databound 1.1.0 → 2.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: cba051b706bde49ff4b03cb1bd19bc6eefe5e80d
-  data.tar.gz: 242d8947ae63c6dc7493bece2f5bcaca287109f3
+  metadata.gz: 5ce2e285adc96c5f0b13cbd9cd589b9dadce846f
+  data.tar.gz: 6fab1b5aa84e5117d46f0a9814b22a16da8137f1
 SHA512:
-  metadata.gz: 13e7fced989080e8d64ff36329f92cfb0355947e2596bf5ce22e677d6cc2718e23ba867941512424a8682f8447d0b84bfc49dd5cf57464dc5199425af00a7149
-  data.tar.gz: fff50fcc18795b848f4c4f7ba172eb7681e2ac6589938312568659c5f13de5a3c26b2230a4c23f93fa364f711cb1681d9efd4ed3c54fc3dad4025f87b6c0be86
+  metadata.gz: 0a5ea8a940a8a532e8be042e8b8ce8bed21671dea38982e7487e1176def567787e6f9fa0015ba33e55f28c0001f11e5d92ae90e8d7e505b4bb8da35ad1d2b786
+  data.tar.gz: c2a0d1ff9b404a105b4c14090acc239fb46078d5313a18bd0f54049280f8df377e9de7622011b94e8a0870ca6c9bbbc481d02514aba1465cc25920a405edab62

data/lib/databound.rb

@@ -71,22 +71,7 @@ module Databound
   end
 
   def permitted_columns
-    # permit all by default
-    if mongoid?
-      model.fields.keys.map(&:to_sym)
-    elsif activerecord?
-      model.column_names
-    else
-      raise 'ORM not supported. Use ActiveRecord or Mongoid'
-    end
-  end
-
-  def mongoid?
-    defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
-  end
-
-  def activerecord?
-    defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
+    []
   end
 
   def init_crud

data/lib/databound/manager.rb

@@ -76,7 +76,39 @@ module Databound
     end
 
     def permitted_columns
-      @controller.send(:permitted_columns)
+      columns = @controller.send(:permitted_columns)
+
+      case columns
+      when :all
+        :all
+      when :table_columns
+        table_columns
+      else
+        columns
+      end
+    end
+
+    def table_columns
+      # permit all by default
+      if mongoid?
+        model.fields.keys.map(&:to_sym)
+      elsif activerecord?
+        model.column_names
+      else
+        raise 'ORM not supported. Use ActiveRecord or Mongoid'
+      end
+    end
+
+    def mongoid?
+      defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
+    end
+
+    def activerecord?
+      defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
+    end
+
+    def model
+      @controller.send(:model)
     end
 
     def scope_js

data/lib/databound/rails/routes.rb

@@ -2,11 +2,12 @@ class ActionDispatch::Routing::Mapper
   def databound(*resources)
     namespace = @scope[:path]
     namespace = namespace[1..-1] if namespace
+    opts = resources.pop if resources.last.is_a?(Hash)
 
     resources.each do |resource|
       Rails.application.routes.draw do
         controller = [namespace, resource].compact.join('/')
-        Databound::Utils.create_controller_unless_exists(controller, resource)
+        Databound::Utils.create_controller_unless_exists(controller, resource, opts)
 
         %i(where create update destroy).each do |name|
           path = [namespace, resource, name].compact.join('/')

data/lib/databound/utils.rb

@@ -1,6 +1,6 @@
 module Databound
   class Utils
-    def self.create_controller_unless_exists(path, resource)
+    def self.create_controller_unless_exists(path, resource, opts)
       return if exists?(path)
 
       controller = Class.new(ApplicationController)
@@ -8,6 +8,9 @@ module Databound
       controller.send(:define_method, :model) do
         resource.to_s.classify.constantize
       end
+      controller.send(:define_method, :permitted_columns) do
+        opts[:permitted_columns]
+      end
 
       Object.const_set(controller_name(path), controller)
     end

data/lib/databound/version.rb

@@ -1,3 +1,3 @@
 module Databound
-  VERSION = '1.1.0'
+  VERSION = '2.0.0'
 end

data/spec/controllers/permitted_routes_columns_controller_spec.rb

@@ -0,0 +1,98 @@
+require 'spec_helper'
+
+describe PostsController, type: :controller do
+  describe '#create' do
+    it 'raise when param is not permitted' do
+      data = {
+        data: {
+          description: 'Barcelona',
+        },
+        scope: {},
+      }
+
+      expect { post(:create, javascriptize(data)) }.to raise_error(
+        Databound::NotPermittedError,
+        'Request includes unpermitted columns: description',
+      )
+    end
+
+    it 'should create when param is permitted' do
+      data = {
+        data: {
+          title: 'Hello',
+        },
+        scope: {},
+      }
+
+      expect { post(:create, javascriptize(data)) }.not_to raise_error
+    end
+  end
+
+  describe '#update' do
+    before :each do
+      Post.create(title: 'Nikki')
+    end
+
+    it 'raise when param is not permitted' do
+      data = {
+        data: {
+          id: 1,
+          description: 'Barcelona',
+        },
+        scope: {},
+      }
+
+      expect { post(:update, javascriptize(data)) }.to raise_error(
+        Databound::NotPermittedError,
+        'Request includes unpermitted columns: description',
+      )
+    end
+
+    it 'should update when param is permitted' do
+      data = {
+        data: {
+          id: 1,
+          title: 'Hello',
+        },
+        scope: {},
+      }
+
+      expect { post(:update, javascriptize(data)) }.not_to raise_error
+    end
+  end
+
+  describe 'via scope' do
+    describe '#create' do
+      it 'should raise when not permitted' do
+        data = {
+          data: {
+            title: 'Hello',
+          },
+          scope: { description: 'Barcelona' },
+        }
+
+        expect { post(:create, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          'Request includes unpermitted columns: description',
+        )
+      end
+    end
+
+    describe '#update' do
+      it 'should raise when not permitted' do
+        Post.create(title: 'Hello', description: 'Barcelona')
+        data = {
+          data: {
+            title: 'Hello 2',
+          },
+          scope: { description: 'Barcelona 2' },
+        }
+
+        expect { post(:update, javascriptize(data)) }.to raise_error(
+          Databound::NotPermittedError,
+          'Request includes unpermitted columns: description',
+        )
+      end
+    end
+  end
+end

data/spec/internal/app/controllers/dsl_controller.rb

@@ -7,6 +7,10 @@ class DslController < ApplicationController
     User
   end
 
+  def permitted_columns
+    %i(name city)
+  end
+
   dsl(:city, :hottest) do
     'Miami'
   end

data/spec/internal/app/controllers/loose_dsl_controller.rb

@@ -3,6 +3,10 @@ class LooseDslController < ApplicationController
 
   private
 
+  def permitted_columns
+    %i(name city)
+  end
+
   def model
     User
   end

data/spec/internal/app/controllers/permit_update_destroy_controller.rb

@@ -3,6 +3,10 @@ class PermitUpdateDestroyController < ApplicationController
 
   private
 
+  def permitted_columns
+    %i(name city)
+  end
+
   def model
     Project
   end

data/spec/internal/app/controllers/users_controller.rb

@@ -6,4 +6,8 @@ class UsersController < ApplicationController
   def model
     User
   end
+
+  def permitted_columns
+    %i(name city)
+  end
 end

data/spec/internal/app/models/post.rb

@@ -0,0 +1,2 @@
+class Post < ActiveRecord::Base
+end

data/spec/internal/config/routes.rb

@@ -4,6 +4,7 @@ Rails.application.routes.draw do
   databound :permitted_columns
   databound :dsl
   databound :loose_dsl
-  databound :messages
+  databound :messages, permitted_columns: :table_columns
   databound :permit_update_destroy
+  databound :posts, permitted_columns: %i(title)
 end

data/spec/internal/db/schema.rb

@@ -16,4 +16,10 @@ ActiveRecord::Schema.define do
     t.integer :user_id
     t.timestamps
   end
+
+  create_table(:posts, force: true) do |t|
+    t.string :title
+    t.string :description
+    t.timestamps
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: databound
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Domas Bitvinskas
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-01-03 00:00:00.000000000 Z
+date: 2015-01-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec-rails
@@ -154,6 +154,7 @@ files:
 - spec/controllers/on_the_fly_spec.rb
 - spec/controllers/permit_update_destroy_controller_spec.rb
 - spec/controllers/permitted_columns_controller_spec.rb
+- spec/controllers/permitted_routes_columns_controller_spec.rb
 - spec/internal/app/controllers/application_controller.rb
 - spec/internal/app/controllers/dsl_controller.rb
 - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -162,6 +163,7 @@ files:
 - spec/internal/app/controllers/permitted_columns_controller.rb
 - spec/internal/app/controllers/users_controller.rb
 - spec/internal/app/models/message.rb
+- spec/internal/app/models/post.rb
 - spec/internal/app/models/project.rb
 - spec/internal/app/models/user.rb
 - spec/internal/config/database.yml
@@ -252,6 +254,7 @@ test_files:
 - spec/controllers/on_the_fly_spec.rb
 - spec/controllers/permit_update_destroy_controller_spec.rb
 - spec/controllers/permitted_columns_controller_spec.rb
+- spec/controllers/permitted_routes_columns_controller_spec.rb
 - spec/internal/app/controllers/application_controller.rb
 - spec/internal/app/controllers/dsl_controller.rb
 - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -260,6 +263,7 @@ test_files:
 - spec/internal/app/controllers/permitted_columns_controller.rb
 - spec/internal/app/controllers/users_controller.rb
 - spec/internal/app/models/message.rb
+- spec/internal/app/models/post.rb
 - spec/internal/app/models/project.rb
 - spec/internal/app/models/user.rb
 - spec/internal/config/database.yml