Module: ConcernsOnRails::Controllers::Sortable

Extended by:

ActiveSupport::Concern

Defined in:

lib/concerns_on_rails/controllers/sortable.rb

Overview

URL-param-driven ordering for index actions, with a strict allow-list to prevent ordering by arbitrary user-supplied columns (SQL injection / data exposure risk).

class ArticlesController < ApplicationController
  include ConcernsOnRails::Controllers::Sortable
  sortable_by :created_at, :title, :published_at, default: :created_at, direction: :desc

  def index
    render json: sorted(Article.all)
  end
end

Reads params and params. Falls back to the configured defaults if either is missing or invalid.

Constant Summary

VALID_DIRECTIONS =

%i[asc desc].freeze

Instance Method Summary

• #sorted(relation) ⇒ Object

  Apply ordering to a relation based on params / params.

Instance Method Details

#sorted(relation) ⇒ Object

Apply ordering to a relation based on params / params. Falls back to defaults; never orders by a non-whitelisted column.

# File 'lib/concerns_on_rails/controllers/sortable.rb', line 46

def sorted(relation)
  field = sort_field
  return relation unless field

  relation.order(field => sort_direction)
end