active_model_serializers-cancan 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,5 @@
+rvm:
+  - 1.9.3
+before_install:
+  - gem install bundler --version '>= 1.2.2'
+script: "bundle exec rspec"

data/Gemfile

@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in active_model_serializers-cancan.gemspec
+gemspec
+
+group :test do
+  gem 'rspec'
+  gem 'supermodel', '0.1.6'
+
+  gem 'pry'
+end
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Gordon L. Hempton
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,41 @@
+# ActiveModelSerializers::Cancan
+
+Provides a simple integration between [CanCan](https://github.com/ryanb/cancan) and [Active Model Serializers](https://github.com/josevalim/active_model_serializers).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'active_model_serializers-cancan'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install active_model_serializers-cancan
+
+## Usage
+
+`hasOne` and `hasMany` serializer macros now support an additional property, `authorize`. Associations with this property set to true will be authorized and filtered via CanCan. For example:
+
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :title, :content
+
+  has_one :author, authorize: true
+  has_many :comments, authorize: true
+end
+
+```
+
+Serializers now also have access to the same helpers as controllers, namely `current_ability`, `can?`, and `cannot?`.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/active_model_serializers-cancan.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'active_model_serializers/cancan/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "active_model_serializers-cancan"
+  gem.version       = ActiveModel::Serializers::Cancan::VERSION
+  gem.authors       = ["Gordon L. Hempton"]
+  gem.email         = ["ghempton@gmail.com"]
+  gem.summary       = %q{CanCan integration with Active Model Serializers}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency "active_model_serializers", "~> 0.7.0"
+  gem.add_dependency "cancan", "~> 1.6.9"
+end

data/init.rb

@@ -0,0 +1 @@
+require 'active_model_serializers/cancan'

data/lib/active_model_serializers-cancan.rb

@@ -0,0 +1 @@
+require "active_model_serializers/cancan"

data/lib/active_model_serializers/cancan.rb

@@ -0,0 +1,2 @@
+require "active_model_serializers/cancan/version"
+require "active_model_serializers/cancan/associations"

data/lib/active_model_serializers/cancan/associations.rb

@@ -0,0 +1,50 @@
+require 'cancan'
+require 'active_model_serializers'
+
+module ActiveModel
+  class Serializer
+    module Associations #:nodoc:
+      class Config #:nodoc:
+
+        def authorize?
+          !!option(:authorize)
+        end
+
+        def current_ability
+          Ability.new(source_serializer.options[:scope])
+        end
+
+        def can?(*args)
+          current_ability.can? *args
+        end
+
+        def cannot?
+          current_ability.cannot? *args
+        end
+
+      end
+
+      class HasMany #:nodoc:
+
+        def serialize_with_cancan
+          return serialize_without_cancan unless authorize?
+          associated_object.select{|o| current_ability.can?(:read, o)}.map do |item|
+            find_serializable(item).serializable_hash
+          end
+        end
+        alias_method_chain :serialize, :cancan
+
+      end
+
+      class HasOne #:nodoc:
+
+        def serialize_with_cancan
+          return nil unless !authorize? || current_ability.can?(:read, associated_object)
+          serialize_without_cancan
+        end
+        alias_method_chain :serialize, :cancan
+
+      end
+    end
+  end
+end

data/lib/active_model_serializers/cancan/version.rb

@@ -0,0 +1,7 @@
+module ActiveModel
+  module Serializers
+    module Cancan
+      VERSION = "0.0.1"
+    end
+  end
+end

data/spec/active_model_serializers/cancan/associations_spec.rb

@@ -0,0 +1,78 @@
+require 'spec_helper'
+
+describe ActiveModel::Serializer::Associations do
+
+  let(:user) { User.find(1) }
+
+  let(:category) { Category.first }
+
+  context 'when authorize is set to false' do
+
+    before do
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: false
+        has_one :project, authorize: false
+      end
+
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          cannot :read, :project
+        end
+      end
+    end
+
+    it 'should serialize forbidden has_many records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(2)
+    end
+
+    it 'should serialize forbidden has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to_not be_nil
+    end
+
+  end
+
+  context 'when authorize set to true' do
+
+    before do
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: true
+        has_one :project, authorize: true
+      end
+
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          can :read, Category
+          can :read, Project do |p|
+            p.user == user
+          end
+        end
+      end
+    end
+
+    it 'should filter unauthorized records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(1)
+    end
+
+    it 'should nil out unauthorized has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to be_nil
+    end
+
+    it 'should serialize authorized has_one records' do
+      expect(CategorySerializer.new(category, scope: User.find(2)).serializable_hash[:project]).to_not be_nil
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,46 @@
+require 'bundler'
+
+Bundler.require(:default, :test)
+
+class SuperModel::Base
+
+  def read_attribute_for_serialization(n)
+    attributes[n]
+  end
+
+end
+
+class User < SuperModel::Base
+  has_many :projects
+  has_many :categories
+end
+
+class Project < SuperModel::Base
+  belongs_to :user
+  belongs_to :category
+  has_many :categories
+end
+
+class Category < SuperModel::Base
+  belongs_to :user
+  belongs_to :project
+  has_many :projects
+end
+
+RSpec.configure do |config|
+  config.before do
+    user1 = User.create(id: 1, name: "User1") 
+    user2 = User.create(id: 2, name: "User2")
+
+    c = Category.create(project: Project.create(user: user2))
+
+    Project.create(user: user1, category: c)
+    Project.create(user: user2, category: c)
+  end
+
+  config.after do
+    User.delete_all
+    Project.delete_all
+    Category.delete_all
+  end
+end

metadata

@@ -0,0 +1,94 @@
+--- !ruby/object:Gem::Specification
+name: active_model_serializers-cancan
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Gordon L. Hempton
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-20 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.7.0
+- !ruby/object:Gem::Dependency
+  name: cancan
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.9
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.9
+description: 
+email:
+- ghempton@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .travis.yml
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- active_model_serializers-cancan.gemspec
+- init.rb
+- lib/active_model_serializers-cancan.rb
+- lib/active_model_serializers/cancan.rb
+- lib/active_model_serializers/cancan/associations.rb
+- lib/active_model_serializers/cancan/version.rb
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: CanCan integration with Active Model Serializers
+test_files:
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb
+has_rdoc: