Ransackable scopes

[stas]

What is the current behavior?

ActiveRecord scopes can't be used in filters. This supersedes the #54

What is the new behavior?

You can use scopes for filtering as well, to enable scopes, use the option
flags:

options = { allowed_scopes: User.ransackable_scopes }
jsonapi_filter(User.all, [:created_before], options) do |filtered|
  render jsonapi: result.group('id').to_a
end

Assuming your model User has the following scope defined:

class User < ActiveRecord::Base
  scope :created_before, ->(date) { where('created_at < ?', date) }
  def self.ransackable_scopes(_auth_object = nil)
    [:created_before]
  end
end

This allows you to run queries like:

$ curl -X GET /api/resources?filter[created_before]='2021-01-29'

Checklist

Please make sure the following requirements are complete:

• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes /
  features)
• All automated checks pass (CI/CD)

[mamhoff]

Thank you for taking this over! I like your solution, but I have a question regarding requiring the scope's name to be an allowed_field.

Also, thank you for maintaining these gems, they really help us!

[mamhoff]

Hm, given that we handle scopes separately already, I don't really see why we should add the scopes to the allowed_fields array as well. Most scopes will have names that don't directly match the name of a field, so I think this would be a little confusing.

However, I might be missing something as well!

[stas]

Most scopes will have names that don't directly match the name of a field, so I think this would be a little confusing.

Yup, I was thinking about it too and the only reason I'd leave it explicit, is because there might be scopes that can conflict with the field name. My concern is that we might accidentally enable a scope as filterable without the user being aware of it.

@fluxsaas would be nice to get your opinion on this too. 🙇

[curtis741]

Any updates on this idea?

Was just trying to do this today.

[tvdeyen]

@stas we really would like to have this. Is there anything we can do to make it happen? Happy to contribute. I actually know @mamhoff personally and we work on the same app :)

[barberj]

Also just ran into this

[BenAkroyd]

Dealing with this now, nice solution!

[stas]

I'll have to make it backwards compatible, but definitely could have it released by next week. Ty ty for bringing it all up!

[fastfedora]

Checking in on this status as well. Any updates?

[pelargir]

Any updates? This would be very helpful to get merged.

[jrpolidario]

Just in case it may help anyone, my workaround for this is something like below:

jsonapi_filter(User.all, [:created_before], options) do |filtered|
  whitelisted_scopes_params = params[:filter].permit!.slice(*User.ransackable_scopes)
  records = filtered.result.ransack(whitelisted_scopes_params).result
        
  render jsonapi: records
end