Merge pull request #49 from Lomkit/fix/memory-leak

Fix/memory leak

Author: GautierDele

src/Console/stubs/action.stub

@@ -26,7 +26,7 @@ class {{ class }} extends RestAction
      * @param  \Lomkit\Rest\Http\Requests\RestRequest $request
      * @return array
      */
-    public function fields(\Lomkit\Rest\Http\Requests\RestRequest $request)
+    public function fields(\Lomkit\Rest\Http\Requests\RestRequest $request): array
     {
         return [
             'id' => [

src/Console/stubs/instruction.stub

@@ -24,7 +24,7 @@ class {{ class }} extends RestInstruction
      * @param  \Lomkit\Rest\Http\Requests\RestRequest $request
      * @return array
      */
-    public function fields(\Lomkit\Rest\Http\Requests\RestRequest $request)
+    public function fields(\Lomkit\Rest\Http\Requests\RestRequest $request): array
     {
         return [
             'id' => [

src/Documentation/Schemas/RequestBody.php

@@ -191,6 +191,9 @@ public function generateSearch(Controller $controller): RequestBody
                                                 ],
                                             ],
                                         ],
+                                        'gates' => [
+                                            'create',
+                                        ],
                                         'page'  => 2,
                                         'limit' => 10,
                                     ]

src/Http/Requests/SearchRequest.php

@@ -52,6 +52,7 @@ public function searchRules(Resource $resource, $prefix = '', $isRootSearchRules
             [
                 'limit' => ['sometimes', 'integer', Rule::in($resource->getLimits($this))],
                 'page'  => ['sometimes', 'integer'],
+                'gates' => ['sometimes', 'array', Rule::in(['viewAny', 'view', 'create', 'update', 'delete', 'restore', 'forceDelete'])],
             ],
             $isRootSearchRules ? ['includes' => ['sometimes', 'array']] : [],
             $isRootSearchRules ? $this->includesRules($resource) : [],

src/Http/Resource.php

@@ -133,7 +133,7 @@ public function getAuthorizationCacheKey(RestRequest $request, string $identifie
     /**
      * Determine for how much time the authorization cache should be keeped.
      *
-     * @return \DateTimeInterface|\DateInterval|float|int|null
+     * @return \DateTimeInterface|\DateInterval
      */
     public function cacheAuthorizationFor()
     {
@@ -172,7 +172,7 @@ public function getResourceCacheKey(RestRequest $request, string $identifier)
     /**
      * Determine for how much time the resource cache should be keeped.
      *
-     * @return \DateTimeInterface|\DateInterval|float|int|null
+     * @return \DateTimeInterface|\DateInterval
      */
     public function cacheResourceFor()
     {

src/Http/Response.php

@@ -7,7 +7,6 @@
 use Illuminate\Database\Eloquent\Relations\Pivot;
 use Illuminate\Pagination\LengthAwarePaginator;
 use Illuminate\Support\Collection;
-use Illuminate\Support\Facades\Gate;
 use Illuminate\Support\Str;
 use Lomkit\Rest\Http\Requests\RestRequest;
 use Lomkit\Rest\Relations\Relation;
@@ -31,15 +30,15 @@ public function resource(Resource $resource)
         });
     }
 
-    protected function buildGatesForModel(Model $model)
+    protected function buildGatesForModel(Model $model, Resource $resource, array $gates)
     {
-        return [
-            config('rest.automatic_gates.names.authorized_to_view')         => Gate::allows('view', $model),
-            config('rest.automatic_gates.names.authorized_to_update')       => Gate::allows('update', $model),
-            config('rest.automatic_gates.names.authorized_to_delete')       => Gate::allows('delete', $model),
-            config('rest.automatic_gates.names.authorized_to_restore')      => Gate::allows('restore', $model),
-            config('rest.automatic_gates.names.authorized_to_force_delete') => Gate::allows('forceDelete', $model),
-        ];
+        return array_merge(
+            in_array('view', $gates) ? [config('rest.automatic_gates.names.authorized_to_view')         => $resource->authorizedTo('view', $model)] : [],
+            in_array('update', $gates) ? [config('rest.automatic_gates.names.authorized_to_update')         => $resource->authorizedTo('update', $model)] : [],
+            in_array('delete', $gates) ? [config('rest.automatic_gates.names.authorized_to_delete')         => $resource->authorizedTo('delete', $model)] : [],
+            in_array('restore', $gates) ? [config('rest.automatic_gates.names.authorized_to_restore')         => $resource->authorizedTo('restore', $model)] : [],
+            in_array('forceDelete', $gates) ? [config('rest.automatic_gates.names.authorized_to_force_delete')         => $resource->authorizedTo('forceDelete', $model)] : [],
+        );
     }
 
     public function modelToResponse(Model $model, Resource $resource, array $requestArray, Relation $relation = null)
@@ -54,26 +53,26 @@ public function modelToResponse(Model $model, Resource $resource, array $request
             collect($model->attributesToArray())
                 ->only(
                     array_merge(
-                        isset($requestArray['selects']) ?
-                                collect($requestArray['selects'])->pluck('field')->toArray() :
+                        isset($currentRequestArray['selects']) ?
+                                collect($currentRequestArray['selects'])->pluck('field')->toArray() :
                                 $resource->getFields(app()->make(RestRequest::class)),
                         // Here we add the aggregates
-                        collect($requestArray['aggregates'] ?? [])
+                        collect($currentRequestArray['aggregates'] ?? [])
                             ->map(function ($aggregate) {
                                 return Str::snake($aggregate['relation']).'_'.$aggregate['type'].(isset($aggregate['field']) ? '_'.$aggregate['field'] : '');
                             })
                             ->toArray()
                     )
                 )
-                ->when($resource->isAutomaticGatingEnabled(), function ($attributes) use ($model) {
+                ->when($resource->isAutomaticGatingEnabled() && isset($currentRequestArray['gates']), function ($attributes) use ($currentRequestArray, $resource, $model) {
                     return $attributes->put(
                         config('rest.automatic_gates.key'),
-                        $this->buildGatesForModel($model)
+                        $this->buildGatesForModel($model, $resource, $currentRequestArray['gates'])
                     );
                 })
                 ->toArray(),
             collect($model->getRelations())
-                ->mapWithKeys(function ($modelRelation, $relationName) use ($requestArray, $relation, $resource) {
+                ->mapWithKeys(function ($modelRelation, $relationName) use ($requestArray, $currentRequestArray, $relation, $resource) {
                     $key = Str::snake($relationName);
 
                     if (is_null($modelRelation)) {
@@ -90,7 +89,7 @@ public function modelToResponse(Model $model, Resource $resource, array $request
 
                     $relationConcrete = $resource->relation($relationName);
                     $relationResource = $relationConcrete->resource();
-                    $requestArrayRelation = collect($requestArray['includes'])
+                    $requestArrayRelation = collect($currentRequestArray['includes'] ?? [])
                         ->first(function ($include) use ($relationName) {
                             return preg_match('/(?:\.\b)?'.$relationName.'\b/', $include['relation']);
                         });
@@ -128,9 +127,9 @@ public function toResponse($request)
                 $this->responsable->perPage(),
                 $this->responsable->currentPage(),
                 $this->responsable->getOptions(),
-                $this->resource->isAutomaticGatingEnabled() ? [
+                $this->resource->isAutomaticGatingEnabled() && in_array('create', $request->input('gates', [])) ? [
                     config('rest.automatic_gates.key') => [
-                        config('rest.automatic_gates.names.authorized_to_create') => Gate::allows('create', $this->resource::newModel()::class),
+                        config('rest.automatic_gates.names.authorized_to_create') => $this->resource->authorizedTo('create', $this->resource::newModel()::class),
                     ],
                 ] : []
             );
@@ -148,11 +147,13 @@ public function toResponse($request)
 
         return [
             'data' => $data ?? $this->map($this->responsable, $this->modelToResponse($this->responsable, $this->resource, $request->input())),
-            'meta' => [
-                config('rest.automatic_gates.key') => [
-                    config('rest.automatic_gates.names.authorized_to_create') => Gate::allows('create', $this->resource::newModel()::class),
-                ],
-            ],
+            'meta' => array_merge(
+                $this->resource->isAutomaticGatingEnabled() && in_array('create', $request->input('gates', [])) ? [
+                    config('rest.automatic_gates.key') => [
+                        config('rest.automatic_gates.names.authorized_to_create') => $this->resource->authorizedTo('create', $this->resource::newModel()::class),
+                    ],
+                ] : []
+            ),
         ];
     }
 

tests/Feature/Controllers/AutomaticGatingTest.php

@@ -6,8 +6,10 @@
 use Lomkit\Rest\Http\Requests\RestRequest;
 use Lomkit\Rest\Tests\Feature\TestCase;
 use Lomkit\Rest\Tests\Support\Database\Factories\BelongsToManyRelationFactory;
+use Lomkit\Rest\Tests\Support\Database\Factories\HasManyRelationFactory;
 use Lomkit\Rest\Tests\Support\Database\Factories\ModelFactory;
 use Lomkit\Rest\Tests\Support\Models\BelongsToManyRelation;
+use Lomkit\Rest\Tests\Support\Models\HasManyRelation;
 use Lomkit\Rest\Tests\Support\Models\Model;
 use Lomkit\Rest\Tests\Support\Policies\CreatePolicy;
 use Lomkit\Rest\Tests\Support\Policies\DeletePolicy;
@@ -32,7 +34,7 @@ public function test_searching_automatic_gated_resource(): void
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['create', 'view', 'update', 'delete', 'forceDelete', 'restore'],
             ],
             ['Accept' => 'application/json']
         );
@@ -92,7 +94,7 @@ public function test_searching_automatic_gated_resource_with_create_policy(): vo
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['create', 'view'],
             ],
             ['Accept' => 'application/json']
         );
@@ -105,10 +107,6 @@ public function test_searching_automatic_gated_resource_with_create_policy(): vo
                 [
                     'gates' => [
                         'authorized_to_view'         => false,
-                        'authorized_to_update'       => false,
-                        'authorized_to_delete'       => false,
-                        'authorized_to_restore'      => false,
-                        'authorized_to_force_delete' => false,
                     ],
                 ],
             ]
@@ -128,7 +126,7 @@ public function test_searching_automatic_gated_resource_with_view_policy(): void
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['view', 'create'],
             ],
             ['Accept' => 'application/json']
         );
@@ -141,10 +139,6 @@ public function test_searching_automatic_gated_resource_with_view_policy(): void
                 [
                     'gates' => [
                         'authorized_to_view'         => true,
-                        'authorized_to_update'       => false,
-                        'authorized_to_delete'       => false,
-                        'authorized_to_restore'      => false,
-                        'authorized_to_force_delete' => false,
                     ],
                 ],
             ]
@@ -164,7 +158,7 @@ public function test_searching_automatic_gated_resource_with_update_policy(): vo
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['update'],
             ],
             ['Accept' => 'application/json']
         );
@@ -176,17 +170,13 @@ public function test_searching_automatic_gated_resource_with_update_policy(): vo
             [
                 [
                     'gates' => [
-                        'authorized_to_view'         => false,
                         'authorized_to_update'       => true,
-                        'authorized_to_delete'       => false,
-                        'authorized_to_restore'      => false,
-                        'authorized_to_force_delete' => false,
                     ],
                 ],
             ]
         );
         $response->assertJson(
-            ['meta' => ['gates' => ['authorized_to_create' => false]]]
+            ['meta' => []]
         );
     }
 
@@ -200,7 +190,7 @@ public function test_searching_automatic_gated_resource_with_delete_policy(): vo
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['create', 'delete'],
             ],
             ['Accept' => 'application/json']
         );
@@ -212,11 +202,7 @@ public function test_searching_automatic_gated_resource_with_delete_policy(): vo
             [
                 [
                     'gates' => [
-                        'authorized_to_view'         => false,
-                        'authorized_to_update'       => false,
                         'authorized_to_delete'       => true,
-                        'authorized_to_restore'      => false,
-                        'authorized_to_force_delete' => false,
                     ],
                 ],
             ]
@@ -236,7 +222,7 @@ public function test_searching_automatic_gated_resource_with_restore_policy(): v
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['restore', 'view'],
             ],
             ['Accept' => 'application/json']
         );
@@ -249,16 +235,13 @@ public function test_searching_automatic_gated_resource_with_restore_policy(): v
                 [
                     'gates' => [
                         'authorized_to_view'         => false,
-                        'authorized_to_update'       => false,
-                        'authorized_to_delete'       => false,
                         'authorized_to_restore'      => true,
-                        'authorized_to_force_delete' => false,
                     ],
                 ],
             ]
         );
         $response->assertJson(
-            ['meta' => ['gates' => ['authorized_to_create' => false]]]
+            ['meta' => []]
         );
     }
 
@@ -272,7 +255,7 @@ public function test_searching_automatic_gated_resource_with_force_delete_policy
         $response = $this->post(
             '/api/automatic-gating/search',
             [
-
+                'gates' => ['forceDelete', 'create'],
             ],
             ['Accept' => 'application/json']
         );
@@ -284,10 +267,6 @@ public function test_searching_automatic_gated_resource_with_force_delete_policy
             [
                 [
                     'gates' => [
-                        'authorized_to_view'         => false,
-                        'authorized_to_update'       => false,
-                        'authorized_to_delete'       => false,
-                        'authorized_to_restore'      => false,
                         'authorized_to_force_delete' => true,
                     ],
                 ],
@@ -316,11 +295,15 @@ public function test_searching_automatic_gated_resource_with_belongs_to_many_rel
                 'includes' => [
                     [
                         'relation' => 'belongsToManyRelation',
+                        'gates'    => ['view'],
                     ],
                 ],
                 'sorts' => [
                     ['field' => 'id', 'direction' => 'asc'],
                 ],
+                'gates' => [
+                    'view', 'update', 'create', 'delete', 'restore', 'forceDelete',
+                ],
             ],
             ['Accept' => 'application/json']
         );
@@ -368,8 +351,44 @@ public function test_searching_automatic_gated_resource_with_belongs_to_many_rel
                 ],
             ]
         );
+        $this->assertArrayNotHasKey(
+            'gates',
+            $response->json('data.0.belongs_to_many_relation.0')
+        );
         $response->assertJson(
             ['meta' => ['gates' => ['authorized_to_create' => true]]]
         );
     }
+
+    public function test_searching_automatic_gated_resource_with_not_requested_includes_gates(): void
+    {
+        ModelFactory::new()
+            ->count(10)
+            ->has(
+                HasManyRelationFactory::new()
+                    ->count(10)
+            )
+            ->create();
+
+        Gate::policy(Model::class, GreenPolicy::class);
+        Gate::policy(HasManyRelation::class, GreenPolicy::class);
+
+        $response = $this->post(
+            '/api/automatic-gating/search',
+            [
+                'includes' => [
+                    [
+                        'relation' => 'hasManyRelation',
+                    ],
+                ],
+                'gates' => ['view', 'create', 'update', 'delete', 'restore', 'forceDelete'],
+            ],
+            ['Accept' => 'application/json']
+        );
+
+        $this->assertArrayNotHasKey(
+            'gates',
+            $response->json('data.0.has_many_relation.0')
+        );
+    }
 }