accessible_for 0.1.0

data/README.markdown

@@ -0,0 +1,101 @@
+# AccessibleFor: key-based hash sanitizer for Ruby
+
+This is a simple mass-assignment security module loosely based on
+[ActiveModel::MassAssignmentSecurity][1]. It attempts to steal the good ideas
+and some of the API while being compatible with Rails 2.3-based applications.
+
+Only attr_accessible (or its equivalent, keep reading) is implemented, because
+attr_protected is just a bad ActiveRecord API that hung around for some reason,
+and we don't want it stinking up the place.
+
+There are actually two available APIs, the ActiveModel-workalike and a new one
+called accessible_for. They provide identical functionality.
+
+# Usage
+
+## ActiveModel-workalike API
+
+    class TacoShop < Controller
+      include MassAssignmentBackport
+
+      # when no role is specified, :default is used
+      attr_accessible :rating
+
+      # you can specify multiple roles
+      attr_accessible :filling, :topping, :as => [:default, :manager]
+
+      # and add to existing roles
+      attr_accessible :price, :as => :manager
+  
+      def update
+        Taco.find(params[:id]).update_attributes!(taco_params)
+      end
+  
+      protected
+  
+      def taco_params
+        # use sanitize_for_mass_assignment to build a safe hash given a role.
+        # when nothing/nil is passed for the role, :default is used
+        sanitize_for_mass_assignment params[:taco], current_user.manager? ? :manager : nil
+      end
+    end
+
+## accessible_for API
+
+    class TacoShop < Controller
+      include AccessibleFor
+
+      # there are no implicit roles and you can declare only one group at a time
+      accessible_for :default => [ :filling, :topping, :rating ]
+      accessible_for :manager => [ :filling, :topping, :price ]
+  
+      def update
+        Taco.find(params[:id]).update_attributes!(taco_params)
+      end
+  
+      protected
+  
+      def taco_params
+        # use sanitize_for(role, params) to build a safe hash
+        # again, there is no implicit role
+        if current_user.manager?
+          sanitize_for :manager, params[:taco]
+        else
+          sanitize_for :default, params[:taco]
+        end
+      end
+    end
+
+# Rationale
+
+There are two things I've never liked about ActiveRecord's attr_* API:
+
+It's model-level when the resources I am trying to protect are controller-level.
+This actually gets in our way when we're just trying to test/manipulate our own
+models outside of a controller context, making it harder to work with
+our own data for no good reason. I feel this phenomenon could have the effect of
+discouraging developers from using it.
+
+Another problem with ActiveRecord is that it provides attr_protected.
+Blacklisting instead of whitelisting is just a bad idea, and I see no reason
+to allow/support it when security is the primary goal.
+
+So once we address those two things we have something that looks a bit like
+ActiveModel's implementation minus attr_protected, which is the purpose of the
+ActiveModel-workalike API. However there are problems with this API as well:
+
+The role is optional, leading to lack of clarity. Sometimes you need to
+specify :default, sometimes it's implicit. I think an API designed for
+hardening should be more transparent.
+
+The way the role is specified is also suboptimal. It's at the end of the
+declaration so you have to hunt for it. It uses the key :as implying a
+user-based access role, but the fact is this value is really just a scope and
+can mean anything.
+
+# Author
+
+Zack Hobson (zack@zackhobson.com)
+
+[1]: http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity.html
+

data/Rakefile

@@ -0,0 +1,14 @@
+desc 'run tests'
+task :test do
+  # This should work in my opinion, but it only runs the last loaded test.
+  #sh 'ruby -Ilib -rminitest/autorun test/*_test.rb'
+  require 'minitest/unit'
+  $:.unshift("./lib")
+  Dir['test/*_test.rb'].each {|t| load t}
+  MiniTest::Unit.autorun
+end
+
+desc 'build the gem'
+task :gem do
+  sh 'gem build accessible_for.gemspec'
+end

data/accessible_for.gemspec

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path("./lib")
+require 'accessible_for'
+
+Gem::Specification.new do |s|
+  s.name = "accessible_for"
+  s.version = AccessibleFor::VERSION
+  s.summary = 'Simple API for sanitizing hashes by input key'
+  s.description = <<-EOD
+    This is a simple mass-assignment security module loosely based on
+    ActiveModel::MassAssignmentSecurity. It attempts to steal the good ideas
+    and some of the API while being compatible with Rails 2.3-based applications.
+  EOD
+  s.authors = ['Zack Hobson']
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- test/*`.split("\n")
+end

data/lib/accessible_for.rb

@@ -0,0 +1,24 @@
+require 'mass_assignment_backport'
+
+module AccessibleFor
+  VERSION = "0.1.0"
+
+  def self.included(mod)
+    mod.send :include, MassAssignmentBackport
+    mod.extend ClassMethods
+  end
+
+  module ClassMethods
+    def accessible_for params
+      params.each do |role, attrs|
+        attr_accessible *([attrs].flatten.push(:as => role))
+      end
+    end
+  end
+
+  def sanitize_for role, values
+    sanitize_for_mass_assignment values, role
+  end
+end
+
+

data/lib/mass_assignment_backport.rb

@@ -0,0 +1,36 @@
+module MassAssignmentBackport
+  VERSION = "0.1.0"
+
+  def self.included(mod)
+    mod.extend ClassMethods
+  end
+
+  module ClassMethods
+    attr_accessor :_accessible_attributes
+
+    def attr_accessible *args
+      options = args.last.kind_of?(Hash) ? args.pop : {}
+      role = options[:as] || :default
+      self._accessible_attributes ||= {}
+      [role].flatten.each do |name|
+        self._accessible_attributes[name] = accessible_attributes(name) + args
+      end
+    end
+
+    def accessible_attributes role=:default
+      _accessible_attributes[role] || []
+    end
+  end
+
+  def sanitize_for_mass_assignment values, role=:default
+    {}.tap do |result|
+      values.each do |k, v|
+        if self.class._accessible_attributes[role].include?(k.to_sym)
+          yield k, v if block_given?
+          result[k] = v
+        end
+      end
+    end
+  end
+end
+

data/mass_assignment_backport.gemspec

@@ -0,0 +1,16 @@
+$:.unshift File.expand_path("./lib")
+require 'mass_assignment_backport'
+
+Gem::Specification.new do |s|
+  s.name = "mass_assignment_backport"
+  s.version = MassAssignmentBackport::VERSION
+  s.summary = 'Simple API for sanitizing hashes by input key'
+  s.description = <<-EOD
+    This is a simple mass-assignment security module loosely based on
+    ActiveModel::MassAssignmentSecurity. It attempts to steal the good ideas
+    and some of the API while being compatible with Rails 2.3-based applications.
+  EOD
+  s.authors = ['Zack Hobson']
+  s.files = `git ls-files`.split("\n")
+  s.test_files = `git ls-files -- test/*`.split("\n")
+end

data/test/accessible_for_test.rb

@@ -0,0 +1,49 @@
+require 'accessible_for'
+
+class AccessibleForTest < MiniTest::Unit::TestCase
+  include AccessibleFor
+  accessible_for :default => :topping
+  accessible_for :manager => [:price, :topping]
+
+  def test_accessible_default
+    default = sanitize_for :default, :topping => 'salsa', :price => 123, :extra => 'foo'
+    assert default.has_key?(:topping), "default gets accessible key"
+    assert !default.has_key?(:price),  "default does not get inaccessible key"
+    assert !default.has_key?(:extra),  "default does not get extra key"
+  end
+
+  def test_accessible_role
+    manager = sanitize_for :manager, :topping => 'salsa', :price => 123, :extra => 'foo'
+    assert manager.has_key?(:topping), "role gets accessible key"
+    assert manager.has_key?(:price),   "role gets second accessible key"
+    assert !manager.has_key?(:extra),  "role does not get extra key"
+  end
+
+  class SubTest
+    include AccessibleFor
+    accessible_for :default => :toasted
+    accessible_for :manager => :free
+  end
+  class SubclassTest < SubTest
+    accessible_for :default => :rating
+    accessible_for :manager => :toasted
+  end
+
+  def test_ignores_parent_settings_default
+    sub = SubclassTest.new
+    default = sub.sanitize_for :default, :toasted => true, :rating => 'good'
+    assert !default.has_key?(:toasted),  "inherited default does not get parent accessible key"
+    assert default.has_key?(:rating),    "inherited default gets accessible key"
+    assert !default.has_key?(:free),     "inherited default does not get inaccessible key"
+    assert !default.has_key?(:extra),    "inherited default does not get extra key"
+  end
+
+  def test_ignores_parent_settings_role
+    sub = SubclassTest.new
+    manager = sub.sanitize_for :manager, :toasted => true, :free => true, :rating => 'good'
+    assert !manager.has_key?(:free),    "inherited role does not get parent accessible key"
+    assert manager.has_key?(:toasted),  "inherited role gets accessible key"
+    assert !manager.has_key?(:rating),  "inherited role does not get inaccessible key"
+    assert !manager.has_key?(:extra),   "inherited role does not get extra key"
+  end
+end

data/test/mass_assignment_test.rb

@@ -0,0 +1,49 @@
+require 'mass_assignment_backport'
+
+class MassAssignmentTest < MiniTest::Unit::TestCase
+  include MassAssignmentBackport
+  attr_accessible :topping, :as => [:default, :manager]
+  attr_accessible :price, :as => :manager
+
+  def test_accessible_default
+    default = sanitize_for_mass_assignment :topping => 'salsa', :price => 123, :extra => 'foo'
+    assert default.has_key?(:topping), "default gets accessible key"
+    assert !default.has_key?(:price),  "default does not get inaccessible key"
+    assert !default.has_key?(:extra),  "default does not get extra key"
+  end
+
+  def test_accessible_role
+    manager = sanitize_for_mass_assignment({ :topping => 'salsa', :price => 123, :extra => 'foo' }, :manager)
+    assert manager.has_key?(:topping), "role gets accessible key"
+    assert manager.has_key?(:price),   "role gets second accessible key"
+    assert !manager.has_key?(:extra),  "role does not get extra key"
+  end
+
+  class SubTest
+    include MassAssignmentBackport
+    attr_accessible :toasted
+    attr_accessible :free, :as => :manager
+  end
+  class SubclassTest < SubTest
+    attr_accessible :rating
+    attr_accessible :toasted, :as => :manager
+  end
+
+  def test_ignores_parent_settings_default
+    sub = SubclassTest.new
+    default = sub.sanitize_for_mass_assignment :toasted => true, :rating => 'good'
+    assert !default.has_key?(:toasted),  "inherited default does not get parent accessible key"
+    assert default.has_key?(:rating),    "inherited default gets accessible key"
+    assert !default.has_key?(:free),     "inherited default does not get inaccessible key"
+    assert !default.has_key?(:extra),    "inherited default does not get extra key"
+  end
+
+  def test_ignores_parent_settings_role
+    sub = SubclassTest.new
+    manager = sub.sanitize_for_mass_assignment({ :toasted => true, :free => true, :rating => 'good' }, :manager)
+    assert !manager.has_key?(:free),    "inherited role does not get parent accessible key"
+    assert manager.has_key?(:toasted),  "inherited role gets accessible key"
+    assert !manager.has_key?(:rating),  "inherited role does not get inaccessible key"
+    assert !manager.has_key?(:extra),   "inherited role does not get extra key"
+  end
+end

metadata

@@ -0,0 +1,56 @@
+--- !ruby/object:Gem::Specification
+name: accessible_for
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Zack Hobson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-03-06 00:00:00.000000000Z
+dependencies: []
+description: ! "    This is a simple mass-assignment security module loosely based
+  on\n    ActiveModel::MassAssignmentSecurity. It attempts to steal the good ideas\n
+  \   and some of the API while being compatible with Rails 2.3-based applications.\n"
+email: 
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.markdown
+- Rakefile
+- accessible_for.gemspec
+- lib/accessible_for.rb
+- lib/mass_assignment_backport.rb
+- mass_assignment_backport.gemspec
+- test/accessible_for_test.rb
+- test/mass_assignment_test.rb
+homepage: 
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.10
+signing_key: 
+specification_version: 3
+summary: Simple API for sanitizing hashes by input key
+test_files:
+- test/accessible_for_test.rb
+- test/mass_assignment_test.rb