Sanitize single value filters with curlies (#134)

Dishwasha · richmolj · commit 015a0bb5dc81 · 2018-08-13T12:09:04.000-04:00
diff --git a/lib/jsonapi_compliable/scoping/filter.rb b/lib/jsonapi_compliable/scoping/filter.rb
@@ -59,17 +59,18 @@ def each_filter
     end
 
     # foo,bar,baz becomes ["foo", "bar", "baz"]
+    # {{foo}} becomes ["foo"]
     # {{foo,bar}},baz becomes ["foo,bar", "baz"]
     def parse_string_arrays(value)
-      if value.is_a?(String) && value.include?(',')
-        # Fine the quoted strings
+      if value.is_a?(String)
+        # Find the quoted strings
         quotes = value.scan(/{{.*?}}/)
         # remove them from the rest
         quotes.each { |q| value.gsub!(q, '') }
         # remove the quote characters from the quoted strings
         quotes.each { |q| q.gsub!('{{', '').gsub!('}}', '') }
         # merge everything back together into an array
-        value = value.split(',') + quotes
+        value = Array(value.split(',')) + quotes
         # remove any blanks that are left
         value.reject! { |v| v.length.zero? }
         value = value[0] if value.length == 1
diff --git a/spec/filtering_spec.rb b/spec/filtering_spec.rb
@@ -93,7 +93,6 @@
       author2.update_attribute(:first_name, 'foo,bar')
     end
 
-    # todo test dont convert to single el array
     it 'does not convert to array' do
       ids = scope.resolve.map(&:id)
       expect(ids).to eq([author2.id])
@@ -132,6 +131,38 @@
     end
   end
 
+  context 'when filter is a {{string}} without a comma' do
+    before do
+      params[:filter] = { first_name: '{{foo}}' }
+      author2.update_attribute(:first_name, 'foo')
+    end
+
+    it 'does not convert to array' do
+      ids = scope.resolve.map(&:id)
+      expect(ids).to eq([author2.id])
+    end
+
+    it 'yields single element, not array' do
+      query = Author.all
+      expect(query).to receive(:where)
+                         .with(first_name: "foo").and_call_original
+      allow(Author).to receive(:all) { query }
+      scope.resolve
+    end
+
+    context 'when an escaped string contains quoted strings' do
+      before do
+        params[:filter] = { first_name: '{{"foo"}}' }
+        author2.update_attribute(:first_name, '"foo"')
+      end
+
+      it 'works correctly' do
+        ids = scope.resolve.map(&:id)
+        expect(ids).to eq([author2.id])
+      end
+    end
+  end
+
   context 'when filter is an integer' do
     before do
       params[:filter] = { id: author1.id }
