2739840	148
	149	=cut
	150
	151	has 'select_arg' => ( is => 'ro', isa => Str, default => 'list_returns' );
	152
c0c8e1c6	153	=attribute_public as_arg
d2739840	154
c0c8e1c6	155	Controls how to reference 'as' in the the request_data, defaults to 'as'.
d2739840	156
	157	=cut
	158
	159	has 'as_arg' => ( is => 'ro', isa => Str, default => 'as' );
	160
c0c8e1c6	161	=attribute_public search_arg
d2739840	162
c0c8e1c6	163	Controls how to reference 'search' in the the request_data, defaults to
c0c8e1c6	164	'search'.
d2739840	165
	166	=cut
	167
	168	has 'search_arg' => ( is => 'ro', isa => Str, default => 'search' );
	169
c0c8e1c6	170	=attribute_public grouped_by_arg
d2739840	171
c0c8e1c6	172	Controls how to reference 'grouped_by' in the the request_data, defaults to
c0c8e1c6	173	'list_grouped_by'.
d2739840	174
	175	=cut
	176
8ea592cb	177	has 'grouped_by_arg' =>
8ea592cb	178	( is => 'ro', isa => Str, default => 'list_grouped_by' );
d2739840	179
c0c8e1c6	180	=attribute_public ordered_by_arg
d2739840	181
c0c8e1c6	182	Controls how to reference 'ordered_by' in the the request_data, defaults to
c0c8e1c6	183	'list_ordered_by'.
d2739840	184
	185	=cut
	186
8ea592cb	187	has 'ordered_by_arg' =>
8ea592cb	188	( is => 'ro', isa => Str, default => 'list_ordered_by' );
d2739840	189
c0c8e1c6	190	=attribute_public prefetch_arg
d2739840	191
c0c8e1c6	192	Controls how to reference 'prefetch' in the the request_data, defaults to
c0c8e1c6	193	'list_prefetch'.
d2739840	194
	195	=cut
	196
	197	has 'prefetch_arg' => ( is => 'ro', isa => Str, default => 'list_prefetch' );
	198
c0c8e1c6	199	=attribute_public stash_key
810de6af	200
c0c8e1c6	201	Controls where in the stash the request_data should be stored, defaults to
c0c8e1c6	202	'response'.
810de6af	203
	204	=cut
	205
8ea592cb	206	has 'stash_key' => ( is => 'ro', isa => Str, default => 'response' );
810de6af	207
c0c8e1c6	208	=attribute_public data_root
d2739840	209
c0c8e1c6	210	Controls how to reference where the data is in the the request_data, defaults to
c0c8e1c6	211	'list'.
d2739840	212
	213	=cut
	214
8ea592cb	215	has 'data_root' => ( is => 'ro', isa => Str, default => 'list' );
d2739840	216
c0c8e1c6	217	=attribute_public item_root
609916e5	218
c0c8e1c6	219	Controls how to reference where the data for single object requests is in the
c0c8e1c6	220	the request_data, defaults to 'data'.
609916e5	221
	222	=cut
	223
8ea592cb	224	has 'item_root' => ( is => 'ro', isa => Str, default => 'data' );
609916e5	225
c0c8e1c6	226	=attribute_public total_entries_arg
d2739840	227
c0c8e1c6	228	Controls how to reference 'total_entries' in the the request_data, defaults to
c0c8e1c6	229	'totalcount'.
d2739840	230
	231	=cut
	232
8ea592cb	233	has 'total_entries_arg' =>
8ea592cb	234	( is => 'ro', isa => Str, default => 'totalcount' );
d2739840	235
c0c8e1c6	236	=attribute_public use_json_boolean
d2739840	237
c0c8e1c6	238	Controls whether JSON boolean types are used in the success parameter of the
c0c8e1c6	239	response or if raw strings are used, defaults to false.
d2739840	240
	241	=cut
	242
	243	has 'use_json_boolean' => ( is => 'ro', isa => Bool, default => 0 );
	244
c0c8e1c6	245	=attribute_public return_object
d2739840	246
c0c8e1c6	247	Controls whether the results of create/update are serialized and returned in
c0c8e1c6	248	the response, defaults to false.
d2739840	249
	250	=cut
	251
	252	has 'return_object' => ( is => 'ro', isa => Bool, default => 0 );
	253
	254	=head1 DESCRIPTION
	255
c0c8e1c6	256	StaticArguments is a role that is composed by the controller to provide
	257	configuration parameters such as where to find specific elements in the request
	258	data and if to use JSON boolean types.
d2739840	259
	260	=cut
	261
	262	1;