databound 1.1.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/databound.rb +1 -16
- data/lib/databound/manager.rb +33 -1
- data/lib/databound/rails/routes.rb +2 -1
- data/lib/databound/utils.rb +4 -1
- data/lib/databound/version.rb +1 -1
- data/spec/controllers/permitted_routes_columns_controller_spec.rb +98 -0
- data/spec/internal/app/controllers/dsl_controller.rb +4 -0
- data/spec/internal/app/controllers/loose_dsl_controller.rb +4 -0
- data/spec/internal/app/controllers/permit_update_destroy_controller.rb +4 -0
- data/spec/internal/app/controllers/users_controller.rb +4 -0
- data/spec/internal/app/models/post.rb +2 -0
- data/spec/internal/config/routes.rb +2 -1
- data/spec/internal/db/combustion_test.sqlite +0 -0
- data/spec/internal/db/schema.rb +6 -0
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5ce2e285adc96c5f0b13cbd9cd589b9dadce846f
|
4
|
+
data.tar.gz: 6fab1b5aa84e5117d46f0a9814b22a16da8137f1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 0a5ea8a940a8a532e8be042e8b8ce8bed21671dea38982e7487e1176def567787e6f9fa0015ba33e55f28c0001f11e5d92ae90e8d7e505b4bb8da35ad1d2b786
|
7
|
+
data.tar.gz: c2a0d1ff9b404a105b4c14090acc239fb46078d5313a18bd0f54049280f8df377e9de7622011b94e8a0870ca6c9bbbc481d02514aba1465cc25920a405edab62
|
data/lib/databound.rb
CHANGED
@@ -71,22 +71,7 @@ module Databound
|
|
71
71
|
end
|
72
72
|
|
73
73
|
def permitted_columns
|
74
|
-
|
75
|
-
if mongoid?
|
76
|
-
model.fields.keys.map(&:to_sym)
|
77
|
-
elsif activerecord?
|
78
|
-
model.column_names
|
79
|
-
else
|
80
|
-
raise 'ORM not supported. Use ActiveRecord or Mongoid'
|
81
|
-
end
|
82
|
-
end
|
83
|
-
|
84
|
-
def mongoid?
|
85
|
-
defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
|
86
|
-
end
|
87
|
-
|
88
|
-
def activerecord?
|
89
|
-
defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
|
74
|
+
[]
|
90
75
|
end
|
91
76
|
|
92
77
|
def init_crud
|
data/lib/databound/manager.rb
CHANGED
@@ -76,7 +76,39 @@ module Databound
|
|
76
76
|
end
|
77
77
|
|
78
78
|
def permitted_columns
|
79
|
-
@controller.send(:permitted_columns)
|
79
|
+
columns = @controller.send(:permitted_columns)
|
80
|
+
|
81
|
+
case columns
|
82
|
+
when :all
|
83
|
+
:all
|
84
|
+
when :table_columns
|
85
|
+
table_columns
|
86
|
+
else
|
87
|
+
columns
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def table_columns
|
92
|
+
# permit all by default
|
93
|
+
if mongoid?
|
94
|
+
model.fields.keys.map(&:to_sym)
|
95
|
+
elsif activerecord?
|
96
|
+
model.column_names
|
97
|
+
else
|
98
|
+
raise 'ORM not supported. Use ActiveRecord or Mongoid'
|
99
|
+
end
|
100
|
+
end
|
101
|
+
|
102
|
+
def mongoid?
|
103
|
+
defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
|
104
|
+
end
|
105
|
+
|
106
|
+
def activerecord?
|
107
|
+
defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
|
108
|
+
end
|
109
|
+
|
110
|
+
def model
|
111
|
+
@controller.send(:model)
|
80
112
|
end
|
81
113
|
|
82
114
|
def scope_js
|
@@ -2,11 +2,12 @@ class ActionDispatch::Routing::Mapper
|
|
2
2
|
def databound(*resources)
|
3
3
|
namespace = @scope[:path]
|
4
4
|
namespace = namespace[1..-1] if namespace
|
5
|
+
opts = resources.pop if resources.last.is_a?(Hash)
|
5
6
|
|
6
7
|
resources.each do |resource|
|
7
8
|
Rails.application.routes.draw do
|
8
9
|
controller = [namespace, resource].compact.join('/')
|
9
|
-
Databound::Utils.create_controller_unless_exists(controller, resource)
|
10
|
+
Databound::Utils.create_controller_unless_exists(controller, resource, opts)
|
10
11
|
|
11
12
|
%i(where create update destroy).each do |name|
|
12
13
|
path = [namespace, resource, name].compact.join('/')
|
data/lib/databound/utils.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
module Databound
|
2
2
|
class Utils
|
3
|
-
def self.create_controller_unless_exists(path, resource)
|
3
|
+
def self.create_controller_unless_exists(path, resource, opts)
|
4
4
|
return if exists?(path)
|
5
5
|
|
6
6
|
controller = Class.new(ApplicationController)
|
@@ -8,6 +8,9 @@ module Databound
|
|
8
8
|
controller.send(:define_method, :model) do
|
9
9
|
resource.to_s.classify.constantize
|
10
10
|
end
|
11
|
+
controller.send(:define_method, :permitted_columns) do
|
12
|
+
opts[:permitted_columns]
|
13
|
+
end
|
11
14
|
|
12
15
|
Object.const_set(controller_name(path), controller)
|
13
16
|
end
|
data/lib/databound/version.rb
CHANGED
@@ -0,0 +1,98 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe PostsController, type: :controller do
|
4
|
+
describe '#create' do
|
5
|
+
it 'raise when param is not permitted' do
|
6
|
+
data = {
|
7
|
+
data: {
|
8
|
+
description: 'Barcelona',
|
9
|
+
},
|
10
|
+
scope: {},
|
11
|
+
}
|
12
|
+
|
13
|
+
expect { post(:create, javascriptize(data)) }.to raise_error(
|
14
|
+
Databound::NotPermittedError,
|
15
|
+
'Request includes unpermitted columns: description',
|
16
|
+
)
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'should create when param is permitted' do
|
20
|
+
data = {
|
21
|
+
data: {
|
22
|
+
title: 'Hello',
|
23
|
+
},
|
24
|
+
scope: {},
|
25
|
+
}
|
26
|
+
|
27
|
+
expect { post(:create, javascriptize(data)) }.not_to raise_error
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
describe '#update' do
|
32
|
+
before :each do
|
33
|
+
Post.create(title: 'Nikki')
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'raise when param is not permitted' do
|
37
|
+
data = {
|
38
|
+
data: {
|
39
|
+
id: 1,
|
40
|
+
description: 'Barcelona',
|
41
|
+
},
|
42
|
+
scope: {},
|
43
|
+
}
|
44
|
+
|
45
|
+
expect { post(:update, javascriptize(data)) }.to raise_error(
|
46
|
+
Databound::NotPermittedError,
|
47
|
+
'Request includes unpermitted columns: description',
|
48
|
+
)
|
49
|
+
end
|
50
|
+
|
51
|
+
it 'should update when param is permitted' do
|
52
|
+
data = {
|
53
|
+
data: {
|
54
|
+
id: 1,
|
55
|
+
title: 'Hello',
|
56
|
+
},
|
57
|
+
scope: {},
|
58
|
+
}
|
59
|
+
|
60
|
+
expect { post(:update, javascriptize(data)) }.not_to raise_error
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
describe 'via scope' do
|
65
|
+
describe '#create' do
|
66
|
+
it 'should raise when not permitted' do
|
67
|
+
data = {
|
68
|
+
data: {
|
69
|
+
title: 'Hello',
|
70
|
+
},
|
71
|
+
scope: { description: 'Barcelona' },
|
72
|
+
}
|
73
|
+
|
74
|
+
expect { post(:create, javascriptize(data)) }.to raise_error(
|
75
|
+
Databound::NotPermittedError,
|
76
|
+
'Request includes unpermitted columns: description',
|
77
|
+
)
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
describe '#update' do
|
82
|
+
it 'should raise when not permitted' do
|
83
|
+
Post.create(title: 'Hello', description: 'Barcelona')
|
84
|
+
data = {
|
85
|
+
data: {
|
86
|
+
title: 'Hello 2',
|
87
|
+
},
|
88
|
+
scope: { description: 'Barcelona 2' },
|
89
|
+
}
|
90
|
+
|
91
|
+
expect { post(:update, javascriptize(data)) }.to raise_error(
|
92
|
+
Databound::NotPermittedError,
|
93
|
+
'Request includes unpermitted columns: description',
|
94
|
+
)
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
end
|
@@ -4,6 +4,7 @@ Rails.application.routes.draw do
|
|
4
4
|
databound :permitted_columns
|
5
5
|
databound :dsl
|
6
6
|
databound :loose_dsl
|
7
|
-
databound :messages
|
7
|
+
databound :messages, permitted_columns: :table_columns
|
8
8
|
databound :permit_update_destroy
|
9
|
+
databound :posts, permitted_columns: %i(title)
|
9
10
|
end
|
Binary file
|
data/spec/internal/db/schema.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: databound
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 2.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Domas Bitvinskas
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-01-
|
11
|
+
date: 2015-01-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rspec-rails
|
@@ -154,6 +154,7 @@ files:
|
|
154
154
|
- spec/controllers/on_the_fly_spec.rb
|
155
155
|
- spec/controllers/permit_update_destroy_controller_spec.rb
|
156
156
|
- spec/controllers/permitted_columns_controller_spec.rb
|
157
|
+
- spec/controllers/permitted_routes_columns_controller_spec.rb
|
157
158
|
- spec/internal/app/controllers/application_controller.rb
|
158
159
|
- spec/internal/app/controllers/dsl_controller.rb
|
159
160
|
- spec/internal/app/controllers/loose_dsl_controller.rb
|
@@ -162,6 +163,7 @@ files:
|
|
162
163
|
- spec/internal/app/controllers/permitted_columns_controller.rb
|
163
164
|
- spec/internal/app/controllers/users_controller.rb
|
164
165
|
- spec/internal/app/models/message.rb
|
166
|
+
- spec/internal/app/models/post.rb
|
165
167
|
- spec/internal/app/models/project.rb
|
166
168
|
- spec/internal/app/models/user.rb
|
167
169
|
- spec/internal/config/database.yml
|
@@ -252,6 +254,7 @@ test_files:
|
|
252
254
|
- spec/controllers/on_the_fly_spec.rb
|
253
255
|
- spec/controllers/permit_update_destroy_controller_spec.rb
|
254
256
|
- spec/controllers/permitted_columns_controller_spec.rb
|
257
|
+
- spec/controllers/permitted_routes_columns_controller_spec.rb
|
255
258
|
- spec/internal/app/controllers/application_controller.rb
|
256
259
|
- spec/internal/app/controllers/dsl_controller.rb
|
257
260
|
- spec/internal/app/controllers/loose_dsl_controller.rb
|
@@ -260,6 +263,7 @@ test_files:
|
|
260
263
|
- spec/internal/app/controllers/permitted_columns_controller.rb
|
261
264
|
- spec/internal/app/controllers/users_controller.rb
|
262
265
|
- spec/internal/app/models/message.rb
|
266
|
+
- spec/internal/app/models/post.rb
|
263
267
|
- spec/internal/app/models/project.rb
|
264
268
|
- spec/internal/app/models/user.rb
|
265
269
|
- spec/internal/config/database.yml
|