databound 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cba051b706bde49ff4b03cb1bd19bc6eefe5e80d
4
- data.tar.gz: 242d8947ae63c6dc7493bece2f5bcaca287109f3
3
+ metadata.gz: 5ce2e285adc96c5f0b13cbd9cd589b9dadce846f
4
+ data.tar.gz: 6fab1b5aa84e5117d46f0a9814b22a16da8137f1
5
5
  SHA512:
6
- metadata.gz: 13e7fced989080e8d64ff36329f92cfb0355947e2596bf5ce22e677d6cc2718e23ba867941512424a8682f8447d0b84bfc49dd5cf57464dc5199425af00a7149
7
- data.tar.gz: fff50fcc18795b848f4c4f7ba172eb7681e2ac6589938312568659c5f13de5a3c26b2230a4c23f93fa364f711cb1681d9efd4ed3c54fc3dad4025f87b6c0be86
6
+ metadata.gz: 0a5ea8a940a8a532e8be042e8b8ce8bed21671dea38982e7487e1176def567787e6f9fa0015ba33e55f28c0001f11e5d92ae90e8d7e505b4bb8da35ad1d2b786
7
+ data.tar.gz: c2a0d1ff9b404a105b4c14090acc239fb46078d5313a18bd0f54049280f8df377e9de7622011b94e8a0870ca6c9bbbc481d02514aba1465cc25920a405edab62
data/lib/databound.rb CHANGED
@@ -71,22 +71,7 @@ module Databound
71
71
  end
72
72
 
73
73
  def permitted_columns
74
- # permit all by default
75
- if mongoid?
76
- model.fields.keys.map(&:to_sym)
77
- elsif activerecord?
78
- model.column_names
79
- else
80
- raise 'ORM not supported. Use ActiveRecord or Mongoid'
81
- end
82
- end
83
-
84
- def mongoid?
85
- defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
86
- end
87
-
88
- def activerecord?
89
- defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
74
+ []
90
75
  end
91
76
 
92
77
  def init_crud
@@ -76,7 +76,39 @@ module Databound
76
76
  end
77
77
 
78
78
  def permitted_columns
79
- @controller.send(:permitted_columns)
79
+ columns = @controller.send(:permitted_columns)
80
+
81
+ case columns
82
+ when :all
83
+ :all
84
+ when :table_columns
85
+ table_columns
86
+ else
87
+ columns
88
+ end
89
+ end
90
+
91
+ def table_columns
92
+ # permit all by default
93
+ if mongoid?
94
+ model.fields.keys.map(&:to_sym)
95
+ elsif activerecord?
96
+ model.column_names
97
+ else
98
+ raise 'ORM not supported. Use ActiveRecord or Mongoid'
99
+ end
100
+ end
101
+
102
+ def mongoid?
103
+ defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
104
+ end
105
+
106
+ def activerecord?
107
+ defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
108
+ end
109
+
110
+ def model
111
+ @controller.send(:model)
80
112
  end
81
113
 
82
114
  def scope_js
@@ -2,11 +2,12 @@ class ActionDispatch::Routing::Mapper
2
2
  def databound(*resources)
3
3
  namespace = @scope[:path]
4
4
  namespace = namespace[1..-1] if namespace
5
+ opts = resources.pop if resources.last.is_a?(Hash)
5
6
 
6
7
  resources.each do |resource|
7
8
  Rails.application.routes.draw do
8
9
  controller = [namespace, resource].compact.join('/')
9
- Databound::Utils.create_controller_unless_exists(controller, resource)
10
+ Databound::Utils.create_controller_unless_exists(controller, resource, opts)
10
11
 
11
12
  %i(where create update destroy).each do |name|
12
13
  path = [namespace, resource, name].compact.join('/')
@@ -1,6 +1,6 @@
1
1
  module Databound
2
2
  class Utils
3
- def self.create_controller_unless_exists(path, resource)
3
+ def self.create_controller_unless_exists(path, resource, opts)
4
4
  return if exists?(path)
5
5
 
6
6
  controller = Class.new(ApplicationController)
@@ -8,6 +8,9 @@ module Databound
8
8
  controller.send(:define_method, :model) do
9
9
  resource.to_s.classify.constantize
10
10
  end
11
+ controller.send(:define_method, :permitted_columns) do
12
+ opts[:permitted_columns]
13
+ end
11
14
 
12
15
  Object.const_set(controller_name(path), controller)
13
16
  end
@@ -1,3 +1,3 @@
1
1
  module Databound
2
- VERSION = '1.1.0'
2
+ VERSION = '2.0.0'
3
3
  end
@@ -0,0 +1,98 @@
1
+ require 'spec_helper'
2
+
3
+ describe PostsController, type: :controller do
4
+ describe '#create' do
5
+ it 'raise when param is not permitted' do
6
+ data = {
7
+ data: {
8
+ description: 'Barcelona',
9
+ },
10
+ scope: {},
11
+ }
12
+
13
+ expect { post(:create, javascriptize(data)) }.to raise_error(
14
+ Databound::NotPermittedError,
15
+ 'Request includes unpermitted columns: description',
16
+ )
17
+ end
18
+
19
+ it 'should create when param is permitted' do
20
+ data = {
21
+ data: {
22
+ title: 'Hello',
23
+ },
24
+ scope: {},
25
+ }
26
+
27
+ expect { post(:create, javascriptize(data)) }.not_to raise_error
28
+ end
29
+ end
30
+
31
+ describe '#update' do
32
+ before :each do
33
+ Post.create(title: 'Nikki')
34
+ end
35
+
36
+ it 'raise when param is not permitted' do
37
+ data = {
38
+ data: {
39
+ id: 1,
40
+ description: 'Barcelona',
41
+ },
42
+ scope: {},
43
+ }
44
+
45
+ expect { post(:update, javascriptize(data)) }.to raise_error(
46
+ Databound::NotPermittedError,
47
+ 'Request includes unpermitted columns: description',
48
+ )
49
+ end
50
+
51
+ it 'should update when param is permitted' do
52
+ data = {
53
+ data: {
54
+ id: 1,
55
+ title: 'Hello',
56
+ },
57
+ scope: {},
58
+ }
59
+
60
+ expect { post(:update, javascriptize(data)) }.not_to raise_error
61
+ end
62
+ end
63
+
64
+ describe 'via scope' do
65
+ describe '#create' do
66
+ it 'should raise when not permitted' do
67
+ data = {
68
+ data: {
69
+ title: 'Hello',
70
+ },
71
+ scope: { description: 'Barcelona' },
72
+ }
73
+
74
+ expect { post(:create, javascriptize(data)) }.to raise_error(
75
+ Databound::NotPermittedError,
76
+ 'Request includes unpermitted columns: description',
77
+ )
78
+ end
79
+ end
80
+
81
+ describe '#update' do
82
+ it 'should raise when not permitted' do
83
+ Post.create(title: 'Hello', description: 'Barcelona')
84
+ data = {
85
+ data: {
86
+ title: 'Hello 2',
87
+ },
88
+ scope: { description: 'Barcelona 2' },
89
+ }
90
+
91
+ expect { post(:update, javascriptize(data)) }.to raise_error(
92
+ Databound::NotPermittedError,
93
+ 'Request includes unpermitted columns: description',
94
+ )
95
+ end
96
+ end
97
+ end
98
+ end
@@ -7,6 +7,10 @@ class DslController < ApplicationController
7
7
  User
8
8
  end
9
9
 
10
+ def permitted_columns
11
+ %i(name city)
12
+ end
13
+
10
14
  dsl(:city, :hottest) do
11
15
  'Miami'
12
16
  end
@@ -3,6 +3,10 @@ class LooseDslController < ApplicationController
3
3
 
4
4
  private
5
5
 
6
+ def permitted_columns
7
+ %i(name city)
8
+ end
9
+
6
10
  def model
7
11
  User
8
12
  end
@@ -3,6 +3,10 @@ class PermitUpdateDestroyController < ApplicationController
3
3
 
4
4
  private
5
5
 
6
+ def permitted_columns
7
+ %i(name city)
8
+ end
9
+
6
10
  def model
7
11
  Project
8
12
  end
@@ -6,4 +6,8 @@ class UsersController < ApplicationController
6
6
  def model
7
7
  User
8
8
  end
9
+
10
+ def permitted_columns
11
+ %i(name city)
12
+ end
9
13
  end
@@ -0,0 +1,2 @@
1
+ class Post < ActiveRecord::Base
2
+ end
@@ -4,6 +4,7 @@ Rails.application.routes.draw do
4
4
  databound :permitted_columns
5
5
  databound :dsl
6
6
  databound :loose_dsl
7
- databound :messages
7
+ databound :messages, permitted_columns: :table_columns
8
8
  databound :permit_update_destroy
9
+ databound :posts, permitted_columns: %i(title)
9
10
  end
@@ -16,4 +16,10 @@ ActiveRecord::Schema.define do
16
16
  t.integer :user_id
17
17
  t.timestamps
18
18
  end
19
+
20
+ create_table(:posts, force: true) do |t|
21
+ t.string :title
22
+ t.string :description
23
+ t.timestamps
24
+ end
19
25
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: databound
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Domas Bitvinskas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-03 00:00:00.000000000 Z
11
+ date: 2015-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec-rails
@@ -154,6 +154,7 @@ files:
154
154
  - spec/controllers/on_the_fly_spec.rb
155
155
  - spec/controllers/permit_update_destroy_controller_spec.rb
156
156
  - spec/controllers/permitted_columns_controller_spec.rb
157
+ - spec/controllers/permitted_routes_columns_controller_spec.rb
157
158
  - spec/internal/app/controllers/application_controller.rb
158
159
  - spec/internal/app/controllers/dsl_controller.rb
159
160
  - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -162,6 +163,7 @@ files:
162
163
  - spec/internal/app/controllers/permitted_columns_controller.rb
163
164
  - spec/internal/app/controllers/users_controller.rb
164
165
  - spec/internal/app/models/message.rb
166
+ - spec/internal/app/models/post.rb
165
167
  - spec/internal/app/models/project.rb
166
168
  - spec/internal/app/models/user.rb
167
169
  - spec/internal/config/database.yml
@@ -252,6 +254,7 @@ test_files:
252
254
  - spec/controllers/on_the_fly_spec.rb
253
255
  - spec/controllers/permit_update_destroy_controller_spec.rb
254
256
  - spec/controllers/permitted_columns_controller_spec.rb
257
+ - spec/controllers/permitted_routes_columns_controller_spec.rb
255
258
  - spec/internal/app/controllers/application_controller.rb
256
259
  - spec/internal/app/controllers/dsl_controller.rb
257
260
  - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -260,6 +263,7 @@ test_files:
260
263
  - spec/internal/app/controllers/permitted_columns_controller.rb
261
264
  - spec/internal/app/controllers/users_controller.rb
262
265
  - spec/internal/app/models/message.rb
266
+ - spec/internal/app/models/post.rb
263
267
  - spec/internal/app/models/project.rb
264
268
  - spec/internal/app/models/user.rb
265
269
  - spec/internal/config/database.yml