Harden &: arity check: fix variadic math, kwargs, extract helper, add specs

numbata · numbata · commit a4d280ffdd04 · 2026-06-02T15:44:26.000+02:00
Fixes arity math for variadic methods, skips methods with required keyword
arguments, extracts positional_arity_for for clarity, and adds specs for
optional kwargs, splats, private methods, delegation, and a canary for the
Proc#to_s regex. Also pins the ActiveSupport delegation require in spec_helper
and moves the CHANGELOG entry under Fixes.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,13 +2,13 @@
 
 #### Features
 
-* [#406](https://github.com/ruby-grape/grape-entity/pull/406): Handle symbol-to-proc wrappers (`&:method_name`) where the method uses `delegate` or `method_missing` - [@marcrohloff](https://github.com/marcrohloff).
 * Your contribution here.
 
 #### Fixes
 
 * Your contribution here.
 * [#404](https://github.com/ruby-grape/grape-entity/pull/404): Drop `MultiJson` dependency, use `Hash#to_json` for ActiveSupport-aware serialization - [@numbata](https://github.com/numbata).
+* [#406](https://github.com/ruby-grape/grape-entity/pull/406): Handle symbol-to-proc wrappers (`&:method_name`) where the method uses `delegate` or `method_missing` - [@marcrohloff](https://github.com/marcrohloff).
 
 ### 1.0.4 (2026-04-17)
 
diff --git a/lib/grape_entity/entity.rb b/lib/grape_entity/entity.rb
@@ -534,29 +534,37 @@ def exec_with_object(options, &block)
     end
 
     def ensure_block_arity!(block)
-      # MRI currently always includes "( &:foo )" for symbol-to-proc wrappers.
-      # If this format changes in a new Ruby version, this logic must be updated.
-      origin_method_name = block.to_s.scan(/(?<=\(&:)[^)]+(?=\))/).first&.to_sym
-      return unless origin_method_name
-
-      unless object.respond_to?(origin_method_name, true)
-        raise ArgumentError, <<~MSG
-          Cannot use `&:#{origin_method_name}` because that method is not defined in the object.
-        MSG
-      end
+      # Strict anchor to match MRI Proc#to_s format for symbol-to-proc: #<Proc:0x0...(&:method_name) (lambda)>
+      match = block.to_s.match(/\A#<Proc:(?:0x)?\h+\(&:(?<name>.+)\) \(lambda\)>\z/)
+      return unless match # Unrecognized format -> bail safe rather than misidentify
 
-      # Ensure that the function does not require any positional args
-      # (functions defined using `delegate` or `method_missing` take an arg of `*rest`
-      arity = object.method(origin_method_name).arity
-      required_positional_arg_count = arity >= 0 ? arity : -arity - 1
-      return if required_positional_arg_count.zero?
+      origin_method_name = match[:name].to_sym
+      required_positional_arg_count, variadic = positional_arity_for(origin_method_name)
+      return unless required_positional_arg_count
+
+      expected_suffix = required_positional_arg_count == 1 ? 'argument' : 'arguments'
+      expected_suffix += ' or more' if variadic
 
       raise ArgumentError, <<~MSG
-        Cannot use `&:#{origin_method_name}` because that method expects #{required_positional_arg_count} argument#{'s' if required_positional_arg_count != 1}.
-        Symbol‐to‐proc shorthand only works for zero‐argument methods.
+        Cannot use `&:#{origin_method_name}` because that method expects #{required_positional_arg_count} #{expected_suffix}.
+        Symbol-to-proc shorthand only works for methods that can be called with no arguments.
       MSG
     end
 
+    def positional_arity_for(method_name)
+      origin_method = object.method(method_name)
+      return nil if origin_method.parameters.any? { |type, _| type == :keyreq }
+
+      arity = origin_method.arity
+      required_positional_arg_count = arity >= 0 ? arity : -arity - 1
+      return nil if required_positional_arg_count.zero?
+
+      [required_positional_arg_count, arity.negative?]
+    rescue NameError
+      # Delegation wrappers and method_missing proxies may not expose a Method; let Ruby raise natively at call time.
+      nil
+    end
+
     def symbol_to_proc_wrapper?(block)
       params = block.parameters
 
diff --git a/spec/grape_entity/entity_spec.rb b/spec/grape_entity/entity_spec.rb
@@ -420,6 +420,14 @@ def method_with_optional_args_as_a_splat(*_optional_args)
               'result'
             end
 
+            def method_with_optional_kwargs_as_a_splat(**_kwargs)
+              'result'
+            end
+
+            def method_with_optional_args_and_kwargs_as_a_splat(*_args, **_kwargs)
+              'result'
+            end
+
             def method_with_required_args_and_an_optional_splat(_required_arg, *_optional_args)
               'result'
             end
@@ -431,6 +439,12 @@ def method_with_multiple_args(_object, _options)
             def raises_argument_error
               raise ArgumentError, 'something different'
             end
+
+            private
+
+            def private_method_with_required_arg(_required_arg)
+              'result'
+            end
           end
 
           class SomeObjectWithMethodMissing
@@ -521,6 +535,38 @@ def delegate_object
               value = subject.represent(object).value_for(:that_method_without_args_again)
               expect(value).to eq('result')
             end
+
+            it 'raises a curated `ArgumentError` for private methods with required arguments' do
+              subject.expose :that_private_method_with_required_arg, &:private_method_with_required_arg
+
+              object = SomeObject.new
+
+              expect do
+                subject.represent(object).value_for(:that_private_method_with_required_arg)
+              end.to raise_error ArgumentError, include('method expects 1 argument.')
+            end
+
+            it 'treats a source-less lambda shaped like symbol-to-proc as a one-argument exposure block' do
+              block = lambda do |object, *args|
+                raise ArgumentError, "expected no trailing args, got #{args.inspect}" unless args.empty?
+
+                object.method_without_args
+              end
+
+              def block.source_location
+                nil
+              end
+
+              def block.to_s
+                '#<Proc:0x123456 (lambda)>'
+              end
+
+              subject.expose :that_method_without_args, &block
+
+              object = SomeObject.new
+
+              expect(subject.represent(object).value_for(:that_method_without_args)).to eq('result')
+            end
           end
 
           context 'with block passed in via & that references a method with optional args' do
@@ -530,14 +576,10 @@ def delegate_object
 
               object = SomeObject.new
 
-              value = subject.represent(object).value_for(:method_with_only_optional_args)
-              expect(value).to be_nil
-
-              value = subject.represent(object).value_for(:that_method_with_only_optional_args)
-              expect(value).to eq('result')
-
-              value = subject.represent(object).value_for(:that_method_with_only_optional_args_again)
-              expect(value).to eq('result')
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_with_only_optional_args: 'result',
+                that_method_with_only_optional_args_again: 'result'
+              )
             end
 
             it 'raises an `ArgumentError` if there are required arguments' do
@@ -548,11 +590,11 @@ def delegate_object
 
               expect do
                 subject.represent(object).value_for(:that_method_with_required_and_optional_args)
-              end.to raise_error ArgumentError, include('method expects 1 argument.')
+              end.to raise_error ArgumentError, include('method expects 1 argument or more.')
 
               expect do
                 subject.represent(object).value_for(:that_method_with_required_and_optional_args_again)
-              end.to raise_error ArgumentError, include('(given 0, expected 1..3)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
             end
           end
 
@@ -563,14 +605,10 @@ def delegate_object
 
               object = SomeObject.new
 
-              value = subject.represent(object).value_for(:method_with_optional_args_as_a_splat)
-              expect(value).to be_nil
-
-              value = subject.represent(object).value_for(:that_method_with_optional_args_as_a_splat)
-              expect(value).to eq('result')
-
-              value = subject.represent(object).value_for(:that_method_with_optional_args_as_a_splat_again)
-              expect(value).to eq('result')
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_with_optional_args_as_a_splat: 'result',
+                that_method_with_optional_args_as_a_splat_again: 'result'
+              )
             end
 
             it 'raises an `ArgumentError` if there are required arguments' do
@@ -581,29 +619,53 @@ def delegate_object
 
               expect do
                 subject.represent(object).value_for(:that_method_with_required_args_and_an_optional_splat)
-              end.to raise_error ArgumentError, include('method expects 1 argument.')
+              end.to raise_error ArgumentError, include('method expects 1 argument or more.')
 
               expect do
                 subject.represent(object).value_for(:that_method_with_required_args_and_an_optional_splat_again)
-              end.to raise_error ArgumentError, include('(given 0, expected 1+)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
             end
           end
 
-          context 'with block passed in via & that references a method implemented using `method_missing`' do
+          context 'with block passed in via & that references a method with optional kwargs as a splat' do
             specify do
+              subject.expose :that_method_with_optional_kwargs_as_a_splat, &:method_with_optional_kwargs_as_a_splat
+              subject.expose :method_with_optional_kwargs_as_a_splat, as: :that_method_with_optional_kwargs_as_a_splat_again
+
+              object = SomeObject.new
+
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_with_optional_kwargs_as_a_splat: 'result',
+                that_method_with_optional_kwargs_as_a_splat_again: 'result'
+              )
+            end
+          end
+
+          context 'with block passed in via & that references a method with optional args and kwargs as a splat' do
+            specify do
+              subject.expose :that_method_with_optional_args_and_kwargs_as_a_splat, &:method_with_optional_args_and_kwargs_as_a_splat
+              subject.expose :method_with_optional_args_and_kwargs_as_a_splat, as: :that_method_with_optional_args_and_kwargs_as_a_splat_again
+
+              object = SomeObject.new
+
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_with_optional_args_and_kwargs_as_a_splat: 'result',
+                that_method_with_optional_args_and_kwargs_as_a_splat_again: 'result'
+              )
+            end
+          end
+
+          context 'with block passed in via & that references a method implemented using `method_missing`' do
+            specify 'succeeds for a zero-required-arg method_missing-backed method' do
               subject.expose :that_method_without_args, &:method_without_args
               subject.expose :method_without_args, as: :that_method_without_args_again
 
               object = SomeObjectWithMethodMissing.new
 
-              value = subject.represent(object).value_for(:method_without_args)
-              expect(value).to be_nil
-
-              value = subject.represent(object).value_for(:that_method_without_args)
-              expect(value).to eq('result')
-
-              value = subject.represent(object).value_for(:that_method_without_args_again)
-              expect(value).to eq('result')
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_without_args: 'result',
+                that_method_without_args_again: 'result'
+              )
             end
 
             it 'raises an `ArgumentError` if there are required arguments' do
@@ -612,31 +674,29 @@ def delegate_object
 
               object = SomeObjectWithMethodMissing.new
 
+              # NOTE: ensure_block_arity! cannot pierce delegation wrappers (arity -1);
+              # Ruby raises a native error at call time instead of the curated grape-entity message.
               expect do
                 subject.represent(object).value_for(:that_method_with_args)
-              end.to raise_error ArgumentError, include('(given 0, expected 1)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
 
               expect do
                 subject.represent(object).value_for(:that_method_with_args_again)
-              end.to raise_error ArgumentError, include('(given 0, expected 1)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
             end
           end
 
           context 'with block passed in via & that references a method implemented using `delegate`' do
-            specify do
+            specify 'succeeds for a zero-required-arg delegate-backed method' do
               subject.expose :that_method_without_args, &:method_without_args
               subject.expose :method_without_args, as: :that_method_without_args_again
 
               object = SomeObjectWithDelegation.new
 
-              value = subject.represent(object).value_for(:method_without_args)
-              expect(value).to be_nil
-
-              value = subject.represent(object).value_for(:that_method_without_args)
-              expect(value).to eq('result')
-
-              value = subject.represent(object).value_for(:that_method_without_args_again)
-              expect(value).to eq('result')
+              expect(subject.represent(object).serializable_hash).to eq(
+                that_method_without_args: 'result',
+                that_method_without_args_again: 'result'
+              )
             end
 
             it 'raises an `ArgumentError` if there are required arguments' do
@@ -645,13 +705,15 @@ def delegate_object
 
               object = SomeObjectWithDelegation.new
 
+              # NOTE: ensure_block_arity! cannot pierce delegation wrappers (arity -1);
+              # Ruby raises a native error at call time instead of the curated grape-entity message.
               expect do
                 subject.represent(object).value_for(:that_method_with_args)
-              end.to raise_error ArgumentError, include('(given 0, expected 1)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
 
               expect do
                 subject.represent(object).value_for(:that_method_with_args_again)
-              end.to raise_error ArgumentError, include('(given 0, expected 1)')
+              end.to raise_error ArgumentError, /given 0, expected 1/
             end
           end
 
@@ -680,7 +742,7 @@ def delegate_object
 
               expect do
                 subject.represent(object).value_for(:that_undefined_method)
-              end.to raise_error ArgumentError, include('method is not defined in the object')
+              end.to raise_error NoMethodError
             end
           end
 
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -5,6 +5,7 @@
 
 # This works around the hash extensions not being automatically included in ActiveSupport < 4
 require 'active_support/version'
+require 'active_support/core_ext/module/delegation'
 require 'active_support/core_ext/hash' if ActiveSupport::VERSION &&
                                           ActiveSupport::VERSION::MAJOR &&
                                           ActiveSupport::VERSION::MAJOR < 4
