Do not display eager fields on index requests. (#293)

* Do not display eager fields on index requests.

* Apply fixes from StyleCI (#294)

* Fix unit tests.

* wip

* wip

Author: binaryk

UPGRADING.md

@@ -5,7 +5,18 @@ Because there are many breaking changes an upgrade is not that easy. There are m
 ## From v3 to v4
 
 - Dropped support for laravel passport
+- Now you have to explicitly define the `allowRestify` method in the model policy, by default Restify don't allow you to use repositories.
+- `viewAny` policy is not used anymore, you can delete it.
 - The default exception handler is the Laravel one, see `restify.php -> handler`
 - `fillCallback` signature has changed
 - By default it will do not allow you to attach `belongsToMany` and `morphToMany` relationships. You will have to add `BelongsToMany` or `MorphToMany` field into your repository
+- All of the `Repository` getter methods should declare the returned type, for instance the `fieldsForIndex` method should say that it returns an `:array` 
+- Attach endpoint:
+```php
+"api/restify/users/{$user->id}/attach/roles", [
+    'roles' => [$role->id],
+]
+```
+now requires to have a `Binaryk\LaravelRestify\Fields\BelongsToMany` or `Binaryk\LaravelRestify\Fields\MorphToMany` field to be defined in the repository.
 
+- Field method `append` renamed to `value`.

docs/docs/4.0/repository-pattern/field.md

@@ -158,18 +158,18 @@ Field::new('password')->showRequest(function ($value) {
 });
 ```
 
-## Append Callback
+## Value Callback
 
-Usually, there is necessary to store a field as `Auth::id()`. This field will be automatically populated by Restify if you specify the `append` value for it:
+Usually, there is necessary to store a field as `Auth::id()`. This field will be automatically populated by Restify if you specify the `value` value for it:
 
 ```php
-Field::new('user_id')->append(Auth::id());
+Field::new('user_id')->value(Auth::id());
 ```
 
 or using a closure:
 
 ```php
-Field::new('user_id')->hidden()->append(function(RestifyRequest $request, $model, $attribute) {
+Field::new('user_id')->hidden()->value(function(RestifyRequest $request, $model, $attribute) {
     return $request->user()->id;
 });
 ```
@@ -190,10 +190,10 @@ Field can be setup as hidden:
 Field::new('token')->hidden(); // this will not be visible 
 ```
 
-However, you can populate the field value when the entity is stored, by using `append`:
+However, you can populate the field value when the entity is stored, by using `value`:
 
 ```php
-Field::new('token')->append(Str::random(32))->hidden();
+Field::new('token')->value(Str::random(32))->hidden();
 ```
 
 # Variations

src/Fields/Field.php

@@ -106,7 +106,7 @@ class Field extends OrganicField implements JsonSerializable
      *
      * @var callable
      */
-    protected $appendCallback;
+    protected $valueCallback;
 
     /**
      * Closure be used to be called after the field value stored.
@@ -217,7 +217,7 @@ public function fillAttribute(RestifyRequest $request, $model, int $bulkRow = nu
         }
 
         if ($this->isHidden($request)) {
-            return $this->fillAttributeFromAppend(
+            return $this->fillAttributeFromValue(
                 $request, $model, $this->label ?? $this->attribute
             );
         }
@@ -226,7 +226,11 @@ public function fillAttribute(RestifyRequest $request, $model, int $bulkRow = nu
             $request, $model, $this->label ?? $this->attribute, $bulkRow
         );
 
-        $this->fillAttributeFromAppend(
+        $this->fillAttributeFromCallback(
+            $request, $model, $this->label ?? $this->attribute, $bulkRow
+        );
+
+        $this->fillAttributeFromValue(
             $request, $model, $this->label ?? $this->attribute, $bulkRow
         );
 
@@ -247,29 +251,48 @@ protected function fillAttributeFromRequest(RestifyRequest $request, $model, $at
             ? $attribute
             : "{$bulkRow}.{$attribute}";
 
-        tap(($request->input($attribute) ?? $request[$attribute]), fn ($value) => $model->{$this->attribute} = is_callable($cb = $this->guessFillableMethod($request))
-            ? call_user_func($cb, $value, $request, $model, $attribute, $bulkRow)
-            : ($request->has($attribute) ? $value : $model->{$this->attribute})
+        if (! ($request->exists($attribute) || $request->input($attribute))) {
+            return;
+        }
+
+        tap(($request->input($attribute) ?? $request[$attribute]), fn ($value) => $model->{$this->attribute} = $request->has($attribute)
+            ? $value
+            : $model->{$this->attribute}
         );
     }
 
     /**
-     * Fill the model with the value from append.
+     * Fill the model with value from the callback.
+     *
+     * @param RestifyRequest $request
+     * @param $model
+     * @param $attribute
+     * @param int|null $bulkRow
+     */
+    protected function fillAttributeFromCallback(RestifyRequest $request, $model, $attribute, int $bulkRow = null)
+    {
+        if (is_callable($cb = $this->guessFillableMethod($request))) {
+            $model->{$this->attribute} = call_user_func($cb, $request, $model, $attribute, $bulkRow);
+        }
+    }
+
+    /**
+     * Fill the model with the value from value.
      *
      * @param RestifyRequest $request
      * @param $model
      * @param $attribute
      * @return Field
      */
-    protected function fillAttributeFromAppend(RestifyRequest $request, $model, $attribute)
+    protected function fillAttributeFromValue(RestifyRequest $request, $model, $attribute)
     {
-        if (! isset($this->appendCallback)) {
+        if (! isset($this->valueCallback)) {
             return;
         }
 
-        $model->{$attribute} = is_callable($this->appendCallback)
-            ? call_user_func($this->appendCallback, $request, $model, $attribute)
-            : $this->appendCallback;
+        $model->{$attribute} = is_callable($this->valueCallback)
+            ? call_user_func($this->valueCallback, $request, $model, $attribute)
+            : $this->valueCallback;
 
         return $this;
     }
@@ -568,18 +591,28 @@ public function hidden($callback = true)
     }
 
     /**
-     * Append values when store/update.
+     * Force set values when store/update.
      *
      * @param callable|string $value
      * @return $this
      */
-    public function append($value)
+    public function value($value)
     {
-        $this->appendCallback = $value;
+        $this->valueCallback = $value;
 
         return $this;
     }
 
+    /**
+     * @param $value
+     * @return $this
+     * @deprecated
+     */
+    public function append($value)
+    {
+        return $this->value($value);
+    }
+
     public function setRepository(Repository $repository): Field
     {
         $this->repository = $repository;

src/Repositories/Concerns/InteractsWithAttachers.php

@@ -20,7 +20,7 @@ public function authorizeBelongsToMany(RestifyRequest $request): self
     {
         if (is_null($field = $this->belongsToManyField($request))) {
             $class = class_basename($request->repository());
-            abort(400, "Missing BelongsToMany or MorphToMany field for [{$request->relatedRepository}]. This field should be in the [{$class}] class.");
+            abort(400, "Missing BelongsToMany or MorphToMany field for [{$request->relatedRepository}]. This field should be in the [{$class}] class. Or you are not authorized to use that repository (see `allowRestify` policy method).");
         }
 
         $field->authorizeToAttach(

src/Repositories/Repository.php

@@ -10,6 +10,7 @@
 use Binaryk\LaravelRestify\Fields\Field;
 use Binaryk\LaravelRestify\Fields\FieldCollection;
 use Binaryk\LaravelRestify\Filter;
+use Binaryk\LaravelRestify\Http\Requests\RepositoryShowRequest;
 use Binaryk\LaravelRestify\Http\Requests\RepositoryStoreBulkRequest;
 use Binaryk\LaravelRestify\Http\Requests\RestifyRequest;
 use Binaryk\LaravelRestify\Models\CreationAware;
@@ -511,9 +512,10 @@ public function resolveRelationships($request): array
         $withs = collect();
 
         /** * To avoid circular relationships and deep stack calls, we will do not load eager fields. */
-        if (! $this->isEagerState()) {
+        if (! $this->isEagerState() && $request instanceof RepositoryShowRequest) {
             $this->collectFields($request)
                 ->forEager($request, $this)
+                ->filter(fn (EagerField $field) => $field->isShownOnShow($request, $this))
                 ->each(fn (EagerField $field) => $withs->put($field->attribute, $field->resolve($this)->value));
         }
 

tests/Controllers/ProfileControllerTest.php

@@ -27,7 +27,7 @@ protected function setUp(): void
     public function test_profile_returns_authenticated_user()
     {
         $response = $this->getJson('profile')
-            ->assertStatus(200)
+            ->assertOk()
             ->assertJsonStructure([
                 'data',
             ]);
@@ -40,7 +40,7 @@ public function test_profile_returns_authenticated_user()
     public function test_profile_returns_authenticated_user_with_related_posts()
     {
         $this->getJson('profile?related=posts')
-            ->assertStatus(200)
+            ->assertOk()
             ->assertJsonStructure([
                 'data' => [
                     'posts' => [
@@ -55,7 +55,7 @@ public function test_profile_returns_authenticated_user_with_related_posts()
     public function test_profile_returns_authenticated_user_with_meta_profile_data()
     {
         $this->getJson('profile')
-            ->assertStatus(200)
+            ->assertOk()
             ->assertJsonStructure([
                 'data',
                 'meta' => [
@@ -69,8 +69,7 @@ public function test_profile_update()
         $response = $this->putJson('profile', [
             'email' => '[email protected]',
             'name' => 'Eduard',
-        ])
-            ->assertStatus(200);
+        ])->assertOk();
 
         $response->assertJsonFragment([
             'email' => '[email protected]',
@@ -85,8 +84,7 @@ public function test_profile_update_password()
             'name' => 'Eduard',
             'password' => 'secret',
             'password_confirmation' => 'secret',
-        ])
-            ->assertStatus(200);
+        ])->assertOk();
 
         $this->assertTrue(Hash::check('secret', $this->authenticatedAs->password));
     }
@@ -100,8 +98,7 @@ public function test_profile_update_unique_email()
         $this->putJson('profile', [
             'email' => '[email protected]',
             'name' => 'Eduard',
-        ])
-            ->assertStatus(400);
+        ])->assertStatus(400);
     }
 
     public function test_profile_upload_avatar()
@@ -110,8 +107,7 @@ public function test_profile_upload_avatar()
 
         $this->postJson('profile/avatar', [
             'avatar' => $file,
-        ])
-            ->assertStatus(200);
+        ])->assertOk();
     }
 
     public function test_profile_validation_from_repository()
@@ -153,7 +149,7 @@ public function test_profile_returns_authenticated_user_with_related_posts_via_r
         UserRepository::$canUseForProfile = true;
 
         $response = $this->getJson('profile?related=posts')
-            ->assertStatus(200)
+            ->assertOk()
             ->assertJsonStructure([
                 'attributes',
                 'relationships' => [
@@ -179,7 +175,7 @@ public function test_profile_returns_authenticated_user_with_meta_profile_data_v
         ];
 
         $this->getJson('profile')
-            ->assertStatus(200)
+            ->assertOk()
             ->assertJsonStructure([
                 'attributes',
                 'meta' => [
@@ -195,8 +191,7 @@ public function test_profile_update_via_repository()
         $response = $this->putJson('profile', [
             'email' => '[email protected]',
             'name' => 'Eduard',
-        ])
-            ->assertStatus(200);
+        ])->assertOk();
 
         $response->assertJsonFragment([
             'email' => '[email protected]',

tests/Controllers/RepositoryStoreControllerTest.php

@@ -4,6 +4,7 @@
 
 use Binaryk\LaravelRestify\Tests\Fixtures\Post\Post;
 use Binaryk\LaravelRestify\Tests\Fixtures\Post\PostPolicy;
+use Binaryk\LaravelRestify\Tests\Fixtures\Post\PostUnauthorizedFieldRepository;
 use Binaryk\LaravelRestify\Tests\IntegrationTest;
 use Illuminate\Support\Facades\Gate;
 
@@ -94,7 +95,7 @@ public function test_will_not_store_unauthorized_fields()
     public function test_will_not_store_readonly_fields()
     {
         $user = $this->mockUsers()->first();
-        $response = $this->postJson('posts-unauthorized-fields', [
+        $response = $this->postJson(PostUnauthorizedFieldRepository::uriKey(), [
             'user_id' => $user->id,
             'image' => 'avatar.png',
             'title' => 'Some post title',

tests/Fields/BelongsToFieldTest.php

@@ -38,17 +38,15 @@ protected function tearDown(): void
 
     public function test_present_on_relations()
     {
-        factory(Post::class)->create([
+        $post = factory(Post::class)->create([
             'user_id' => factory(User::class),
         ]);
 
-        $this->get(PostWithUserRepository::uriKey())
+        $this->get(PostWithUserRepository::uriKey()."/$post->id")
             ->assertJsonStructure([
                 'data' => [
-                    [
-                        'relationships' => [
-                            'user',
-                        ],
+                    'relationships' => [
+                        'user',
                     ],
                 ],
             ]);