alfred 0.0.1 → 0.0.2

data/.travis.yml

@@ -1 +1,4 @@
-rvm: 1.9.2
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - ruby-head

data/README.textile

@@ -0,0 +1,120 @@
+h1. Alfred - the unobtrusive butler who takes care of the uninvited guests "!https://secure.travis-ci.org/parcydo/alfred.png?branch=master!":http://travis-ci.org/parcydo/alfred
+
+Travis is an attempt to create an open-source, distributed build system for the Ruby community that:
+
+1. allows open-source projects to register their repository and have their test-suites run on demand
+2. allows users to contribute build capacities by connecting a VM that runs a build agent somewhere on their underused servers
+
+h2. Contact
+* "Github":http://github.com/parcydo
+* "Twitter":http://twitter.com/parcydo
+
+h2. Documentation
+
+* "Wiki":http://github.com/parcydo/alfred/wiki
+* "YARD":http://rdoc.info/github/parcydo/alfred
+
+h2. Preview
+
+h3. Without Alfred, and with much mess:
+
+<pre>
+# app/models/user.rb
+class User < ActiveRecord::Base
+  attr_accessible :email, :password, :password_confirmation
+  attr_accessible :email, :password, :password_confirmation, :username, as: :admin
+  attr_accessible :email, :password, :password_confirmation, :username, as: :on_create
+end
+</pre>
+
+Have to use a special role:
+
+<pre>
+# app/controllers/users_controlelr.rb
+class UsersController < ApplicationController
+  def create
+    @user = User.create(params[:user], as: :on_create)
+  end
+end
+</pre>
+
+h3. With Alfred and no hassles:
+
+<pre>
+# app/models/user.rb
+class User < ActiveRecord::Base
+  alfred_accessible :email, :password
+  alfred_accessible :username, as: :admin
+  alfred_accessible :username, on: :create
+end
+</pre>
+
+Nothing special here:
+
+<pre>
+# app/controllers/users_controlelr.rb
+class UsersController < ApplicationController
+  def create
+    @user = User.create(params[:user])
+  end
+end
+</pre>
+
+h2. Usage
+
+alfred_accessible and alfred_protected behaves just like attr_accessible and attr_protected on steroids.
+
+h3. accessible and protected
+
+<pre>
+  class User < ActiveRecord::Base
+    alfred_accessible :a, :b
+    alfred_protected :c, :d
+  end
+</pre>
+
+h3. roles
+
+Custom inherits from default role:
+
+<pre>
+  class User < ActiveRecord::Base
+    alfred_accessible :a, :b
+    alfred_accessible :c, :d, as: :custom
+  end
+</pre>
+
+h3. custom inheritance
+
+<pre>
+  class User < ActiveRecord::Base
+    alfred_accessible :a, :b
+    alfred_accessible :c, :d, as: :custom
+    alfred_accessible :e, :f, as: :custom2, inherit: :custom
+  end
+</pre>
+
+h3. events
+
+<pre>
+  class User < ActiveRecord::Base
+    alfred_accessible :a, :b
+    alfred_accessible :c, :d, on: :create
+    alfred_accessible :e, :f, on: :update
+  end
+</pre>
+
+h3. passwords
+
+password_confirmation will automatically added by default.
+
+<pre>
+  class User < ActiveRecord::Base
+    alfred_accessible :password
+  end
+</pre>
+
+h2. Requirements
+
+* Ruby 1.9.2 (Ruby 1.9.1 is not supported).
+* Rails 3.1.x (Rails 3.0.x is not supported).

data/alfred.gemspec

@@ -13,7 +13,8 @@ Gem::Specification.new do |s|
 
   s.rubyforge_project = "alfred"
 
-  s.add_dependency "rails", "~> 3.1.0.rc"
+  s.add_dependency "rails", ">= 3.1.0"
+  s.add_development_dependency "activemodel"
   s.add_development_dependency "activerecord"
   s.add_development_dependency "rr"
   s.add_development_dependency "rspec"
@@ -22,4 +23,4 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
-end
+end

data/lib/alfred.rb

@@ -1,8 +1,6 @@
 require 'rails'
 
 module Alfred
-  autoload :Models, 'alfred/models'
-
   # Automaticly add password_confirmation if password exists.
   mattr_accessor :auto_password_confirmation
   @@auto_password_confirmation = true
@@ -15,4 +13,5 @@ module Alfred
 end
 
 require 'alfred/engine'
+require 'alfred/mass_assignment_security'
 require 'alfred/orm/active_record' if defined?(ActiveRecord)

data/lib/alfred/mass_assignment_security.rb

@@ -0,0 +1,150 @@
+require 'active_model'
+
+module Alfred
+  module ActiveModel
+    module MassAssignmentSecurity
+      module ClassMethods
+        # Attributes named in this macro are protected from mass-assignment
+        # whenever attributes are sanitized before assignment. A role for the
+        # attributes is optional, if no role is provided then :default is used.
+        # A role can be defined by using the :as option.
+        #
+        # Mass-assignment to these attributes will simply be ignored, to assign
+        # to them you can use direct writer methods. This is meant to protect
+        # sensitive attributes from being overwritten by malicious users
+        # tampering with URLs or forms. Example:
+        #
+        #   class Customer
+        #     include ActiveModel::MassAssignmentSecurity
+        #     extend Alfred::ActiveModel::MassAssignmentSecurity
+        #
+        #     attr_accessor :name, :credit_rating
+        #
+        #     alfred_protected :credit_rating
+        #     alfred_protected :last_login, as: :trainee
+        #
+        #     def assign_attributes(values, options = {})
+        #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
+        #         send("#{k}=", v)
+        #       end
+        #     end
+        #   end
+        #
+        # When using the :default role :
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ name: "Daniel", credit_rating: "Excellent", last_login: 1.day.ago }, as: :default)
+        #   customer.name          # => "Daniel"
+        #   customer.credit_rating # => nil
+        #   customer.last_login    # => nil
+        #
+        #   customer.credit_rating = "Average"
+        #   customer.credit_rating # => "Average"
+        #
+        # And using the :admin role :
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ name: "Daniel", credit_rating: "Excellent", last_login: 1.day.ago }, as: :trainee)
+        #   customer.name          # => "Daniel"
+        #   customer.credit_rating # => "Excellent"
+        #   customer.last_login    # => nil
+        #
+        # To start from an all-closed default and enable attributes as needed,
+        # have a look at +alfred_accessible+.
+        #
+        # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +alfred_protected+
+        # to sanitize attributes won't provide sufficient protection.
+        def alfred_protected(*args)
+          alfred(:protected, *args)
+        end
+
+        # Specifies a white list of model attributes that can be set via
+        # mass-assignment.
+        #
+        # Like +alfred_protected+, a role for the attributes is optional,
+        # if no role is provided then :default is used. A role can be defined by
+        # using the :as option.
+        #
+        # This is the opposite of the +alfred_protected+ macro: Mass-assignment
+        # will only set attributes in this list, to assign to the rest of
+        # attributes you can use direct writer methods. This is meant to protect
+        # sensitive attributes from being overwritten by malicious users
+        # tampering with URLs or forms. If you'd rather start from an all-open
+        # default and restrict attributes as needed, have a look at
+        # +alfred_protected+.
+        #
+        #   class Customer
+        #     include ActiveModel::MassAssignmentSecurity
+        #     extend Alfred::ActiveModel::MassAssignmentSecurity
+        #
+        #     attr_accessor :name, :credit_rating
+        #
+        #     alfred_accessible :name
+        #     alfred_accessible :credit_rating, as: :admin
+        #
+        #     def assign_attributes(values, options = {})
+        #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
+        #         send("#{k}=", v)
+        #       end
+        #     end
+        #   end
+        #
+        # When using the :default role :
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ name: "Daniel", credit_rating: "Excellent", last_login: 1.day.ago }, as: :default)
+        #   customer.name          # => "Daniel"
+        #   customer.credit_rating # => nil
+        #
+        #   customer.credit_rating = "Average"
+        #   customer.credit_rating # => "Average"
+        #
+        # And using the :admin role :
+        #
+        #   customer = Customer.new
+        #   customer.assign_attributes({ name: "Daniel", credit_rating: "Excellent", last_login: 1.day.ago }, as: :admin)
+        #   customer.name          # => "Daniel"
+        #   customer.credit_rating # => "Excellent"
+        #
+        # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +alfred_accessible+
+        # to sanitize attributes won't provide sufficient protection.
+        def alfred_accessible(*args)
+          alfred(:accessible, *args)
+        end
+
+        private
+        def alfred(method, *args)
+          options = args.extract_options!
+
+          if args.include?(:password) && Alfred.auto_password_confirmation
+            args = args + [:password_confirmation]
+          end
+
+          [nil, :create, :update].each do |action|
+            if options[:on]
+              next unless options[:on] == action
+            end
+
+            action_args = args.dup
+
+            role = (options[:as] || :default).to_s
+            role << "_#{action}" if action
+            role = role.to_sym
+
+            action_args = action_args + [{ as: role }]
+
+            action_args = action_args + send("#{method}_attributes", role).to_a.compact.reject { |s| s.blank? }
+
+            send("attr_#{method}", *action_args)
+          end
+        end
+      end
+
+      include ClassMethods
+    end
+  end
+end
+
+module ActiveModel::MassAssignmentSecurity::ClassMethods
+  include Alfred::ActiveModel::MassAssignmentSecurity
+end

data/lib/alfred/orm/active_record.rb

@@ -1,3 +1,32 @@
 require 'active_record'
 
-ActiveRecord::Base.extend Alfred::Models
+module Alfred
+  module ActiveRecord
+    module Base
+      def assign_attributes(new_attributes, options = {})
+        role = (options[:as] || :default).to_s
+        role << "_#{options[:action]}" if options[:action]
+
+        options[:as] = role.to_sym
+
+        super
+      end
+
+      def initialize(attributes = nil, options = {})
+        options[:action] = :create
+
+        super
+      end
+
+      def update_attributes(attributes, options = {})
+        options[:action] = :update
+
+        super
+      end
+    end
+  end
+end
+
+class ActiveRecord::Base
+  include Alfred::ActiveRecord::Base
+end

data/lib/alfred/version.rb

@@ -1,3 +1,3 @@
 module Alfred
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: alfred
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,22 +9,43 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-08-11 00:00:00.000000000Z
+date: 2012-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
-  requirement: &70320733483060 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
-    - - ~>
+    - - ! '>='
       - !ruby/object:Gem::Version
-        version: 3.1.0.rc
+        version: 3.1.0
   type: :runtime
   prerelease: false
-  version_requirements: *70320733483060
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activerecord
-  requirement: &70320733482640 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +53,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70320733482640
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rr
-  requirement: &70320733482180 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,10 +69,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70320733482180
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70320733481760 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -54,7 +85,12 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70320733481760
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Alfred provides better attr_accessor handling on your application.
 email:
 - daniel.spangenberg@parcydo.com
@@ -64,16 +100,16 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rspec
-- .rvmrc
 - .travis.yml
 - Gemfile
+- README.textile
 - Rakefile
 - alfred.gemspec
 - lib/alfred.rb
 - lib/alfred/engine.rb
 - lib/alfred/generators/alfred/install_generator.rb
 - lib/alfred/generators/templates/alfred.rb
-- lib/alfred/models.rb
+- lib/alfred/mass_assignment_security.rb
 - lib/alfred/orm/active_record.rb
 - lib/alfred/version.rb
 - spec/models_spec.rb
@@ -98,7 +134,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: alfred
-rubygems_version: 1.8.8
+rubygems_version: 1.8.21
 signing_key: 
 specification_version: 3
 summary: Alfred is the unobtrusive butler who takes care of the uninvited guests.

data/.rvmrc

@@ -1 +0,0 @@
-rvm 1.9.2@alfred --create

data/lib/alfred/models.rb

@@ -1,53 +0,0 @@
-module Alfred
-  module Models
-    def alfred_accessible(*args)
-      alfred(:accessible, *args)
-    end
-
-    def alfred_protected(*args)
-      alfred(:protected, *args)
-    end
-
-  private
-
-    def alfred(method, *args)
-      options = args.extract_options!
-
-      if options[:as]
-        if method == :accessible
-          args = args + accessible_attributes(options[:inherit] || :default).to_a
-        else
-          args = args + protected_attributes(options[:inherit] || :default).to_a
-        end
-        args = args + [{ as: options[:as] }]
-      end
-
-      if args.include?(:password) && Alfred.auto_password_confirmation
-        args = args + [:password_confirmation]
-      end
-
-      if options[:on] && [:create, :update].include?(options[:on])
-        if options[:on] == :create
-          before = :before_create
-        else
-          before = :before_update
-        end
-        if method == :accessible
-          self.class.send(:define_method, before) do
-            attr_accessible(*args)
-          end
-        else
-          self.class.send(:define_method, before) do
-            attr_protected(*args)
-          end
-        end
-      else
-        if method == :accessible
-          attr_accessible(*args)
-        else
-          attr_protected(*args)
-        end
-      end      
-    end
-  end
-end