bullet_train-super_load_and_authorize_resource 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1a068f14f14c8f382a9d7b30d30dcf7ac89656d30f2b2e8279110e139a449f34
+  data.tar.gz: e80081fe8ea016f9418b072529a540b6282ff6c240b806871457f2f9189d23d7
+SHA512:
+  metadata.gz: '09989eceabb20cdc3ca223acade617e01628ad8ff5d31b29f07ddbb4bc6f50b1f25d2a982ed1d21601f7d8cdbe475e143956f9d10045bcdbdf06effe1fde7bb2'
+  data.tar.gz: d5f772ee16dabfcbbb6c8908480462ae7e3a251af528767ee1bab4c91782aa132281902d3724edb20f1a9e07170396bac66e741d6f85d14ceea3a14a5ccdc6e9

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2022 Andrew Culver
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,28 @@
+# BulletTrain::SuperLoadAndAuthorizeResource
+Short description and motivation.
+
+## Usage
+How to use my plugin.
+
+## Installation
+Add this line to your application's Gemfile:
+
+```ruby
+gem "bullet_train-super_load_and_authorize_resource"
+```
+
+And then execute:
+```bash
+$ bundle
+```
+
+Or install it yourself as:
+```bash
+$ gem install bullet_train-super_load_and_authorize_resource
+```
+
+## Contributing
+Contribution directions go here.
+
+## License
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/Rakefile

@@ -0,0 +1,8 @@
+require "bundler/setup"
+
+APP_RAKEFILE = File.expand_path("test/dummy/Rakefile", __dir__)
+load "rails/tasks/engine.rake"
+
+load "rails/tasks/statistics.rake"
+
+require "bundler/gem_tasks"

data/app/controllers/concerns/loads_and_authorizes_resource.rb

@@ -0,0 +1,189 @@
+module LoadsAndAuthorizesResource
+  extend ActiveSupport::Concern
+
+  included do
+    def regex_to_remove_controller_namespace
+      raise "This is a template method that needs to be implemented by controllers including LoadsAndAuthorizesResource."
+    end
+
+    def load_team
+      # Sometimes `@team` has already been populated by earlier `before_action` steps.
+      @team ||= @child_object&.team || @parent_object&.team
+
+      # Update current attributes.
+      Current.team = @team
+
+      # If the currently loaded team is saved to the database, make that the user's new current team.
+      if @team.try(:persisted?)
+        if can? :show, @team
+          current_user.update_column(:current_team_id, @team.id)
+        end
+      end
+    end
+
+    def self.model_namespace_from_controller_namespace
+      controller_class_name = regex_to_remove_controller_namespace ? name.gsub(regex_to_remove_controller_namespace, "") : name
+      namespace = controller_class_name.split("::")
+      # Remove "::ThingsController"
+      namespace.pop
+      namespace
+    end
+
+    # this is one of the few pieces of 'magical' functionality that bullet train implements
+    # for you in your controllers beyond that is provided by the underlying gems that we've
+    # tied together. we've taken the liberty of doing this because it's heavily based on
+    # cancancan's `load_and_authorize_resource` method, which is awesome, but it also
+    # implements a lot of the options required to make that method work very well for our
+    # controllers in the account namespace, including our shallow nested routes.
+    #
+    # there are also some complications that were introduced into this method by our support
+    # for namespaced models and controllers. (we introduced this complexity in support of
+    # namespacing our `Oauth::` models and controllers.)
+    #
+    # to help you understand the code below, usually `through` is `team`
+    # and `model` is something like `project`.
+    def self.account_load_and_authorize_resource(model, options, old_options = {})
+      # options are now required, because you have to have at least a 'through' setting.
+
+      # we used to support calling this method with a signature like this:
+      #
+      #   `account_load_and_authorize_resource [:oauth, :twitter_account], :team`
+      #
+      # however this abstraction was too short-sighted so we've updated this method to accept the exact same method
+      # signature as cancancan's original `load_and_authorize_resource` method.
+      if model.is_a?(Array)
+        raise "Bullet Train has depreciated this method of calling `account_load_and_authorize_resource`. Read the comments on this line of source for more details."
+      end
+
+      # this is providing backward compatibility for folks who are calling this method like this:
+      #   account_load_and_authorize_resource :thing, through: :team, through_association: :scaffolding_things
+      # i'm going to deprecate this at some point.
+      if options.is_a?(Hash)
+        through = options[:through]
+        options.delete(:through)
+      else
+        through = options
+        options = old_options
+      end
+
+      # fetch the namespace of the controller. this should generally match the namespace of the model, except for the
+      # `account` part.
+      namespace = model_namespace_from_controller_namespace
+
+      tried = []
+      begin
+        # check whether the parent exists in the model namespace.
+        model_class_name = (namespace + [model.to_s.classify]).join("::")
+        model_class_name.constantize
+      rescue NameError
+        tried << model_class_name
+        if namespace.any?
+          namespace.pop
+          retry
+        else
+          raise "Oh no, it looks like your call to 'account_load_and_authorize_resource' is broken. We tried #{tried.join(" and ")}, but didn't find a valid class name."
+        end
+      end
+
+      # treat through as an array even if the user only specified one parent type.
+      through_as_symbols = through.is_a?(Array) ? through : [through]
+
+      through = []
+      through_class_names = []
+
+      through_as_symbols.each do |through_as_symbol|
+        # reflect on the belongs_to association of the child model to figure out the class names of the parents.
+        unless (association = model_class_name.constantize.reflect_on_association(through_as_symbol))
+          raise "Oh no, it looks like your call to 'account_load_and_authorize_resource' is broken. Tried to reflect on the `#{through_as_symbol}` association of #{model_class_name}, but didn't find one."
+        end
+
+        through_class_name = association.klass.name
+
+        begin
+          through << through_class_name.constantize
+          through_class_names << through_class_name
+        rescue NameError
+          raise "Oh no, it looks like your call to 'account_load_and_authorize_resource' is broken. We tried to load `#{through_class_name}}` (the class name defined for the `#{through_as_symbol}` association), but couldn't find it."
+        end
+      end
+
+      if through_as_symbols.count > 1 && !options[:polymorphic]
+        raise "When a resource can be loaded through multiple parents, please specify the 'polymorphic' option to tell us what that controller calls the parent, e.g. `polymorphic: :imageable`."
+      end
+
+      # this provides the support we need for shallow nested resources, which
+      # helps keep our routes tidy even after many levels of nesting. most people
+      # i talk to don't actually know about this feature in rails, but it's
+      # actually the recommended approach in the rails routing documentation.
+      #
+      # also, similar to `load_and_authorize_resource`, people can pass in additional
+      # actions for which the resource should be loaded, but because we're making
+      # separate calls to `load_and_authorize_resource` for member and collection
+      # actions, we ask controllers to specify these actions separately, e.g.:
+      #   `account_load_and_authorize_resource :invitation, :team, member_actions: [:accept, :promote]`
+      collection_actions = options[:collection_actions] || []
+      member_actions = options[:member_actions] || []
+
+      # this option is native to cancancan and allows you to skip account_load_and_authorize_resource
+      # for a specific action that would otherwise run it (e.g. see invitations#show.)
+      except_actions = options[:except] || []
+
+      collection_actions = ([:index, :new, :create, :reorder] + collection_actions) - except_actions
+      member_actions = ([:show, :edit, :update, :destroy] + member_actions) - except_actions
+
+      options.delete(:collection_actions)
+      options.delete(:member_actions)
+
+      # NOTE: because we're using prepend for all of these, these are written in backwards order
+      # of how they'll be executed during a request!
+
+      # 4. finally, load the team and parent resource if we can.
+      prepend_before_action :load_team
+
+      # x. this and the thing below it are only here to make a sortable concern possible.
+      prepend_before_action only: member_actions do
+        instance_variable_name = options[:polymorphic] || through_as_symbols[0]
+        eval "@child_object = @#{model}"
+        eval "@parent_object = @#{instance_variable_name}"
+      end
+
+      prepend_before_action only: collection_actions do
+        instance_variable_name = options[:polymorphic] || through_as_symbols[0]
+        eval "@parent_object = @#{instance_variable_name}"
+        if options[:through_association].present?
+          eval "@child_collection = :#{options[:through_association]}"
+        else
+          eval "@child_collection = :#{model.to_s.pluralize}"
+        end
+      end
+
+      prepend_before_action only: member_actions do
+        instance_variable_name = options[:polymorphic] || through_as_symbols[0]
+        possible_sources_of_parent = through_as_symbols.map { |tas| "@#{model}.#{tas}" }.join(" || ")
+        eval_string = "@#{instance_variable_name} ||= " + possible_sources_of_parent
+        eval eval_string
+      end
+
+      if options[:polymorphic]
+        prepend_before_action only: collection_actions do
+          possible_sources_of_parent = through_as_symbols.map { |tas| "@#{tas}" }.join(" || ")
+          eval "@#{options[:polymorphic]} ||= #{possible_sources_of_parent}"
+        end
+      end
+
+      # 3. on action resource, we have a specific id for the child resource, so load it directly.
+      load_and_authorize_resource model, options.merge(class: model_class_name, only: member_actions, prepend: true, shallow: true)
+
+      # 2. only load the child resource through the parent resource for collection actions.
+      load_and_authorize_resource model, options.merge(class: model_class_name, through: through_as_symbols, only: collection_actions, prepend: true, shallow: true)
+
+      # 1. load the parent resource for collection actions only. (we're using shallow routes.)
+      # since a controller can have multiple potential parents, we have to run this as a loop on every possible
+      # parent. (the vast majority of controllers only have one parent.)
+
+      through_class_names.each_with_index do |through_class_name, index|
+        load_and_authorize_resource through_as_symbols[index], options.merge(class: through_class_name, only: collection_actions, prepend: true, shallow: true)
+      end
+    end
+  end
+end

data/config/routes.rb

@@ -0,0 +1,2 @@
+Rails.application.routes.draw do
+end

data/lib/bullet_train/super_load_and_authorize_resource/engine.rb

@@ -0,0 +1,6 @@
+module BulletTrain
+  module SuperLoadAndAuthorizeResource
+    class Engine < ::Rails::Engine
+    end
+  end
+end

data/lib/bullet_train/super_load_and_authorize_resource/version.rb

@@ -0,0 +1,5 @@
+module BulletTrain
+  module SuperLoadAndAuthorizeResource
+    VERSION = "1.0.0"
+  end
+end

data/lib/bullet_train/super_load_and_authorize_resource.rb

@@ -0,0 +1,8 @@
+require "bullet_train/super_load_and_authorize_resource/version"
+require "bullet_train/super_load_and_authorize_resource/engine"
+
+module BulletTrain
+  module SuperLoadAndAuthorizeResource
+    # Your code goes here...
+  end
+end

data/lib/tasks/bullet_train/super_load_and_authorize_resource_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :bullet_train_super_load_and_authorize_resource do
+#   # Task goes here
+# end

metadata

@@ -0,0 +1,69 @@
+--- !ruby/object:Gem::Specification
+name: bullet_train-super_load_and_authorize_resource
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Andrew Culver
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2022-01-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 7.0.0
+description: Bullet Train Super Load And Authorize Resource
+email:
+- andrew.culver@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- MIT-LICENSE
+- README.md
+- Rakefile
+- app/assets/config/bullet_train_super_load_and_authorize_resource_manifest.js
+- app/controllers/concerns/loads_and_authorizes_resource.rb
+- config/routes.rb
+- lib/bullet_train/super_load_and_authorize_resource.rb
+- lib/bullet_train/super_load_and_authorize_resource/engine.rb
+- lib/bullet_train/super_load_and_authorize_resource/version.rb
+- lib/tasks/bullet_train/super_load_and_authorize_resource_tasks.rake
+homepage: https://github.com/bullet-train-co/bullet_train-super_load_and_authorize_resource
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/bullet-train-co/bullet_train-super_load_and_authorize_resource
+  source_code_uri: https://github.com/bullet-train-co/bullet_train-super_load_and_authorize_resource
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key:
+specification_version: 4
+summary: Bullet Train Super Load And Authorize Resource
+test_files: []