Merge pull request #163 from GautierDele/main

alexzarbn · web-flow · commit 08c0505d2916 · 2022-07-16T18:29:29.000+04:00
feat: ✨ nested filters
diff --git a/config/orion.php b/config/orion.php
@@ -34,5 +34,19 @@
     ],
     'search' => [
         'case_sensitive' => true, // TODO: set to "false" by default in 3.0 release
-    ]
+            /*
+            |--------------------------------------------------------------------------
+            | Max Nested Depth
+            |--------------------------------------------------------------------------
+            |
+            | This value is the maximum depth of nested filters
+            | you will most likely need this to be maximum at 1 but
+            | you can increase this number if necessary. Please
+            | be aware that the depth generate dynamic rules and can slow
+            | your application if someone sends a request with thousands of nested
+            | filters.
+            |
+            */
+        'max_nested_depth' => 1
+    ],
 ];
diff --git a/src/Drivers/Standard/ParamsValidator.php b/src/Drivers/Standard/ParamsValidator.php
@@ -47,25 +47,56 @@ public function validateScopes(Request $request): void
 
     public function validateFilters(Request $request): void
     {
+        $max_depth = floor($this->getArrayDepth($request->all()['filters']) / 2);
+        $config_max_nested_depth = config('orion.search.max_nested_depth', 1);
+
+        abort_if($max_depth > $config_max_nested_depth, 422, __('Max nested depth :depth is exceeded', ['depth' => $config_max_nested_depth]));
+
         Validator::make(
             $request->all(),
-            [
+            array_merge([
                 'filters' => ['sometimes', 'array'],
-                'filters.*.type' => ['sometimes', 'in:and,or'],
-                'filters.*.field' => [
-                    'required_with:filters',
-                    'regex:/^[\w.\_\-\>]+$/',
-                    new WhitelistedField($this->filterableBy),
-                ],
-                'filters.*.operator' => [
-                    'sometimes',
-                    'in:<,<=,>,>=,=,!=,like,not like,ilike,not ilike,in,not in,all in,any in',
-                ],
-                'filters.*.value' => ['present', 'nullable'],
-            ]
+            ], $this->getNestedRules('filters', $max_depth))
         )->validate();
     }
 
+    protected function getNestedRules($prefix, $max_depth, $rules = [], $current_depth = 1) {
+        $rules = array_merge($rules, [
+            $prefix.'.*.type' => ['sometimes', 'in:and,or'],
+            $prefix.'.*.field' => [
+                "required_without:{$prefix}.*.nested",
+                'regex:/^[\w.\_\-\>]+$/',
+                new WhitelistedField($this->filterableBy),
+            ],
+            $prefix.'.*.operator' => [
+                'sometimes',
+                'in:<,<=,>,>=,=,!=,like,not like,ilike,not ilike,in,not in,all in,any in',
+            ],
+            $prefix.'.*.value' => ['nullable'],
+            $prefix.'.*.nested' => ['sometimes', 'array', "prohibits:{$prefix}.*.operator,{$prefix}.*.value,{$prefix}.*.field"],
+        ]);
+
+        if ($max_depth >= $current_depth) {
+            $rules = array_merge($rules, $this->getNestedRules("{$prefix}.*.nested", $max_depth, $rules, ++$current_depth));
+        }
+
+        return $rules;
+    }
+
+    protected function getArrayDepth($array) {
+        $max_depth = 0;
+
+        foreach ($array as $value) {
+            if (is_array($value)) {
+                $depth = $this->getArrayDepth($value) + 1;
+
+                $max_depth = max($depth, $max_depth);
+            }
+        }
+
+        return $max_depth;
+    }
+
     public function validateSort(Request $request): void
     {
         Validator::make(
diff --git a/src/Drivers/Standard/QueryBuilder.php b/src/Drivers/Standard/QueryBuilder.php
@@ -116,7 +116,9 @@ public function applyFiltersToQuery($query, Request $request, array $filterDescr
         foreach ($filterDescriptors as $filterDescriptor) {
             $or = Arr::get($filterDescriptor, 'type', 'and') === 'or';
 
-            if (strpos($filterDescriptor['field'], '.') !== false) {
+            if (is_array($childrenDescriptors = Arr::get($filterDescriptor, 'nested'))) {
+                $query->{$or ? 'orWhere' : 'where'}(function ($query) use ($request, $childrenDescriptors) { $this->applyFiltersToQuery($query, $request, $childrenDescriptors); });
+            } elseif (strpos($filterDescriptor['field'], '.') !== false) {
                 $relation = $this->relationsResolver->relationFromParamConstraint($filterDescriptor['field']);
                 $relationField = $this->relationsResolver->relationFieldFromParamConstraint($filterDescriptor['field']);
 
diff --git a/src/Specs/Builders/Partials/RequestBody/Search/FiltersBuilder.php b/src/Specs/Builders/Partials/RequestBody/Search/FiltersBuilder.php
@@ -14,30 +14,37 @@ public function build(): ?array
             return null;
         }
 
+        $filters = [
+            'type' => [
+                'type' => 'string',
+                'enum' => ['and', 'or'],
+            ],
+            'field' => [
+                'type' => 'string',
+                'enum' => $this->controller->filterableBy(),
+            ],
+            'operator' => [
+                'type' => 'string',
+                'enum' => ['<','<=','>','>=','=','!=','like','not like','ilike','not ilike','in','not in', 'all in', 'any in'],
+            ],
+            'value' => [
+                'type' => 'string',
+            ]
+        ];
+
         return [
             'type' => 'array',
             'items' => [
                 'type' => 'object',
-                'properties' => [
-                    'type' => [
-                        'type' => 'string',
-                        'enum' => ['and', 'or'],
-                    ],
-                    'field' => [
-                        'type' => 'string',
-                        'enum' => $this->controller->filterableBy(),
-                    ],
-                    'operator' => [
-                        'type' => 'string',
-                        'enum' => ['<','<=','>','>=','=','!=','like','not like','ilike','not ilike','in','not in', 'all in', 'any in'],
-                    ],
-                    'value' => [
-                        'type' => 'string',
+                'properties' => array_merge($filters, [
+                    'nested' => [
+                        'type' => 'array',
+                        'items' => [
+                            'type' => 'object',
+                            'properties' => $filters
+                        ]
                     ]
-                ],
-                'required' => [
-                    'field', 'value'
-                ]
+                ])
             ]
         ];
     }
diff --git a/tests/Feature/StandardIndexNestedFilteringOperationsTest.php b/tests/Feature/StandardIndexNestedFilteringOperationsTest.php
@@ -0,0 +1,116 @@
+<?php
+
+namespace Orion\Tests\Feature;
+
+use Carbon\Carbon;
+use Illuminate\Support\Facades\Gate;
+use Orion\Tests\Fixtures\App\Models\Company;
+use Orion\Tests\Fixtures\App\Models\Post;
+use Orion\Tests\Fixtures\App\Models\Team;
+use Orion\Tests\Fixtures\App\Models\User;
+use Orion\Tests\Fixtures\App\Policies\GreenPolicy;
+
+class StandardIndexNestedFilteringOperationsTest extends TestCase
+{
+    /** @test */
+    public function getting_a_list_of_resources_nested_filtered_by_model_field_using_default_operator(): void
+    {
+        $matchingPost = factory(Post::class)->create(['title' => 'match'])->fresh();
+        factory(Post::class)->create(['title' => 'not match'])->fresh();
+
+        Gate::policy(Post::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/posts/search',
+            [
+                'filters' => [
+                    ['field' => 'title', 'operator' => 'in' ,'value' => ['match', 'not_match']],
+                    ['nested' => [
+                        ['field' => 'title', 'value' => 'match'],
+                        ['field' => 'title', 'operator' => '!=', 'value' => 'not match']
+                    ]],
+                ],
+            ]
+        );
+
+        $this->assertResourcesPaginated(
+            $response,
+            $this->makePaginator([$matchingPost], 'posts/search')
+        );
+    }
+
+    /** @test */
+    public function getting_a_list_of_resources_nested_filtered_by_model_field_using_equal_operator_and_or_type(): void
+    {
+        $matchingPost = factory(Post::class)->create(['title' => 'match'])->fresh();
+        $anotherMatchingPost = factory(Post::class)->create(['position' => 3])->fresh();
+        factory(Post::class)->create(['title' => 'not match'])->fresh();
+
+        Gate::policy(Post::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/posts/search',
+            [
+                'filters' => [
+                    ['field' => 'title', 'operator' => '=', 'value' => 'match'],
+                    ['type' => 'or', 'nested' => [
+                        ['field' => 'position', 'operator' => '=', 'value' => 3],
+                    ]],
+                ],
+            ]
+        );
+
+        $this->assertResourcesPaginated(
+            $response,
+            $this->makePaginator([$matchingPost, $anotherMatchingPost], 'posts/search')
+        );
+    }
+
+    /** @test */
+    public function getting_a_list_of_resources_nested_filtered_by_model_field_using_not_equal_operator(): void
+    {
+        $matchingPost = factory(Post::class)->create(['position' => 4])->fresh();
+        factory(Post::class)->create(['position' => 5])->fresh();
+
+        Gate::policy(Post::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/posts/search',
+            [
+                'filters' => [
+                    ['nested' => [
+                        ['field' => 'position', 'operator' => '!=', 'value' => 5]
+                    ]],
+                ],
+            ]
+        );
+
+        $this->assertResourcesPaginated(
+            $response,
+            $this->makePaginator([$matchingPost], 'posts/search')
+        );
+    }
+
+    /** @test */
+    public function getting_a_list_of_resources_nested_filtered_by_not_whitelisted_field(): void
+    {
+        factory(Post::class)->create(['body' => 'match'])->fresh();
+        factory(Post::class)->create(['body' => 'not match'])->fresh();
+
+        Gate::policy(Post::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/posts/search',
+            [
+                'filters' => [
+                    ['nested' => [
+                        ['field' => 'body', 'operator' => '=', 'value' => 'match']
+                    ]],
+                ],
+            ]
+        );
+
+        $response->assertStatus(422);
+        $response->assertJsonStructure(['message', 'errors' => ['filters.0.nested.0.field']]);
+    }
+}
diff --git a/tests/Fixtures/app/Providers/OrionServiceProvider.php b/tests/Fixtures/app/Providers/OrionServiceProvider.php
@@ -45,6 +45,8 @@ public function boot()
     {
         app()->make(Kernel::class)->pushMiddleware(EnforceExpectsJson::class);
 
+        $this->mergeConfigFrom(__DIR__ . '/../../../../config/orion.php', 'orion');
+
         $this->loadRoutesFrom(__DIR__.'/../../routes/api.php');
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,8 @@ public function boot()`
`45`	`45`	`{`
`46`	`46`	`app()->make(Kernel::class)->pushMiddleware(EnforceExpectsJson::class);`
`47`	`47`
	`48`	`+ $this->mergeConfigFrom(__DIR__ . '/../../../../config/orion.php', 'orion');`
	`49`	`+`
`48`	`50`	`$this->loadRoutesFrom(__DIR__.'/../../routes/api.php');`
`49`	`51`	`}`
`50`	`52`	`}`