Update ransack to 4.x #2224
Merged
Update ransack to 4.x #2224
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eddierubeiz
reviewed
Jun 23, 2023
| # For ransack use, we need to list all attributes we want to use ransack to SEARCH or SORT by. | ||
| # | ||
| # We really probably oughta stop using ransack, I hate having this in the model. | ||
| def self.ransackable_attributes(auth_obj=nil) |
eddierubeiz
approved these changes
Jun 23, 2023
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We use ransack to avoid some boilerplate in our admin dashboards, around sorting and filtering on Collection and Work lists.
Ransack 4.0 has a backwards breaking change where you NEED to list all attributes you want ransack to operate on in allowlist methods in the model (Work or Collection).
It's not much well-documented, but see activerecord-hackery/ransack#1400
This is a security improvement, there were some potential holes there. (Mostly not applicable to use, because our own uses of ransack are all behind admin logins, but still better to be a tight ship -- and stay on the latest dependencies generally).
I really don't like having to add methods to the MODELS. This would ideally have been controller-level. But that's not what ransack chose. In general, ransack seems to be kind of barely maintained (see lack of docs for this change, for instance)... I'd love to move away from it. We actually barely use it, the main convenient thing it does for us involves those SORT headers, where you can click on any header to sort ASC or DESC. Without ransack it'd be a lot of boilerplate. Perhaps we should extract the parts that just do that into it's own gem or something.
But meanwhile, we get everything working for ransack 4.0.
Unfortunately, if we MISSED an attribute in the allowlist -- the default behavior is just for it to no-op not include it in the search/sort. But i've tested everything manually pretty thoroughly on admin Work and Collection, which seems via a sourcecode search to be only place we use ransack. I've tried turning on the ransack configuration to RAISE -- only in dev and test -- instead of silently ignoring. But that does not seem to actually work for sorting, our main use case. activerecord-hackery/ransack#1427
Commits:
This PR is built on top of #2223 and that needs to be merged first.