Orden
A simple library (~ 40 LOC) to generate sorting links via
query strings for example: http://www.example.com/?sort_attr=id&sort_dir=asc
.
The only dependency of this library is Rack so it should work in your Rack
compatible framework of choice (Cuba, Rails, Roda, Sinatra, etc).
The typical use case for the library is column sorting on html tables.
Installation
Add this line to your application's Gemfile:
gem 'orden'
And then execute:
$ bundle
Or install it yourself as:
$ gem install orden
Usage
You need to instantiate an Orden
object in the context of the current
request, for this you need to pass a Rack::Request or similiar (Roda typical 'r
'
object, request
object inside a Rails controller, etc).
Orden.new([request_object], [default sort attr], [default order (asc/desc)])
For example:
@sorter = Orden.new(r, "id", "desc")
In your views you can now call:
@sorter.sort_path([attr])
For example in a table header:
<th><a href="<%= @sorter.sort_path "id" %>">ID</a></th>
<th><a href="<%= @sorter.sort_path "name" %>">Name</a></th>
and it will generate the expected path to sort your results using that
attribute for example (/users?sort_attr=id&sort_dir=asc).
Security
Take into account that this library does not apply any type of sanitation to
the received parameters. Typically sorting attributes should be filtered or
white listed someway before applying them to an SQL query or equivalent.
For example you can create a helper such as:
module SortHelper
def sort_sql(sorter, attr_whitelist)
if attr_whitelist.include?(sorter.current_attribute)
"#{sorter.current_attribute} #{sorter.current_direction}"
else
"#{sorter.default_attr} #{sorter.default_dir}"
end
end
end
and the use it in an ActiveRecord query:
@sorter = Orden.new(req, "id", "desc")
@users = User.order(sort_sql(@sorter, User::SORTABLE_ATTRIBUTES)).
Please take this as an example, this code may not be secure.
Contributing
Bug reports and pull requests are welcome on GitHub at https://github.com/manuca/orden.