RubyGems - active_model_serializers_cancancan - Versions diffs - 0.0.3 - Mend

active_model_serializers_cancancan 0.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

checksums.yaml +7 -0
data/.gitignore +17 -0
data/.ruby-gemset +1 -0
data/.ruby-version +1 -0
data/.travis.yml +5 -0
data/Gemfile +5 -0
data/LICENSE.txt +22 -0
data/README.md +77 -0
data/Rakefile +7 -0
data/active_model_serializers_cancancan.gemspec +27 -0
data/init.rb +1 -0
data/lib/active_model_serializers/cancan/abilities.rb +48 -0
data/lib/active_model_serializers/cancan/associations.rb +38 -0
data/lib/active_model_serializers/cancan/helpers.rb +21 -0
data/lib/active_model_serializers/cancan/monkeypatch.rb +9 -0
data/lib/active_model_serializers/cancan/version.rb +7 -0
data/lib/active_model_serializers/cancan.rb +7 -0
data/lib/active_model_serializers_cancancan.rb +1 -0
data/spec/active_model_serializers/cancan/abilities_spec.rb +45 -0
data/spec/active_model_serializers/cancan/associations_spec.rb +86 -0
data/spec/spec_helper.rb +49 -0
metadata +165 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ce161c1d6f79a45223d67cf65bfc0784d4a0b821
+  data.tar.gz: e3f6e01156ac758f0bf84993dcdde3483a519a7b
+SHA512:
+  metadata.gz: f7786db0b565437bc845468150c071bc6ffe83af441c57ed6c231c41a281fdc7ad02782fd690edee1267bb88177e793965d8d903d79ecf68f24fc86da30de7bf
+  data.tar.gz: 7b351437cb30afabc1cff37e0aa288ddf87957e2b4a241bca1dffd2e8015f015585123e2535b85bba924df153878e1597d858515d76b3ab63f69f7af201f1b26

data/.gitignore ADDED Viewed

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.ruby-gemset ADDED Viewed

	@@ -0,0 +1 @@
1	+ ams-cc

data/.ruby-version ADDED Viewed

	@@ -0,0 +1 @@
1	+ 2.1.2

data/.travis.yml ADDED Viewed

@@ -0,0 +1,5 @@
+rvm:
+  - 1.9.3
+before_install:
+  - gem install bundler --version '>= 1.2.2'
+script: "bundle exec rspec"

data/Gemfile ADDED Viewed

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+# Specify your gem's dependencies in active_model_serializers-cancan.gemspec
+gemspec

data/LICENSE.txt ADDED Viewed

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Gordon L. Hempton
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md ADDED Viewed

@@ -0,0 +1,77 @@
+# ActiveModelSerializers::Cancan
+Provides a simple integration between [CanCanCan](https://github.com/CanCanCommunity/cancancan) and [Active Model Serializers](https://github.com/rails-api/active_model_serializers).
+## Installation
+Add this line to your application's Gemfile:
+    gem 'active_model_serializers_cancancan'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install active_model_serializers_cancancan
+## Usage
+### Associations
+`hasOne` and `hasMany` serializer macros now support an additional property, `authorize`. Associations with this property set to true will be authorized and filtered via CanCan. For example:
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :title, :content
+  has_one :author, authorize: true
+  has_many :comments, authorize: true
+end
+```
+### Helpers
+Serializers now also have access to the same helpers as controllers, namely `current_ability`, `can?`, and `cannot?`.
+### Ability Serialization
+Use the `abilities` helper method to add an `abilities` key to the serialized data. For example:
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :id
+  abilities :show, :update
+end
+@post.as_json # { id: 1, abilities: { show: true, update: false } }
+```
+#### RESTful Alias
+If `:restful` is passed as an ability it will expand to the 7 default
+RESTful actions: `:index, :show, :new, :create, :edit, :update, :destroy`
+#### Overriding an Ability
+Abilities are checked by calling the `can_#{action}?` method.  By overriding this method the result for the ability can be customized. For example:
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :id
+  abilities :show
+  def can_show?
+    session[:wizard_started] && can?(:show, object)
+  end
+end
+```
+## Contributing
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile ADDED Viewed

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new('spec')
+# If you want to make this the default task
+task :default => :spec

data/active_model_serializers_cancancan.gemspec ADDED Viewed

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'active_model_serializers/cancan/version'
+Gem::Specification.new do |gem|
+  gem.name          = "active_model_serializers_cancancan"
+  gem.version       = ActiveModel::Serializers::Cancan::VERSION
+  gem.authors       = ["GlebTv", "Gordon L. Hempton"]
+  gem.email         = ["glebtv@gmail.com"]
+  gem.summary       = %q{CanCanCan integration with Active Model Serializers}
+  gem.homepage      = "https://github.com/glebtv/active_model_serializers_cancancan"
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+  gem.add_dependency 'active_model_serializers'
+  gem.add_dependency 'cancancan'
+  gem.add_development_dependency 'bundler'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'pry'
+  gem.add_development_dependency 'mongoid', '~> 4.0.0.beta1'
+end

data/init.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require 'active_model_serializers/cancan'

data/lib/active_model_serializers/cancan/abilities.rb ADDED Viewed

@@ -0,0 +1,48 @@
+module ActiveModel
+  class Serializer
+    module CanCan
+      module Abilities
+        extend ActiveSupport::Concern
+        included do
+          class_attribute :cancan_actions
+        end
+        def can
+          cancan_actions.inject({}) do |hash, action|
+            hash[action] = send("can_#{action}?")
+            hash
+          end
+        end
+        module ClassMethods
+          def abilities(*actions)
+            self.cancan_actions = expand_cancan_actions(actions)
+            cancan_actions.each do |action|
+              method = "can_#{action}?".to_sym
+              unless method_defined?(method)
+                define_method method do
+                  can? action, object
+                end
+              end
+            end
+            attributes :can
+          end
+          private
+          def expand_cancan_actions(actions)
+            if actions.include? :restful
+              actions.delete :restful
+              actions |= [:index, :show, :new, :create, :edit, :update, :destroy]
+            end
+            actions
+          end
+        end
+      end
+    end
+  end
+end
+ActiveModel::Serializer.send :include, ActiveModel::Serializer::CanCan::Abilities

data/lib/active_model_serializers/cancan/associations.rb ADDED Viewed

@@ -0,0 +1,38 @@
+module ActiveModel
+  class Serializer
+    module Associations #:nodoc:
+      class Config #:nodoc:
+        def authorize?
+          !!options[:authorize]
+        end
+      end
+      class HasMany #:nodoc:
+        def serialize_with_cancan
+          return serialize_without_cancan unless authorize?
+          associated_object.select {|item| find_serializable(item).can?(:read, item) }.map do |item|
+            find_serializable(item).serializable_hash
+          end
+        end
+        alias_method_chain :serialize, :cancan
+      end
+      class HasOne #:nodoc:
+        def serialize_with_cancan
+          object = associated_object
+          serializer = find_serializable(object)
+          #p !authorize?, serializer, serializer.can?(:read, object)
+          return nil unless !authorize? || serializer && serializer.can?(:read, object)
+          serialize_without_cancan
+        end
+        alias_method_chain :serialize, :cancan
+      end
+    end
+  end
+end

data/lib/active_model_serializers/cancan/helpers.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module ActiveModel
+  class Serializer
+    module CanCan
+      module Helpers
+        def current_ability
+          Ability.new(options[:scope])
+        end
+        def can?(*args)
+          current_ability.can? *args
+        end
+        def cannot?
+          current_ability.cannot? *args
+        end
+      end
+    end
+  end
+end
+ActiveModel::Serializer.send :include, ActiveModel::Serializer::CanCan::Helpers

data/lib/active_model_serializers/cancan/monkeypatch.rb ADDED Viewed

@@ -0,0 +1,9 @@
+# A small hack to allow passing options to associations
+class ActiveModel::Serializer
+  def include_associations!
+    _associations.each_pair do |name, asst|
+      include!(name, asst.options) if include?(name)
+    end
+  end
+end

data/lib/active_model_serializers/cancan/version.rb ADDED Viewed

@@ -0,0 +1,7 @@
+module ActiveModel
+  module Serializers
+    module Cancan
+      VERSION = "0.0.3"
+    end
+  end
+end

data/lib/active_model_serializers/cancan.rb ADDED Viewed

@@ -0,0 +1,7 @@
+require 'cancancan'
+require 'active_model_serializers'
+require 'active_model_serializers/cancan/monkeypatch'
+require 'active_model_serializers/cancan/version'
+require 'active_model_serializers/cancan/helpers'
+require 'active_model_serializers/cancan/associations'
+require 'active_model_serializers/cancan/abilities'

data/lib/active_model_serializers_cancancan.rb ADDED Viewed

	@@ -0,0 +1 @@
1	+ require "active_model_serializers/cancan"

data/spec/active_model_serializers/cancan/abilities_spec.rb ADDED Viewed

@@ -0,0 +1,45 @@
+require 'spec_helper'
+describe ActiveModel::Serializer::CanCan::Abilities do
+  let(:user) { User.first }
+  let(:category) { Category.first }
+  class MockAbility
+    include CanCan::Ability
+    def initialize(user)
+      can :manage, Category
+      cannot :read, Category
+    end
+  end
+  describe '.abilities' do
+    let(:serializer) do
+      Class.new(ActiveModel::Serializer) do
+        attributes :id
+        abilities :restful, :foo
+        def current_ability
+          MockAbility.new(nil)
+        end
+        def can_foo?
+          true
+        end
+      end
+    end
+    let(:category_serializer) { serializer.new(category, scope: user) }
+    context 'serializable_hash' do
+      subject { category_serializer.serializable_hash }
+      its(:keys) { should eq [:id, :can] }
+    end
+    context 'abilities key' do
+      subject { category_serializer.serializable_hash[:can] }
+      its([:restful]) { should be_nil }
+      its([:update]) { should be_true }
+      its([:show]) { should be_false }
+      its([:foo]) { should be_true }
+    end
+  end
+end

data/spec/active_model_serializers/cancan/associations_spec.rb ADDED Viewed

@@ -0,0 +1,86 @@
+require 'spec_helper'
+describe ActiveModel::Serializer::Associations do
+  let(:user) { User.find(1) }
+  let(:category) { Category.first }
+  context 'when authorize is set to false' do
+    before do
+      Object.send(:remove_const, :CategorySerializer) if defined?(CategorySerializer)
+      Object.send(:remove_const, :ProjectSerializer) if defined?(ProjectSerializer)
+      Object.send(:remove_const, :Ability) if defined?(Ability)
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: false
+        has_one :project, authorize: false
+      end
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          cannot :read, :project
+        end
+      end
+    end
+    it 'should serialize forbidden has_many records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(2)
+    end
+    it 'should serialize forbidden has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to_not be_nil
+    end
+  end
+  context 'when authorize set to true' do
+    before do
+      Object.send(:remove_const, :CategorySerializer) if defined?(CategorySerializer)
+      Object.send(:remove_const, :ProjectSerializer) if defined?(ProjectSerializer)
+      Object.send(:remove_const, :Ability) if defined?(Ability)
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: true
+        has_one :project, authorize: true
+      end
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          can :read, Category
+          can :read, Project do |pr|
+            pr.user == user
+          end
+        end
+      end
+    end
+    it 'should filter unauthorized records', focus: true do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(1)
+    end
+    it 'should nil out unauthorized has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to be_nil
+    end
+    it 'should serialize authorized has_one records' do
+      expect(CategorySerializer.new(category, scope: User.find(2)).serializable_hash[:project]).to_not be_nil
+    end
+  end
+end

data/spec/spec_helper.rb ADDED Viewed

@@ -0,0 +1,49 @@
+require 'bundler'
+Bundler.require(:default, :test)
+require 'mongoid'
+require 'active_model_serializers_cancancan'
+Mongoid.configure do |config|
+  config.connect_to "ams-test"
+end
+class User
+  include Mongoid::Document
+  field :name
+  has_many :projects
+  has_many :categories
+end
+class Project
+  include Mongoid::Document
+  belongs_to :user
+  belongs_to :category
+  has_many :categories
+end
+class Category
+  include Mongoid::Document
+  belongs_to :user
+  belongs_to :project
+  has_many :projects
+end
+RSpec.configure do |config|
+  config.before do
+    user1 = User.create(id: 1, name: "User1")
+    user2 = User.create(id: 2, name: "User2")
+    c = Category.create(project: Project.create(user: user2))
+    Project.create(user: user1, category: c)
+    Project.create(user: user2, category: c)
+  end
+  config.after do
+    User.delete_all
+    Project.delete_all
+    Category.delete_all
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,165 @@
+--- !ruby/object:Gem::Specification
+name: active_model_serializers_cancancan
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- GlebTv
+- Gordon L. Hempton
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2014-05-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0.beta1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0.beta1
+description:
+email:
+- glebtv@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- active_model_serializers_cancancan.gemspec
+- init.rb
+- lib/active_model_serializers/cancan.rb
+- lib/active_model_serializers/cancan/abilities.rb
+- lib/active_model_serializers/cancan/associations.rb
+- lib/active_model_serializers/cancan/helpers.rb
+- lib/active_model_serializers/cancan/monkeypatch.rb
+- lib/active_model_serializers/cancan/version.rb
+- lib/active_model_serializers_cancancan.rb
+- spec/active_model_serializers/cancan/abilities_spec.rb
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/glebtv/active_model_serializers_cancancan
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.2.2
+signing_key:
+specification_version: 4
+summary: CanCanCan integration with Active Model Serializers
+test_files:
+- spec/active_model_serializers/cancan/abilities_spec.rb
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb