databound 0.0.3

data/spec/controllers/dsl_controller_spec.rb

@@ -0,0 +1,177 @@
+require 'spec_helper'
+
+describe DslController, type: :controller do
+  describe '#create' do
+    describe 'strict' do
+      describe 'without data usage' do
+        before :each do
+          data = {
+            data: {
+              name: 'John',
+              city: 'hottest',
+            },
+            scope: {},
+            extra_find_scopes: [],
+          }
+
+          post(:create, javascriptize(data))
+        end
+
+        it 'responds consistently to js' do
+          expect(rubize(response)).to eq(success: true, id: 1)
+        end
+
+        it 'creates the record' do
+          user = User.find(1)
+          user_attributes = user.attributes.to_options
+
+          expect(user_attributes.slice(:id, :name, :city)).to eq(
+            id: 1,
+            name: 'John',
+            city: 'Miami',
+          )
+        end
+      end
+
+      describe 'with data usage' do
+        before :each do
+          data = {
+            data: {
+              name: 'John',
+              city: 'coldest',
+            },
+            scope: {},
+            extra_find_scopes: [],
+          }
+
+          post(:create, javascriptize(data))
+        end
+
+        it 'responds consistently to js' do
+          expect(rubize(response)).to eq(success: true, id: 1)
+        end
+
+        it 'creates the record' do
+          user = User.find(1)
+          user_attributes = user.attributes.to_options
+
+          expect(user_attributes.slice(:id, :name, :city)).to eq(
+            id: 1,
+            name: 'John',
+            city: 'Where John lives',
+          )
+        end
+      end
+    end
+
+    describe 'loose' do
+      it 'responds with error' do
+        data = {
+          data: {
+            name: 'John',
+            city: 'New York',
+          },
+          scope: {},
+          extra_find_scopes: [],
+        }
+
+        expect { post(:create, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          "DSL column 'city' received unmatched string 'New York'." \
+          " Use 'strict: false' in DSL definition to allow everything.",
+        )
+      end
+    end
+  end
+
+  describe '#update' do
+    describe 'strict' do
+      describe 'without data usage' do
+        before :each do
+          User.create(name: 'John', city: 'New York')
+
+          data = {
+            data: {
+              id: 1,
+              city: 'hottest',
+            },
+            scope: {},
+            extra_find_scopes: [],
+          }
+
+          post(:update, javascriptize(data))
+        end
+
+        it 'responds consistently to js' do
+          expect(rubize(response)).to eq(success: true, id: 1)
+        end
+
+        it 'updates the record' do
+          user = User.find(1)
+          user_attributes = user.attributes.to_options
+
+          expect(user_attributes.slice(:id, :name, :city)).to eq(
+            id: 1,
+            name: 'John',
+            city: 'Miami',
+          )
+        end
+      end
+
+      describe 'with data usage' do
+        before :each do
+          User.create(name: 'John', city: 'New York')
+
+          data = {
+            data: {
+              id: 1,
+              name: 'Peter',
+              city: 'coldest',
+            },
+            scope: {},
+            extra_find_scopes: [],
+          }
+
+          post(:update, javascriptize(data))
+        end
+
+        it 'responds consistently to js' do
+          expect(rubize(response)).to eq(success: true, id: 1)
+        end
+
+        it 'updates the record' do
+          user = User.find(1)
+          user_attributes = user.attributes.to_options
+
+          expect(user_attributes.slice(:id, :name, :city)).to eq(
+            id: 1,
+            name: 'Peter',
+            city: 'Where Peter lives',
+          )
+        end
+      end
+    end
+
+    describe 'loose' do
+      it 'responds with error' do
+        User.create(name: 'John', city: 'Los Angeles')
+
+        data = {
+          data: {
+            id: 1,
+            name: 'John',
+            city: 'New York',
+          },
+          scope: {},
+          extra_find_scopes: [],
+        }
+
+        expect { post(:create, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          "DSL column 'city' received unmatched string 'New York'." \
+          " Use 'strict: false' in DSL definition to allow everything.",
+        )
+      end
+    end
+  end
+end

data/spec/controllers/loose_dsl_controller_spec.rb

@@ -0,0 +1,127 @@
+require 'spec_helper'
+
+describe LooseDslController, type: :controller do
+  describe '#create strict' do
+    before :each do
+      data = {
+        data: {
+          name: 'John',
+          city: 'hottest',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      post(:create, javascriptize(data))
+    end
+
+    it 'responds consistently to js' do
+      expect(rubize(response)).to eq(success: true, id: 1)
+    end
+
+    it 'creates the record' do
+      user = User.find(1)
+      user_attributes = user.attributes.to_options
+
+      expect(user_attributes.slice(:id, :name, :city)).to eq(
+        id: 1,
+        name: 'John',
+        city: 'Miami',
+      )
+    end
+  end
+
+  describe '#create loose' do
+    before :each do
+      data = {
+        data: {
+          name: 'John',
+          city: 'New York',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      post(:create, javascriptize(data))
+    end
+
+    it 'responds consistently to js' do
+      expect(rubize(response)).to eq(success: true, id: 1)
+    end
+
+    it 'creates the record' do
+      user = User.find(1)
+      user_attributes = user.attributes.to_options
+
+      expect(user_attributes.slice(:id, :name, :city)).to eq(
+        id: 1,
+        name: 'John',
+        city: 'New York',
+      )
+    end
+  end
+
+  describe '#update strict' do
+    before :each do
+      User.create(name: 'John', city: 'New York')
+
+      data = {
+        data: {
+          id: 1,
+          city: 'hottest',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      post(:update, javascriptize(data))
+    end
+
+    it 'responds consistently to js' do
+      expect(rubize(response)).to eq(success: true, id: 1)
+    end
+
+    it 'updates the record' do
+      user = User.find(1)
+      user_attributes = user.attributes.to_options
+
+      expect(user_attributes.slice(:id, :name, :city)).to eq(
+        id: 1,
+        name: 'John',
+        city: 'Miami',
+      )
+    end
+  end
+
+  describe '#update loose' do
+    before :each do
+      User.create(name: 'John', city: 'New York')
+
+      data = {
+        data: {
+          id: 1,
+          city: 'Los Angeles',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      post(:update, javascriptize(data))
+    end
+
+    it 'responds consistently to js' do
+      expect(rubize(response)).to eq(success: true, id: 1)
+    end
+
+    it 'updates the record' do
+      user = User.find(1)
+      user_attributes = user.attributes.to_options
+
+      expect(user_attributes.slice(:id, :name, :city)).to eq(
+        id: 1,
+        name: 'John',
+        city: 'Los Angeles',
+      )
+    end
+  end
+end

data/spec/controllers/no_model_controller_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe NoModelController, type: :controller do
+  describe 'raise error' do
+    it 'when model is not defined' do
+      expect { post(:create) }.to raise_error(RuntimeError)
+    end
+  end
+end

data/spec/controllers/permitted_columns_controller_spec.rb

@@ -0,0 +1,104 @@
+require 'spec_helper'
+
+describe PermittedColumnsController, type: :controller do
+  describe '#create' do
+    it 'raise when param is not permitted' do
+      data = {
+        data: {
+          city: 'Barcelona',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      expect { post(:create, javascriptize(data)) }.to raise_error(
+        Databound::NotPermittedError,
+        'Request includes unpermitted columns: city',
+      )
+    end
+
+    it 'should create when param is permitted' do
+      data = {
+        data: {
+          name: 'Nikki',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      expect { post(:create, javascriptize(data)) }.not_to raise_error
+    end
+  end
+
+  describe '#update' do
+    before :each do
+      User.create(name: 'Nikki')
+    end
+
+    it 'raise when param is not permitted' do
+      data = {
+        data: {
+          id: 1,
+          city: 'Barcelona',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      expect { post(:update, javascriptize(data)) }.to raise_error(
+        Databound::NotPermittedError,
+        'Request includes unpermitted columns: city',
+      )
+    end
+
+    it 'should create when param is permitted' do
+      data = {
+        data: {
+          id: 1,
+          name: 'Nikki',
+        },
+        scope: {},
+        extra_find_scopes: [],
+      }
+
+      expect { post(:update, javascriptize(data)) }.not_to raise_error
+    end
+  end
+
+  describe 'via scope' do
+    describe '#create' do
+      it 'should raise when not permitted' do
+        data = {
+          data: {
+            name: 'Nikki',
+          },
+          scope: { city: 'Barcelona' },
+          extra_find_scopes: [],
+        }
+
+        expect { post(:create, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          'Request includes unpermitted columns: city',
+        )
+      end
+    end
+
+    describe '#update' do
+      it 'should raise when not permitted' do
+        User.create(name: 'Nikki', city: 'New York')
+        data = {
+          data: {
+            name: 'Nikki',
+          },
+          scope: { city: 'Barcelona' },
+          extra_find_scopes: [],
+        }
+
+        expect { post(:update, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          'Request includes unpermitted columns: city',
+        )
+      end
+    end
+  end
+end

data/spec/internal/app/controllers/application_controller.rb

@@ -0,0 +1,5 @@
+class ApplicationController < ActionController::Base
+  # Prevent CSRF attacks by raising an exception.
+  # For APIs, you may want to use :null_session instead.
+  protect_from_forgery with: :exception
+end

data/spec/internal/app/controllers/dsl_controller.rb

@@ -0,0 +1,17 @@
+class DslController < ApplicationController
+  include Databound
+
+  private
+
+  def model
+    User
+  end
+
+  dsl(:city, :hottest) do
+    'Miami'
+  end
+
+  dsl(:city, :coldest) do |params|
+    "Where #{params[:name]} lives"
+  end
+end

data/spec/internal/app/controllers/loose_dsl_controller.rb

@@ -0,0 +1,13 @@
+class LooseDslController < ApplicationController
+  include Databound
+
+  private
+
+  def model
+    User
+  end
+
+  dsl(:city, :hottest, strict: false) do
+    'Miami'
+  end
+end