active-fedora 9.0.0.beta7 → 9.0.0.beta8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0efb77ba5a2ca5e2a3a904bf1f6181eb8ec1b7b6
-  data.tar.gz: f3996a300d97a4237839bb8875754a5c8eb8a54d
+  metadata.gz: c24dde2e32be3f35bb1d77501279572cb2695ca4
+  data.tar.gz: 87e6796cd6ae6aac4bf464e11b2a2739f3a803fa
 SHA512:
-  metadata.gz: cb3b8dc10a355f976a397a67ae4d638a4de029bab93dbe63993e317890e1a3b0c9e75e7403c29b2accb349a1ee1e14984321aa4877aed56bb0a91dd2d8152922
-  data.tar.gz: 8305e854f8477f0796b094cbf7e048874971687801d7d19450c05b22a82b9f8e016c316f0c4b13c24144b3956026898a3ee6a2d8d5aed7450802ef0e76e9b60e
+  metadata.gz: 43b3dbe69386c97045ea8652f286c872bd3874d9c95b11b28f99203e357a7445f0287d27daefcb5c74fca1a6fab6d8f9af33389300033ff5f45218e582af8fda
+  data.tar.gz: b6f025e13de2def11b8361663ae55510989a25e38e8fe3cf9ccc7e99ed89a87f4fef380fead464a6a13ed0ad8146a2c5b55ffab1b490aeabd223425d696371d3

data/.travis.yml

@@ -1,4 +1,6 @@
 language: ruby
+cache: bundler
+sudo: false
 rvm:
   - 2.1
 

data/lib/active_fedora.rb

@@ -69,8 +69,9 @@ module ActiveFedora #:nodoc:
     autoload :NomDatastream
     autoload :NullRelation
     autoload :OmDatastream
-    autoload :Property
     autoload :Persistence
+    autoload :ProfileIndexingService
+    autoload :Property
     autoload :QualifiedDublinCoreDatastream
     autoload :Querying
     autoload :QueryResultBuilder

data/lib/active_fedora/attributes.rb

@@ -1,7 +1,9 @@
+require 'active_model/forbidden_attributes_protection'
 module ActiveFedora
   module Attributes
     extend ActiveSupport::Concern
     include ActiveModel::Dirty
+    include ActiveModel::ForbiddenAttributesProtection
 
     included do
       include Serializers
@@ -15,7 +17,7 @@ module ActiveFedora
     end
 
     def attributes=(properties)
-      properties.each do |k, v|
+      sanitize_for_mass_assignment(properties).each do |k, v|
         respond_to?(:"#{k}=") ? send(:"#{k}=", v) : raise(UnknownAttributeError, "#{self.class} does not have an attribute `#{k}'")
       end
     end

data/lib/active_fedora/attributes/property_builder.rb

@@ -27,7 +27,9 @@ module ActiveFedora::Attributes
     def self.define_singular_readers(mixin, name)
       mixin.class_eval <<-CODE, __FILE__, __LINE__ + 1
         def #{name}(*args)
-          get_values(:#{name}).first
+          vals = get_values(:#{name})
+          raise ActiveFedora::ConstraintError, "Expected \\"#{name}\\" to have 0-1 statements, but there are \#{vals.size}" if vals.size > 1
+          vals.first
         end
       CODE
     end

data/lib/active_fedora/errors.rb

@@ -54,6 +54,20 @@ module ActiveFedora #:nodoc:
   class IllegalOperation < ActiveFedoraError
   end
 
+  # Raised when the data has more than one statement for a predicate, but our constraints say it's singular
+  # This helps to prevent overwriting multiple values with a single value when round tripping:
+  #   class Book < ActiveFedora::Base
+  #     property :title, predicate: RDF::DC.title, multiple: false
+  #   end
+  #
+  #   b = Book.new
+  #   b.resource.title = ['foo', 'bar']
+  #   b.title # Raises ConstraintError
+  #   # which prevents us from doing:
+  #   b.title = b.title
+  class ConstraintError < ActiveFedoraError
+  end
+
   # Used to rollback a transaction in a deliberate way without raising an exception.
   # Transactions are currently incomplete
   class Rollback < ActiveFedoraError

data/lib/active_fedora/indexing_service.rb

@@ -20,6 +20,10 @@ module ActiveFedora
       @profile_solr_name ||= ActiveFedora::SolrQueryBuilder.solr_name("object_profile", :displayable)
     end
 
+    def profile_service
+      ProfileIndexingService
+    end
+
 
     def generate_solr_document
       solr_doc = {}
@@ -28,7 +32,7 @@ module ActiveFedora
       Solrizer.set_field(solr_doc, 'active_fedora_model', object.class.inspect, :stored_sortable)
       solr_doc.merge!(QueryResultBuilder::HAS_MODEL_SOLR_FIELD => object.has_model)
       solr_doc.merge!(SOLR_DOCUMENT_ID.to_sym => object.id)
-      solr_doc.merge!(self.class.profile_solr_name => object.to_json)
+      solr_doc.merge!(self.class.profile_solr_name => profile_service.new(object).export)
       object.attached_files.each do |name, file|
         solr_doc.merge! file.to_solr(solr_doc, name: name.to_s)
       end

data/lib/active_fedora/loadable_from_json.rb

@@ -103,7 +103,7 @@ module ActiveFedora
         attached_files[key] = SolrBackedMetadataFile.new
       end
       @resource = SolrBackedResource.new(self.class)
-      self.attributes = attrs.except(datastream_keys)
+      self.attributes = attrs.slice(*self.class.attribute_names)
       # TODO Should we clear the change tracking, or make this object Read-only?
 
       run_callbacks :find

data/lib/active_fedora/profile_indexing_service.rb

@@ -0,0 +1,11 @@
+module ActiveFedora
+  class ProfileIndexingService
+    def initialize(object)
+      @object = object
+    end
+
+    def export
+      @object.serializable_hash.to_json
+    end
+  end
+end

data/lib/active_fedora/version.rb

@@ -1,3 +1,3 @@
 module ActiveFedora
-  VERSION = "9.0.0.beta7"
+  VERSION = "9.0.0.beta8"
 end

data/lib/active_fedora/versionable.rb

@@ -22,8 +22,12 @@ module ActiveFedora
 
     # Returns an array of ActiveFedora::VersionsGraph::ResourceVersion objects.
     # Excludes auto-snapshot versions from Fedora.
-    def versions
-      @versions ||= ActiveFedora::VersionsGraph.new << ::RDF::Reader.for(:ttl).new(versions_request)
+    def versions(reload=false)
+      if reload
+        @versions = ActiveFedora::VersionsGraph.new << ::RDF::Reader.for(:ttl).new(versions_request)
+      else
+        @versions ||= ActiveFedora::VersionsGraph.new << ::RDF::Reader.for(:ttl).new(versions_request)     
+      end
     end
 
     def create_version

data/lib/active_fedora/versions_graph.rb

@@ -50,7 +50,8 @@ module ActiveFedora
       end
 
       def fedora_versions
-        resources.map { |statement| version_from_resource(statement) }
+        list = resources.map { |statement| version_from_resource(statement) }
+        list.sort_by(&:created)
       end
 
   end

data/spec/integration/solr_instance_loader_spec.rb

@@ -83,4 +83,13 @@ describe ActiveFedora::SolrInstanceLoader do
       expect(subject.title).to eq 'My Title'
     end
   end
+
+  context "when the model has extra values in its json" do
+    let(:profile) { { "foo"=>["baz"], "bar"=>"quix", "title"=>"My Title", "extra_value"=>"Bonus values!"}.to_json }
+    let(:doc) { { 'id' => 'test-123', 'has_model_ssim'=>['Foo'], 'object_profile_ssm' => profile } }
+    let(:loader) { ActiveFedora::SolrInstanceLoader.new(Foo, obj.id, doc) }
+    it "should load the object without trouble" do
+      expect(loader.object).to be_instance_of Foo
+    end
+  end
 end

data/spec/spec_helper.rb

@@ -8,6 +8,7 @@ if ENV["COVERAGE"]
   SimpleCov.formatter = Coveralls::SimpleCov::Formatter
   SimpleCov.start do
     add_filter "/spec/"
+    add_filter "/gemfiles/"
   end
 end
 

data/spec/unit/attributes_spec.rb

@@ -418,6 +418,17 @@ describe ActiveFedora::Base do
             expect(subject[:abstract]).to be_nil
           end
 
+          context "when there are two assertions for the predicate" do
+            before do
+              subject.resource[:abstract] = ['foo', 'bar']
+            end
+            it "should raise an error if just returning the first value would cause data loss" do
+              expect { subject[:abstract] }.to raise_error ActiveFedora::ConstraintError, "Expected \"abstract\" to have 0-1 statements, but there are 2"
+            end
+          end
+        end
+
+        context "multiple values" do
           it "should return values" do
             expect(subject[:title]).to eq ['test1']
           end

data/spec/unit/forbidden_attributes_protection_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe "Mass assignment protection" do
+  before(:all) do
+    class ProtectedParams < ActiveSupport::HashWithIndifferentAccess
+      attr_accessor :permitted
+      alias :permitted? :permitted
+
+      def initialize(attributes)
+        super(attributes)
+        @permitted = false
+      end
+
+      def permit!
+        @permitted = true
+        self
+      end
+
+      def dup
+        super.tap do |duplicate|
+          duplicate.instance_variable_set :@permitted, @permitted
+        end
+      end
+    end
+
+    class Person < ActiveFedora::Base
+      property :first_name, predicate: ::RDF::FOAF.firstName, multiple: false
+      property :gender, predicate: ::RDF::FOAF.gender, multiple: false
+    end
+  end
+
+  after(:all) do
+    Object.send(:remove_const, :ProtectedParams)
+    Object.send(:remove_const, :Person)
+  end
+
+
+  context "forbidden attributes" do
+    let(:params) { ProtectedParams.new(first_name: 'Guille', gender: 'm') }
+    it "cannot be used for mass assignment" do
+      expect { Person.new(params) }.to raise_error ActiveModel::ForbiddenAttributesError
+    end
+  end
+
+  context "permitted attributes" do
+    let(:params) { ProtectedParams.new(first_name: 'Guille', gender: 'm').permit! }
+    it "cannot be used for mass assignment" do
+      expect { Person.new(params) }.not_to raise_error
+    end
+  end
+
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: active-fedora
 version: !ruby/object:Gem::Version
-  version: 9.0.0.beta7
+  version: 9.0.0.beta8
 platform: ruby
 authors:
 - Matt Zumwalt
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-12-11 00:00:00.000000000 Z
+date: 2014-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rsolr
@@ -347,6 +347,7 @@ files:
 - lib/active_fedora/om_datastream.rb
 - lib/active_fedora/persistence.rb
 - lib/active_fedora/predicates.rb
+- lib/active_fedora/profile_indexing_service.rb
 - lib/active_fedora/property.rb
 - lib/active_fedora/qualified_dublin_core_datastream.rb
 - lib/active_fedora/query_result_builder.rb
@@ -496,6 +497,7 @@ files:
 - spec/unit/file_spec.rb
 - spec/unit/files_hash_spec.rb
 - spec/unit/fixity_service_spec.rb
+- spec/unit/forbidden_attributes_protection_spec.rb
 - spec/unit/has_and_belongs_to_many_association_spec.rb
 - spec/unit/has_many_association_spec.rb
 - spec/unit/indexing_service_spec.rb