CHANGELOG.md

Changelog

1.5.8 (2024-09-11)

• Also allow single path segments as symbols instead of array for authorize_param's path argument. Before, paths that were not arrays would lead to the param authorization being ignored silently.

  Internal reference: #128987.

1.5.7 (2024-08-22)

• Fix compatibility issue with older versions of Rails introduced in version 1.5.6

1.5.6 (2024-08-22)

• #42 Bump nokogiri from 1.16.2 to 1.16.5 to mitigate CVE

• Lock the version of sqlite3 to <2.0.0 in order to mitigate sqlite3 errors in CI.

  Internal reference: #127570.

• Modernize deprecation handling to fix the issue where deprecation warnings would lead to deprecation warnings themselves.

  Internal reference: #128487.

• Freeze default empty array in RailsOps::Context#op_chain.

1.5.5 (2024-03-14)

• Add instance method lock_model_at_build? to RailsOps::Operation::Model::Load in order to allow dynamic decision whether locking should occur.

1.5.4 (2024-01-10)

• Update documentation

• Add ruby 3.3.0 to CI

1.5.3 (2024-01-10)

• Tag with no changes

1.5.2 (2024-01-10)

• Tag with no changes

1.5.1 (2024-01-10)

• Update documentation

1.5.0 (2023-10-30)

• Fix deprecation warnings for rails >= 7.1

• Add Rails 7.1 to CI

• Remove Ruby 2.6.2 from CI

• Update schemacop dependency to >= 3.0.0

Upgrading

Schemacop 3.0 still features the same functionality as version 2 for backwards-compatibility, and as such you can keep your schemacop 2 schemas as they are.

1.4.8 (2023-10-12)

• Keep original validation error message when rescue_validation_error_in_controller is enabled

1.4.7 (2023-10-09)

• Add parameter override to static model method in model operations

1.4.6 (2023-07-25)

• Make sure that RailsOps::Exceptions::SubOpValidationFailed always results in an Error 500 when handled by a Rails controller.

  Internal reference: #114719.

1.4.5 (2023-07-10)

• Fix bug introduced in previous release 1.4.4.

  Internal reference: #114719.

1.4.4 (2023-07-10)

• Adapt method sub_op to catch <op-class>.validation_errors and re-throw them as RailsOps::Exceptions::SubOpValidationFailed.

  Internal reference: #114719.

1.4.3 (2023-03-27)

• Extend the operation generator to accept additional flags to skip the generation of certain actions. In particular, the --skip-index, --skip-show, --skip-create, --skip-update and --skip-destroy flags were added.

  Internal reference: #111041.

1.4.2 (2023-03-27)

• Update the operation generator such that it complies with the naming conventions laid out in Placing and naming operations. The path were the operations reside and the validation schema key are now generated in singular.

  Internal reference: #111055.

1.4.1 (2023-02-21)

• Fix specifying custom param_key when nesting model operations

1.4.0 (2023-02-21)

Changes

• #33: Improve resolving param_key in nested model operations.

Upgrading

Please see #33 for more information on this change. If all of your operations follow the standard naming conventions (e.g. Operations::User::Update for updating a model named User), no changes will be necessary. If you don't, you may need to manually specify a param_key when using nested model operations (see Model nesting for more information).

1.3.0 (2023-01-23)

• Add lock_mode DSL method
• Set Load operations to use shared locking, and Update and Destroy operations to use exclusive locking. Please make sure your operations inherit from the correct parent operation, and change the locking mode if it is not the correct one for your operation. More info can be found in the section "Locking" in the Readme

1.2.3 (2023-01-04)

• Fix marshalling of operation models. This is especially useful for use in conjunction with minitest >= 5.16.0, where exceptions must be marshallable and, as ActiveRecord::RecordInvalid exceptions include the record which in turn points to a operation model, the record must be marshallable.

  Internal reference: #108386.

1.2.2 (2022-10-24)

• Adapt param authorization to work in policy chain on_init. This has the effect that param authorization runs even when the operation is not performed, e.g. in Model::Load operations.

  Internal reference: #105855.

1.2.1 (2022-08-15)

• Also raise Schemacop::Exceptions::ValidationError in development mode when the schema validation fails.

• Raise Schemacop::Exceptions::ValidationError in XHR requests when schema validation fails instead of responding directly with a 400 status code.

1.2.0 (2022-08-05)

• Rescue Schemacop::Exceptions::ValidationError in controller mixin and respond with response code 400. Please see the section Schema best practices in the readme for more information.

• Add config setting rescue_validation_error_in_controller to enable/disable the newly added behaviour

• Update Readme with section about best practices

• Remove Rails 5.1 and 5.2 from the CI, as well as Ruby 2.5.1 as they were EOL for quite a while now.

1.1.31 (2022-04-19)

• Deprecate undocumented virtual_has_one feature

1.1.30 (2022-02-18)

• PR#27: Update id schemata in templates

1.1.29 (2022-02-17)

• Fix sti type not correct on creating of record

1.1.28 (2022-02-16)

• #22: Fix error with active_type >= 2

1.1.27 (2022-02-15)

• Add module option to operation generator

1.1.26 (2022-01-18)

• #25: Add test matrix for unit tests

• Add compatibility for Rails 7 and Ruby 3.1.0

1.1.25 (2022-01-17)

• #24: Add generator operation that generates a controller, operations and empty view files

1.1.24 (2021-11-24)

• Add support for STI in model operations

1.1.23 (2021-11-01)

• No changes to previous release

1.1.22 (2021-11-01)

• Add support for lazy model authorization

1.1.21 (2021-06-23)

• Fix using model operations in conjunction with Single Table Inheritance (STI)

1.1.20 (2021-02-18)

• Fix warnings with Ruby 2.7

1.1.19 (2021-02-16)

• Fix warnings with Ruby 2.7

1.1.18 (2021-02-16)

• Adapt signature of schema3 method to support other types than hashes

1.1.17 (2021-02-10)

• Add operation class method skip_schema_validation

• Add operation instance method validate_op_schema!

1.1.16 (2021-01-26)

• Update dependency to support schemacop version 3

1.1.15 (2021-01-06)

• Allow active_type >= 1.3.0

1.1.14 (2020-12-22)

• Fix validation of unchanged nested models.

1.1.13 (2020-11-23)

• Update support for upcoming Schemacop 3

1.1.12 (2020-11-24)

• Add support for upcoming Schemacop 3. It is still backwards compatible and the schemacop schema version still defaults to 2.

  Note that support for the new Schemacop 3 features is not yet documented.

1.1.11 (2020-10-29)

• Add method lazy_model to RailsOps::Operation::Model

1.1.10 (2020-08-29)

• Fix parameter inspection bug introduced in 1.1.9.

1.1.9 (2020-08-28)

• Gracefully filter params when inspecting an operation. If the params included numeric keys in rails < 6, this lead to an error. This error is now handeled gracefully and params are not inspected.

• Do not call inspect every time an op is run

1.1.8 (2020-07-08)

• Fix bug where only the first hooked operation was called

1.1.7 (2020-06-18)

• Add controller / helper method model?

1.1.6 (2020-04-08)

• Fix suppressed validation errors by operations called via hookup. Now the exception {RailsOps::Exceptions::HookupOpValidationFailed} is thrown if a hook target operation throws a validation error throws a validation error

1.1.5 (2020-03-23)

• Upgrade active_type to ~> 1.3.0 for Rails 6 compatibility

1.1.4 (2020-03-10)

• Remove debug output.

1.1.3 (2020-03-05)

• Fix bug introduced in 1.1.0 where params of operations with a schemacop schema were not using "indifferent access" anymore.

1.1.2 (2020-03-02)

• Include the ControllerMixin after ActionController::Base has been loaded, as directly calling ActionController::Base.send :include, RailsOps::ControllerMixin in the railtie causes the ActionController::Base to be loaded during Initialization, which is undesirable and will be an error in future Rails versions.

1.1.1 (2020-03-02)

• Do not require default (CanCanCan) authorization backend anymore so that the Gem cancancan is not required by default anymore. If you are using the default authentication backend, add the following line to the top of your config/initializers/rails_ops.rb file:

  require 'rails_ops/authorization_backend/can_can_can.rb'
  ``

1.1.0 (2020-02-25)

• Breaking changes:

  • Schema validations defined with schema are now always run on operation instantiation and not, as before, at time of before_perform.

  • The argument policy_chain for the static operation method schema is now removed.

  • Schema validation now overrides the params hash with the return value from Schemacop. This means that Schemacop defaults and casts now can be used for operation params (with both params and osparams methods).

  • RailsOps now requires schemacop ~> 2.4.2.

1.0.21 (2020-02-13)

• Exclude param named format from op_params.

1.0.20 (2020-02-13)

• Add param authorization functionality using authorize_param

1.0.19 (2020-02-11)

• Fix examples in readme

1.0.18 (2020-01-21)

• Pass option required to the underlying belongs_to in virtual_has_one. This fixes an issue where, in Rails > 5, all associations created with virtual_has_one were considered required.

1.0.17 (2020-01-17)

• Add global option config.ensure_authorize_called (defaults to true to be compatible with previous versions)

1.0.16 (2019-10-07)

• Add option allow_id to nest_model_op in order to allow passing IDs to sub-operations. Set to false by default to mimic current behavior.

1.0.15 (2019-09-23)

• Fix bug introduced in 1.0.14 where the controller mixin failed with an exception

1.0.14 (2019-09-23)

• Ensure compatibility with Rails 3.2.

1.0.13 (2019-08-27)

• Set the name of nested params to the modelname, not to the fieldname. This is a follow up from 1.0.11.

1.0.12 (2019-08-20)

• {RailsOps::Context#spawn} now dynamically inferrs current class name in order to spawn a new context. This allows you to subclass the context class and have it spawned with the correct class.

1.0.11 (2019-07-29)

• It is now possible to have nested model ops on belongs_to relations with explicit class_name.

1.0.10 (2019-07-23)

• Fix defined? calls in controller mixin so that the mixin can be used without defining current_user or current_ability.

1.0.9 (2019-05-29)

• Changes to development setup

1.0.8 (2019-05-29)

• Fix #14 Policy chain after_perform is never called.

1.0.7 (2019-04-25)

• It is now possible to add a policy in front of the policy chain instead of the end. It is however not guaranteed to be the first policy to be run since multiple policies can be prepended to the chain. A prepended policy can't access the operation model, since it is not set yet.

  See PR#12.

1.0.6 (2019-04-10)

• Fix automatic controller mixin introduced in 1.0.4. Including the mixin into ApplicationController lead to random user-defined helpers not being loaded anymore. The mixin is now included into ActionController::Base instead.

1.0.5 (2019-04-09)

• Add missing controller mixin automatically so that no (undocumented) manual include is necessary.

1.0.4 (2019-04-03)

• Add global option config.trigger_hookups_without_authorization (defaults to true to be compatible with previous versions)

1.0.3 (2019-03-18)

• Add missing imports of required third-party gems

• Add policy chain before_model_save for model operations

• Add policy chain before_nested_model_ops for model operations

• If existing, use ActiveSupport::ParameterFilter over ActionDispatch::Http::ParameterFilter which is deprecated in Rails 6

• Fix error catching of nested model operations

• Fix error handling of sub operations

• Add view to operation contexts that contains the view_context. Only use this for frontend operations that are always called from within a controller.

• Expose op_context as a view helper method. This is useful for instantiating new (view) operations from within views and helpers.

1.0.2 (2019-01-29)

• Fix mass assignment protection errors under Rails 3

1.0.1 (2019-01-29)

• Fix reliance on ActionController::Parameters. Now the strong parameter check is only enforced if ActionController::Parameters actually exists.

• Fix missing require

• Fix compatibility with ruby < 2.3.0

1.0.0 (2019-01-23)

• First stable release after being battle-tested over an extended period of time.

Prior to 1.0.0 (beta releases)

1.0.0.beta15 (2018-12-11)

• Add method authorize_called! to manually mark authorization as called for a specific operation.

1.0.0.beta14 (2018-11-29)

• Fix bug with jRuby 9.2 where operation class name got mutated when inspecting it (see jruby/jruby#5480).

1.0.0.beta13 (2018-10-15)

• Explain how to setup load paths in readme

1.0.0.beta12 (2018-08-14)

• Exclude param named escape from op_params.

1.0.0.beta11 (2018-07-31)

• Exclude param named _ from op_params. This allows to use cache: false with jQuery.ajax.

1.0.0.beta10 (2018-07-18)

• Allow model name override for all models using RailsOps::ModelMixins. This means you can also specify a model name for models not inheriting from RailsOps::VirtualModel, i.e.:

  model User, 'ModelNameOverride'

1.0.0.beta9 (2018-07-04)

• Keep stack trace on exceptions rethrown by with_rollback_on_exception.

1.0.0.beta8 (2018-05-15)

• Make sure that original state is always restored after calling RailsOps.without_authorization, even in case of an exception.

1.0.0.beta7 (2017-12-19)

• #2 Get rid of protected attributes functionality

1.0.0.beta6 (2017-11-27)

• Fix #6 Exceptions in profiler are not re-thrown

1.0.0.beta5 (2017-11-27)

• Fix #5 Measure for object_id ... not finished

1.0.0.beta4 (2017-11-16)

• Fix a bug where nested models are saved at build time in update operations in some cases.

1.0.0.beta3 (2017-09-20)

• Fixed log subscription

1.0.0.beta2 (2017-09-20)

• Added rubygems badge to readme

• Corrected gem summary

1.0.0.beta1 (2017-06-19)

• Initial version as extracted from project

• Start of change log