module Validations

class ParamsScope

attr_accessor :element, :parent, :index

attr_reader :type

include Grape::DSL::Parameters

# Open up a new ParamsScope, allowing parameter definitions per

# Grape::DSL::Params.

# @param opts [Hash] options for this scope

# @option opts :element [Symbol] the element that contains this scope; for

# this to be relevant, @parent must be set

# @option opts :parent [ParamsScope] the scope containing this scope

# @option opts :api [API] the API endpoint to modify

# @option opts :optional [Boolean] whether or not this scope needs to have

# any parameters set or not

# @option opts :type [Class] a type meant to govern this scope (deprecated)

# @option opts :type [Hash] group options for this scope

# @option opts :dependent_on [Symbol] if present, this scope should only

# validate if this param is present in the parent scope

# @yield the instance context, open for parameter definitions

def initialize(opts, &block)

@element = opts[:element]

@parent = opts[:parent]

@api = opts[:api]

@optional = opts[:optional] || false

@type = opts[:type]

@group = opts[:group] || {}

@dependent_on = opts[:dependent_on]

@declared_params = []

@index = nil

instance_eval(&block) if block_given?

configure_declared_params

end

def configuration

@api.configuration.evaluate

end

# @return [Boolean] whether or not this entire scope needs to be

# validated

def should_validate?(parameters)

scoped_params = params(parameters)

return false if @optional && (scoped_params.blank? || all_element_blank?(scoped_params))

return false unless meets_dependency?(scoped_params, parameters)

return true if parent.nil?

parent.should_validate?(parameters)

end

def meets_dependency?(params, request_params)

if @parent.present? && !@parent.meets_dependency?(@parent.params(request_params), request_params)

return false

end

return true unless @dependent_on

return params.any? { |param| meets_dependency?(param, request_params) } if params.is_a?(Array)

return false unless params.respond_to?(:with_indifferent_access)

params = params.with_indifferent_access

@dependent_on.each do |dependency|

if dependency.is_a?(Hash)

dependency_key = dependency.keys[0]

proc = dependency.values[0]

return false unless proc.call(params.try(:[], dependency_key))

elsif params.respond_to?(:key?) && params.try(:[], dependency).blank?

return false

end

end

true

end

# @return [String] the proper attribute name, with nesting considered.

def full_name(name, index: nil)

if nested?

# Find our containing element's name, and append ours.

"#{@parent.full_name(@element)}#{brackets(@index || index)}#{brackets(name)}"

elsif lateral?

# Find the name of the element as if it was at the same nesting level

# as our parent. We need to forward our index upward to achieve this.

@parent.full_name(name, index: @index)

else

# We must be the root scope, so no prefix needed.

name.to_s

end

end

def brackets(val)

"[#{val}]" if val

end

# @return [Boolean] whether or not this scope is the root-level scope

def root?

!@parent

end

# A nested scope is contained in one of its parent's elements.

# @return [Boolean] whether or not this scope is nested

def nested?

@parent && @element

end

# A lateral scope is subordinate to its parent, but its keys are at the

# same level as its parent and thus is not contained within an element.

# @return [Boolean] whether or not this scope is lateral

def lateral?

@parent && !@element

end

# @return [Boolean] whether or not this scope needs to be present, or can

# be blank

def required?

!@optional

end

protected

# Adds a parameter declaration to our list of validations.

# @param attrs [Array] (see Grape::DSL::Parameters#requires)

def push_declared_params(attrs, **opts)

if lateral?

@parent.push_declared_params(attrs, **opts)

else

if opts && opts[:as]

@api.route_setting(:renamed_params, @api.route_setting(:renamed_params) || [])

@api.route_setting(:renamed_params) << { attrs.first => opts[:as] }

attrs = [opts[:as]]

end

@declared_params.concat attrs

end

end

private

def require_required_and_optional_fields(context, opts)

if context == :all

optional_fields = Array(opts[:except])

required_fields = opts[:using].keys - optional_fields

else # context == :none

required_fields = Array(opts[:except])

optional_fields = opts[:using].keys - required_fields

end

required_fields.each do |field|

field_opts = opts[:using][field]

raise ArgumentError, "required field not exist: #{field}" unless field_opts

requires(field, field_opts)

end

optional_fields.each do |field|

field_opts = opts[:using][field]

optional(field, field_opts) if field_opts

end

end

def require_optional_fields(context, opts)

optional_fields = opts[:using].keys

optional_fields -= Array(opts[:except]) unless context == :all

optional_fields.each do |field|

field_opts = opts[:using][field]

optional(field, field_opts) if field_opts

end

end

def validate_attributes(attrs, opts, &block)

validations = opts.clone

validations[:type] ||= Array if block

validates(attrs, validations)

end

# Returns a new parameter scope, subordinate to the current one and nested

# under the parameter corresponding to `attrs.first`.

# @param attrs [Array] the attributes passed to the `requires` or

# `optional` invocation that opened this scope.

# @param optional [Boolean] whether the parameter this are nested under

# is optional or not (and hence, whether this block's params will be).

# @yield parameter scope

def new_scope(attrs, optional = false, &block)

# if required params are grouped and no type or unsupported type is provided, raise an error

type = attrs[1] ? attrs[1][:type] : nil

if attrs.first && !optional

raise Grape::Exceptions::MissingGroupTypeError.new if type.nil?

raise Grape::Exceptions::UnsupportedGroupTypeError.new unless Grape::Validations::Types.group?(type)

end

self.class.new(

api: @api,

element: attrs[1][:as] || attrs.first,

parent: self,

optional: optional,

type: type || Array,

&block

)

end

# Returns a new parameter scope, not nested under any current-level param

# but instead at the same level as the current scope.

# @param options [Hash] options to control how this new scope behaves

# @option options :dependent_on [Symbol] if given, specifies that this

# scope should only validate if this parameter from the above scope is

# present

# @yield parameter scope

def new_lateral_scope(options, &block)

self.class.new(

api: @api,

element: nil,

parent: self,

options: @optional,

type: type == Array ? Array : Hash,

dependent_on: options[:dependent_on],

&block

)

end

# Returns a new parameter scope, subordinate to the current one and nested

# under the parameter corresponding to `attrs.first`.

# @param attrs [Array] the attributes passed to the `requires` or

# `optional` invocation that opened this scope.

# @yield parameter scope

def new_group_scope(attrs, &block)

self.class.new(

api: @api,

parent: self,

group: attrs.first,

&block

)

end

# Pushes declared params to parent or settings

def configure_declared_params

if nested?

@parent.push_declared_params [element => @declared_params]

else

@api.namespace_stackable(:declared_params, @declared_params)

@api.route_setting(:declared_params, []) unless @api.route_setting(:declared_params)

@api.route_setting(:declared_params, @api.namespace_stackable(:declared_params).flatten)

end

end

def validates(attrs, validations)

doc_attrs = { required: validations.key?(:presence) }

coerce_type = infer_coercion(validations)

doc_attrs[:type] = coerce_type.to_s if coerce_type

desc = validations.delete(:desc) || validations.delete(:description)

doc_attrs[:desc] = desc if desc

default = validations[:default]

doc_attrs[:default] = default if validations.key?(:default)

if (values_hash = validations[:values]).is_a? Hash

values = values_hash[:value]

# NB: excepts is deprecated

excepts = values_hash[:except]

else

values = validations[:values]

end

doc_attrs[:values] = values if values

except_values = options_key?(:except_values, :value, validations) ? validations[:except_values][:value] : validations[:except_values]

# NB. values and excepts should be nil, Proc, Array, or Range.

# Specifically, values should NOT be a Hash

# use values or excepts to guess coerce type when stated type is Array

coerce_type = guess_coerce_type(coerce_type, values, except_values, excepts)

# default value should be present in values array, if both exist and are not procs

check_incompatible_option_values(default, values, except_values, excepts)

# type should be compatible with values array, if both exist

validate_value_coercion(coerce_type, values, except_values, excepts)

doc_attrs[:documentation] = validations.delete(:documentation) if validations.key?(:documentation)

full_attrs = attrs.collect { |name| { name: name, full_name: full_name(name) } }

@api.document_attribute(full_attrs, doc_attrs)

opts = derive_validator_options(validations)

# Validate for presence before any other validators

if validations.key?(:presence) && validations[:presence]

validate('presence', validations[:presence], attrs, doc_attrs, opts)

validations.delete(:presence)

validations.delete(:message) if validations.key?(:message)

end

# Before we run the rest of the validators, let's handle

# whatever coercion so that we are working with correctly

# type casted values

coerce_type validations, attrs, doc_attrs, opts

validations.each do |type, options|

validate(type, options, attrs, doc_attrs, opts)

end

end

# Validate and comprehend the +:type+, +:types+, and +:coerce_with+

# options that have been supplied to the parameter declaration.

# The +:type+ and +:types+ options will be removed from the

# validations list, replaced appropriately with +:coerce+ and

# +:coerce_with+ options that will later be passed to

# {Validators::CoerceValidator}. The type that is returned may be

# used for documentation and further validation of parameter

# options.

#

# @param validations [Hash] list of validations supplied to the

# parameter declaration

# @return [class-like] type to which the parameter will be coerced

# @raise [ArgumentError] if the given type options are invalid

def infer_coercion(validations)

if validations.key?(:type) && validations.key?(:types)

raise ArgumentError, ':type may not be supplied with :types'

end

validations[:coerce] = (options_key?(:type, :value, validations) ? validations[:type][:value] : validations[:type]) if validations.key?(:type)

validations[:coerce_message] = (options_key?(:type, :message, validations) ? validations[:type][:message] : nil) if validations.key?(:type)

validations[:coerce] = (options_key?(:types, :value, validations) ? validations[:types][:value] : validations[:types]) if validations.key?(:types)

validations[:coerce_message] = (options_key?(:types, :message, validations) ? validations[:types][:message] : nil) if validations.key?(:types)

validations.delete(:types) if validations.key?(:types)

coerce_type = validations[:coerce]

# Special case - when the argument is a single type that is a

# variant-type collection.

if Types.multiple?(coerce_type) && validations.key?(:type)

validations[:coerce] = Types::VariantCollectionCoercer.new(

coerce_type,

validations.delete(:coerce_with)

)

end

validations.delete(:type)

coerce_type

end

# Enforce correct usage of :coerce_with parameter.

# We do not allow coercion without a type, nor with

# +JSON+ as a type since this defines its own coercion

# method.

def check_coerce_with(validations)

return unless validations.key?(:coerce_with)

# type must be supplied for coerce_with..

raise ArgumentError, 'must supply type for coerce_with' unless validations.key?(:coerce)

# but not special JSON types, which

# already imply coercion method

return unless [JSON, Array[JSON]].include? validations[:coerce]

raise ArgumentError, 'coerce_with disallowed for type: JSON'

end

# Add type coercion validation to this scope,

# if any has been specified.

# This validation has special handling since it is

# composited from more than one +requires+/+optional+

# parameter, and needs to be run before most other

# validations.

def coerce_type(validations, attrs, doc_attrs, opts)

check_coerce_with(validations)

return unless validations.key?(:coerce)

coerce_options = {

type: validations[:coerce],

method: validations[:coerce_with],

message: validations[:coerce_message]

}

validate('coerce', coerce_options, attrs, doc_attrs, opts)

validations.delete(:coerce_with)

validations.delete(:coerce)

validations.delete(:coerce_message)

end

def guess_coerce_type(coerce_type, *values_list)

return coerce_type unless coerce_type == Array

values_list.each do |values|

next if !values || values.is_a?(Proc)

return values.first.class if values.is_a?(Range) || !values.empty?

end

coerce_type

end

def check_incompatible_option_values(default, values, except_values, excepts)

return unless default && !default.is_a?(Proc)

if values && !values.is_a?(Proc)

raise Grape::Exceptions::IncompatibleOptionValues.new(:default, default, :values, values) \

unless Array(default).all? { |def_val| values.include?(def_val) }

end

if except_values && !except_values.is_a?(Proc)

raise Grape::Exceptions::IncompatibleOptionValues.new(:default, default, :except, except_values) \

unless Array(default).none? { |def_val| except_values.include?(def_val) }

end

return unless excepts && !excepts.is_a?(Proc)

raise Grape::Exceptions::IncompatibleOptionValues.new(:default, default, :except, excepts) \

unless Array(default).none? { |def_val| excepts.include?(def_val) }

end

def validate(type, options, attrs, doc_attrs, opts)

validator_class = Validations.validators[type.to_s]

raise Grape::Exceptions::UnknownValidator.new(type) unless validator_class

validator_options = {

attributes: attrs,

options: options,

required: doc_attrs[:required],

params_scope: self,

opts: opts,

validator_class: validator_class

}

@api.namespace_stackable(:validations, validator_options)

end

def validate_value_coercion(coerce_type, *values_list)

return unless coerce_type

coerce_type = coerce_type.first if coerce_type.is_a?(Array)

values_list.each do |values|

next if !values || values.is_a?(Proc)

value_types = values.is_a?(Range) ? [values.begin, values.end] : values

if coerce_type == Grape::API::Boolean

value_types = value_types.map { |type| Grape::API::Boolean.build(type) }

end

unless value_types.all? { |v| v.is_a? coerce_type }

raise Grape::Exceptions::IncompatibleOptionValues.new(:type, coerce_type, :values, values)

end

end

end

def extract_message_option(attrs)

return nil unless attrs.is_a?(Array)

opts = attrs.last.is_a?(Hash) ? attrs.pop : {}

opts.key?(:message) && !opts[:message].nil? ? opts.delete(:message) : nil

end

def options_key?(type, key, validations)

validations[type].respond_to?(:key?) && validations[type].key?(key) && !validations[type][key].nil?

end

def all_element_blank?(scoped_params)

scoped_params.respond_to?(:all?) && scoped_params.all?(&:blank?)

end

# Validators don't have access to each other and they don't need, however,

# some validators might influence others, so their options should be shared

def derive_validator_options(validations)

allow_blank = validations[:allow_blank]

{

allow_blank: allow_blank.is_a?(Hash) ? allow_blank[:value] : allow_blank,

fail_fast: validations.delete(:fail_fast) || false

}

end

end

end