databound 1.0.2 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -0
- data/lib/databound.rb +5 -0
- data/lib/databound/manager.rb +35 -9
- data/lib/databound/version.rb +1 -1
- data/spec/controllers/permit_update_destroy_controller_spec.rb +66 -0
- data/spec/internal/app/controllers/permit_update_destroy_controller.rb +13 -0
- data/spec/internal/app/models/project.rb +2 -0
- data/spec/internal/config/routes.rb +1 -0
- data/spec/internal/db/combustion_test.sqlite +0 -0
- data/spec/internal/db/schema.rb +6 -0
- metadata +7 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: cba051b706bde49ff4b03cb1bd19bc6eefe5e80d
|
4
|
+
data.tar.gz: 242d8947ae63c6dc7493bece2f5bcaca287109f3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 13e7fced989080e8d64ff36329f92cfb0355947e2596bf5ce22e677d6cc2718e23ba867941512424a8682f8447d0b84bfc49dd5cf57464dc5199425af00a7149
|
7
|
+
data.tar.gz: fff50fcc18795b848f4c4f7ba172eb7681e2ac6589938312568659c5f13de5a3c26b2230a4c23f93fa364f711cb1681d9efd4ed3c54fc3dad4025f87b6c0be86
|
data/.travis.yml
CHANGED
data/lib/databound.rb
CHANGED
@@ -100,6 +100,7 @@ module Databound
|
|
100
100
|
module ClassMethods
|
101
101
|
attr_reader :dsls
|
102
102
|
attr_reader :stricts
|
103
|
+
attr_reader :permit_update_destroy
|
103
104
|
|
104
105
|
def dsl(name, value, strict: true, &block)
|
105
106
|
@stricts ||= {}
|
@@ -109,5 +110,9 @@ module Databound
|
|
109
110
|
@dsls[name.to_s] ||= {}
|
110
111
|
@dsls[name.to_s][value.to_s] = block
|
111
112
|
end
|
113
|
+
|
114
|
+
def permit_update_destroy?(&block)
|
115
|
+
@permit_update_destroy = block
|
116
|
+
end
|
112
117
|
end
|
113
118
|
end
|
data/lib/databound/manager.rb
CHANGED
@@ -2,12 +2,8 @@ module Databound
|
|
2
2
|
class NotPermittedError < RuntimeError; end
|
3
3
|
class Manager
|
4
4
|
def initialize(controller)
|
5
|
-
@
|
6
|
-
@
|
7
|
-
|
8
|
-
scope_js = controller.params[:scope]
|
9
|
-
data_js = controller.params[:data]
|
10
|
-
extra_where_scopes_js = controller.params[:extra_where_scopes] || '[]'
|
5
|
+
@controller = controller
|
6
|
+
@model = @controller.send(:model)
|
11
7
|
|
12
8
|
@scope = Databound::Data.new(controller, scope_js)
|
13
9
|
@data = Databound::Data.new(controller, data_js).to_h
|
@@ -42,27 +38,57 @@ module Databound
|
|
42
38
|
|
43
39
|
check_params!
|
44
40
|
record = @model.find(id)
|
41
|
+
check_permit_update_destroy!(record)
|
45
42
|
record.update(@data)
|
46
43
|
|
47
44
|
record
|
48
45
|
end
|
49
46
|
|
50
47
|
def destroy_from_data
|
51
|
-
@model.find(@data['id'])
|
48
|
+
record = @model.find(@data['id'])
|
49
|
+
check_permit_update_destroy!(record)
|
50
|
+
record.destroy
|
52
51
|
end
|
53
52
|
|
54
53
|
private
|
55
54
|
|
56
55
|
def check_params!
|
57
|
-
return if
|
56
|
+
return if permitted_columns == :all
|
58
57
|
return if unpermitted_columns.empty?
|
59
58
|
|
60
59
|
raise NotPermittedError, "Request includes unpermitted columns: #{unpermitted_columns.join(', ')}"
|
61
60
|
end
|
62
61
|
|
62
|
+
def check_permit_update_destroy!(record)
|
63
|
+
return unless permit_update_destroy_block
|
64
|
+
return if permit_update_destroy_block.call(record)
|
65
|
+
|
66
|
+
raise NotPermittedError, 'Request for update or destroy not permitted'
|
67
|
+
end
|
68
|
+
|
69
|
+
def permit_update_destroy_block
|
70
|
+
@controller.class.permit_update_destroy
|
71
|
+
end
|
72
|
+
|
63
73
|
def unpermitted_columns
|
64
74
|
requested = [@scope, @data].map(&:to_h).flat_map(&:keys)
|
65
|
-
requested -
|
75
|
+
requested - permitted_columns.map(&:to_s)
|
76
|
+
end
|
77
|
+
|
78
|
+
def permitted_columns
|
79
|
+
@controller.send(:permitted_columns)
|
80
|
+
end
|
81
|
+
|
82
|
+
def scope_js
|
83
|
+
@controller.params[:scope]
|
84
|
+
end
|
85
|
+
|
86
|
+
def data_js
|
87
|
+
@controller.params[:data]
|
88
|
+
end
|
89
|
+
|
90
|
+
def extra_where_scopes_js
|
91
|
+
@controller.params[:extra_where_scopes] || '[]'
|
66
92
|
end
|
67
93
|
end
|
68
94
|
end
|
data/lib/databound/version.rb
CHANGED
@@ -0,0 +1,66 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe PermitUpdateDestroyController, type: :controller do
|
4
|
+
CURRENT_USER_ID = 1
|
5
|
+
|
6
|
+
before :each do
|
7
|
+
Project.create(city: 'LA', user_id: 5)
|
8
|
+
Project.create(city: 'LA', user_id: 1)
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '#update' do
|
12
|
+
it 'raise when scope is not permitted' do
|
13
|
+
data = {
|
14
|
+
data: {
|
15
|
+
id: 1,
|
16
|
+
city: 'Barcelona',
|
17
|
+
},
|
18
|
+
scope: {},
|
19
|
+
}
|
20
|
+
|
21
|
+
expect { post(:update, javascriptize(data)) }.to raise_error(
|
22
|
+
Databound::NotPermittedError,
|
23
|
+
'Request for update or destroy not permitted',
|
24
|
+
)
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'should update when param is permitted' do
|
28
|
+
data = {
|
29
|
+
data: {
|
30
|
+
id: 2,
|
31
|
+
city: 'Barcelona',
|
32
|
+
},
|
33
|
+
scope: {},
|
34
|
+
}
|
35
|
+
|
36
|
+
expect { post(:update, javascriptize(data)) }.not_to raise_error
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
describe '#destroy' do
|
41
|
+
it 'raise when scope is not permitted' do
|
42
|
+
data = {
|
43
|
+
data: {
|
44
|
+
id: 1,
|
45
|
+
},
|
46
|
+
scope: {},
|
47
|
+
}
|
48
|
+
|
49
|
+
expect { post(:destroy, javascriptize(data)) }.to raise_error(
|
50
|
+
Databound::NotPermittedError,
|
51
|
+
'Request for update or destroy not permitted',
|
52
|
+
)
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should destroy when param is permitted' do
|
56
|
+
data = {
|
57
|
+
data: {
|
58
|
+
id: 2,
|
59
|
+
},
|
60
|
+
scope: {},
|
61
|
+
}
|
62
|
+
|
63
|
+
expect { post(:destroy, javascriptize(data)) }.not_to raise_error
|
64
|
+
end
|
65
|
+
end
|
66
|
+
end
|
Binary file
|
data/spec/internal/db/schema.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: databound
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Domas Bitvinskas
|
@@ -152,14 +152,17 @@ files:
|
|
152
152
|
- spec/controllers/loose_dsl_controller_spec.rb
|
153
153
|
- spec/controllers/no_model_controller_spec.rb
|
154
154
|
- spec/controllers/on_the_fly_spec.rb
|
155
|
+
- spec/controllers/permit_update_destroy_controller_spec.rb
|
155
156
|
- spec/controllers/permitted_columns_controller_spec.rb
|
156
157
|
- spec/internal/app/controllers/application_controller.rb
|
157
158
|
- spec/internal/app/controllers/dsl_controller.rb
|
158
159
|
- spec/internal/app/controllers/loose_dsl_controller.rb
|
159
160
|
- spec/internal/app/controllers/no_model_controller.rb
|
161
|
+
- spec/internal/app/controllers/permit_update_destroy_controller.rb
|
160
162
|
- spec/internal/app/controllers/permitted_columns_controller.rb
|
161
163
|
- spec/internal/app/controllers/users_controller.rb
|
162
164
|
- spec/internal/app/models/message.rb
|
165
|
+
- spec/internal/app/models/project.rb
|
163
166
|
- spec/internal/app/models/user.rb
|
164
167
|
- spec/internal/config/database.yml
|
165
168
|
- spec/internal/config/routes.rb
|
@@ -247,14 +250,17 @@ test_files:
|
|
247
250
|
- spec/controllers/loose_dsl_controller_spec.rb
|
248
251
|
- spec/controllers/no_model_controller_spec.rb
|
249
252
|
- spec/controllers/on_the_fly_spec.rb
|
253
|
+
- spec/controllers/permit_update_destroy_controller_spec.rb
|
250
254
|
- spec/controllers/permitted_columns_controller_spec.rb
|
251
255
|
- spec/internal/app/controllers/application_controller.rb
|
252
256
|
- spec/internal/app/controllers/dsl_controller.rb
|
253
257
|
- spec/internal/app/controllers/loose_dsl_controller.rb
|
254
258
|
- spec/internal/app/controllers/no_model_controller.rb
|
259
|
+
- spec/internal/app/controllers/permit_update_destroy_controller.rb
|
255
260
|
- spec/internal/app/controllers/permitted_columns_controller.rb
|
256
261
|
- spec/internal/app/controllers/users_controller.rb
|
257
262
|
- spec/internal/app/models/message.rb
|
263
|
+
- spec/internal/app/models/project.rb
|
258
264
|
- spec/internal/app/models/user.rb
|
259
265
|
- spec/internal/config/database.yml
|
260
266
|
- spec/internal/config/routes.rb
|