active_model_serializers_cancancan 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: ce161c1d6f79a45223d67cf65bfc0784d4a0b821
+  data.tar.gz: e3f6e01156ac758f0bf84993dcdde3483a519a7b
+SHA512:
+  metadata.gz: f7786db0b565437bc845468150c071bc6ffe83af441c57ed6c231c41a281fdc7ad02782fd690edee1267bb88177e793965d8d903d79ecf68f24fc86da30de7bf
+  data.tar.gz: 7b351437cb30afabc1cff37e0aa288ddf87957e2b4a241bca1dffd2e8015f015585123e2535b85bba924df153878e1597d858515d76b3ab63f69f7af201f1b26

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.ruby-gemset

@@ -0,0 +1 @@
+ams-cc

data/.ruby-version

@@ -0,0 +1 @@
+2.1.2

data/.travis.yml

@@ -0,0 +1,5 @@
+rvm:
+  - 1.9.3
+before_install:
+  - gem install bundler --version '>= 1.2.2'
+script: "bundle exec rspec"

data/Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in active_model_serializers-cancan.gemspec
+gemspec
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Gordon L. Hempton
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,77 @@
+# ActiveModelSerializers::Cancan
+
+Provides a simple integration between [CanCanCan](https://github.com/CanCanCommunity/cancancan) and [Active Model Serializers](https://github.com/rails-api/active_model_serializers).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'active_model_serializers_cancancan'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install active_model_serializers_cancancan
+
+## Usage
+
+### Associations
+
+`hasOne` and `hasMany` serializer macros now support an additional property, `authorize`. Associations with this property set to true will be authorized and filtered via CanCan. For example:
+
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :title, :content
+
+  has_one :author, authorize: true
+  has_many :comments, authorize: true
+end
+```
+
+### Helpers
+
+Serializers now also have access to the same helpers as controllers, namely `current_ability`, `can?`, and `cannot?`.
+
+### Ability Serialization
+
+Use the `abilities` helper method to add an `abilities` key to the serialized data. For example:
+
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :id
+  abilities :show, :update
+end
+
+@post.as_json # { id: 1, abilities: { show: true, update: false } }
+```
+
+#### RESTful Alias
+
+If `:restful` is passed as an ability it will expand to the 7 default
+RESTful actions: `:index, :show, :new, :create, :edit, :update, :destroy`
+
+#### Overriding an Ability
+
+Abilities are checked by calling the `can_#{action}?` method.  By overriding this method the result for the ability can be customized. For example:
+
+```ruby
+class PostSerializer < ActiveModel::Serializer
+  attributes :id
+  abilities :show
+
+  def can_show?
+    session[:wizard_started] && can?(:show, object)
+  end
+end
+```
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,7 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new('spec')
+
+# If you want to make this the default task
+task :default => :spec

data/active_model_serializers_cancancan.gemspec

@@ -0,0 +1,27 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'active_model_serializers/cancan/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "active_model_serializers_cancancan"
+  gem.version       = ActiveModel::Serializers::Cancan::VERSION
+  gem.authors       = ["GlebTv", "Gordon L. Hempton"]
+  gem.email         = ["glebtv@gmail.com"]
+  gem.summary       = %q{CanCanCan integration with Active Model Serializers}
+  gem.homepage      = "https://github.com/glebtv/active_model_serializers_cancancan"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency 'active_model_serializers'
+  gem.add_dependency 'cancancan'
+
+  gem.add_development_dependency 'bundler'
+  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'rspec'
+  gem.add_development_dependency 'pry'
+  gem.add_development_dependency 'mongoid', '~> 4.0.0.beta1'
+end

data/init.rb

@@ -0,0 +1 @@
+require 'active_model_serializers/cancan'

data/lib/active_model_serializers/cancan/abilities.rb

@@ -0,0 +1,48 @@
+module ActiveModel
+  class Serializer
+    module CanCan
+      module Abilities
+        extend ActiveSupport::Concern
+
+        included do
+          class_attribute :cancan_actions
+        end
+
+        def can
+          cancan_actions.inject({}) do |hash, action|
+            hash[action] = send("can_#{action}?")
+            hash
+          end
+        end
+
+        module ClassMethods
+          def abilities(*actions)
+            self.cancan_actions = expand_cancan_actions(actions)
+            cancan_actions.each do |action|
+              method = "can_#{action}?".to_sym
+              unless method_defined?(method)
+                define_method method do
+                  can? action, object
+                end
+              end
+            end
+            attributes :can
+          end
+
+          private
+          def expand_cancan_actions(actions)
+            if actions.include? :restful
+              actions.delete :restful
+              actions |= [:index, :show, :new, :create, :edit, :update, :destroy]
+            end
+            actions
+          end
+        end
+
+      end
+    end
+  end
+end
+
+ActiveModel::Serializer.send :include, ActiveModel::Serializer::CanCan::Abilities
+

data/lib/active_model_serializers/cancan/associations.rb

@@ -0,0 +1,38 @@
+module ActiveModel
+  class Serializer
+    module Associations #:nodoc:
+
+      class Config #:nodoc:
+
+        def authorize?
+          !!options[:authorize]
+        end
+      end
+
+      class HasMany #:nodoc:
+
+        def serialize_with_cancan
+          return serialize_without_cancan unless authorize?
+          associated_object.select {|item| find_serializable(item).can?(:read, item) }.map do |item|
+            find_serializable(item).serializable_hash
+          end
+        end
+        alias_method_chain :serialize, :cancan
+
+      end
+
+      class HasOne #:nodoc:
+
+        def serialize_with_cancan
+          object = associated_object
+          serializer = find_serializable(object)
+          #p !authorize?, serializer, serializer.can?(:read, object)
+          return nil unless !authorize? || serializer && serializer.can?(:read, object)
+          serialize_without_cancan
+        end
+        alias_method_chain :serialize, :cancan
+
+      end
+    end
+  end
+end

data/lib/active_model_serializers/cancan/helpers.rb

@@ -0,0 +1,21 @@
+module ActiveModel
+  class Serializer
+    module CanCan
+      module Helpers
+        def current_ability
+          Ability.new(options[:scope])
+        end
+
+        def can?(*args)
+          current_ability.can? *args
+        end
+
+        def cannot?
+          current_ability.cannot? *args
+        end
+      end
+    end
+  end
+end
+
+ActiveModel::Serializer.send :include, ActiveModel::Serializer::CanCan::Helpers

data/lib/active_model_serializers/cancan/monkeypatch.rb

@@ -0,0 +1,9 @@
+# A small hack to allow passing options to associations
+class ActiveModel::Serializer
+  def include_associations!
+    _associations.each_pair do |name, asst|
+      include!(name, asst.options) if include?(name)
+    end
+  end
+end
+

data/lib/active_model_serializers/cancan/version.rb

@@ -0,0 +1,7 @@
+module ActiveModel
+  module Serializers
+    module Cancan
+      VERSION = "0.0.3"
+    end
+  end
+end

data/lib/active_model_serializers/cancan.rb

@@ -0,0 +1,7 @@
+require 'cancancan'
+require 'active_model_serializers'
+require 'active_model_serializers/cancan/monkeypatch'
+require 'active_model_serializers/cancan/version'
+require 'active_model_serializers/cancan/helpers'
+require 'active_model_serializers/cancan/associations'
+require 'active_model_serializers/cancan/abilities'

data/lib/active_model_serializers_cancancan.rb

@@ -0,0 +1 @@
+require "active_model_serializers/cancan"

data/spec/active_model_serializers/cancan/abilities_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe ActiveModel::Serializer::CanCan::Abilities do
+  let(:user) { User.first }
+  let(:category) { Category.first }
+
+  class MockAbility
+    include CanCan::Ability
+    def initialize(user)
+      can :manage, Category
+      cannot :read, Category
+    end
+  end
+
+  describe '.abilities' do
+    let(:serializer) do
+      Class.new(ActiveModel::Serializer) do
+        attributes :id
+        abilities :restful, :foo
+        def current_ability
+          MockAbility.new(nil)
+        end
+
+        def can_foo?
+          true
+        end
+      end
+    end
+
+    let(:category_serializer) { serializer.new(category, scope: user) }
+
+    context 'serializable_hash' do
+      subject { category_serializer.serializable_hash }
+      its(:keys) { should eq [:id, :can] }
+    end
+
+    context 'abilities key' do
+      subject { category_serializer.serializable_hash[:can] }
+      its([:restful]) { should be_nil }
+      its([:update]) { should be_true }
+      its([:show]) { should be_false }
+      its([:foo]) { should be_true }
+    end
+  end
+end

data/spec/active_model_serializers/cancan/associations_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe ActiveModel::Serializer::Associations do
+
+  let(:user) { User.find(1) }
+
+  let(:category) { Category.first }
+
+  context 'when authorize is set to false' do
+
+    before do
+      Object.send(:remove_const, :CategorySerializer) if defined?(CategorySerializer)
+      Object.send(:remove_const, :ProjectSerializer) if defined?(ProjectSerializer)
+      Object.send(:remove_const, :Ability) if defined?(Ability)
+
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: false
+        has_one :project, authorize: false
+      end
+
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          cannot :read, :project
+        end
+      end
+    end
+
+    it 'should serialize forbidden has_many records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(2)
+    end
+
+    it 'should serialize forbidden has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to_not be_nil
+    end
+
+  end
+
+  context 'when authorize set to true' do
+
+    before do
+      Object.send(:remove_const, :CategorySerializer) if defined?(CategorySerializer)
+      Object.send(:remove_const, :ProjectSerializer) if defined?(ProjectSerializer)
+      Object.send(:remove_const, :Ability) if defined?(Ability)
+
+      CategorySerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+        has_many :projects, authorize: true
+        has_one :project, authorize: true
+      end
+
+      ProjectSerializer = Class.new(ActiveModel::Serializer) do
+        attributes :id
+      end
+
+      Ability = Class.new do
+        include CanCan::Ability
+        def initialize(user)
+          can :read, Category
+          can :read, Project do |pr|
+            pr.user == user
+          end
+        end
+      end
+    end
+
+    it 'should filter unauthorized records', focus: true do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:projects].length).to eq(1)
+    end
+
+    it 'should nil out unauthorized has_one records' do
+      expect(CategorySerializer.new(category, scope: user).serializable_hash[:project]).to be_nil
+    end
+
+    it 'should serialize authorized has_one records' do
+      expect(CategorySerializer.new(category, scope: User.find(2)).serializable_hash[:project]).to_not be_nil
+    end
+
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,49 @@
+require 'bundler'
+
+Bundler.require(:default, :test)
+
+require 'mongoid'
+require 'active_model_serializers_cancancan'
+
+Mongoid.configure do |config|
+  config.connect_to "ams-test"
+end
+
+class User
+  include Mongoid::Document
+  field :name
+  has_many :projects
+  has_many :categories
+end
+
+class Project
+  include Mongoid::Document
+  belongs_to :user
+  belongs_to :category
+  has_many :categories
+end
+
+class Category
+  include Mongoid::Document
+  belongs_to :user
+  belongs_to :project
+  has_many :projects
+end
+
+RSpec.configure do |config|
+  config.before do
+    user1 = User.create(id: 1, name: "User1") 
+    user2 = User.create(id: 2, name: "User2")
+
+    c = Category.create(project: Project.create(user: user2))
+
+    Project.create(user: user1, category: c)
+    Project.create(user: user2, category: c)
+  end
+
+  config.after do
+    User.delete_all
+    Project.delete_all
+    Category.delete_all
+  end
+end

metadata

@@ -0,0 +1,165 @@
+--- !ruby/object:Gem::Specification
+name: active_model_serializers_cancancan
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- GlebTv
+- Gordon L. Hempton
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-05-22 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: active_model_serializers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: cancancan
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mongoid
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0.beta1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 4.0.0.beta1
+description: 
+email:
+- glebtv@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".ruby-gemset"
+- ".ruby-version"
+- ".travis.yml"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- active_model_serializers_cancancan.gemspec
+- init.rb
+- lib/active_model_serializers/cancan.rb
+- lib/active_model_serializers/cancan/abilities.rb
+- lib/active_model_serializers/cancan/associations.rb
+- lib/active_model_serializers/cancan/helpers.rb
+- lib/active_model_serializers/cancan/monkeypatch.rb
+- lib/active_model_serializers/cancan/version.rb
+- lib/active_model_serializers_cancancan.rb
+- spec/active_model_serializers/cancan/abilities_spec.rb
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/glebtv/active_model_serializers_cancancan
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.2.2
+signing_key: 
+specification_version: 4
+summary: CanCanCan integration with Active Model Serializers
+test_files:
+- spec/active_model_serializers/cancan/abilities_spec.rb
+- spec/active_model_serializers/cancan/associations_spec.rb
+- spec/spec_helper.rb