databound 1.1.0 → 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: cba051b706bde49ff4b03cb1bd19bc6eefe5e80d
4
- data.tar.gz: 242d8947ae63c6dc7493bece2f5bcaca287109f3
3
+ metadata.gz: 5ce2e285adc96c5f0b13cbd9cd589b9dadce846f
4
+ data.tar.gz: 6fab1b5aa84e5117d46f0a9814b22a16da8137f1
5
5
  SHA512:
6
- metadata.gz: 13e7fced989080e8d64ff36329f92cfb0355947e2596bf5ce22e677d6cc2718e23ba867941512424a8682f8447d0b84bfc49dd5cf57464dc5199425af00a7149
7
- data.tar.gz: fff50fcc18795b848f4c4f7ba172eb7681e2ac6589938312568659c5f13de5a3c26b2230a4c23f93fa364f711cb1681d9efd4ed3c54fc3dad4025f87b6c0be86
6
+ metadata.gz: 0a5ea8a940a8a532e8be042e8b8ce8bed21671dea38982e7487e1176def567787e6f9fa0015ba33e55f28c0001f11e5d92ae90e8d7e505b4bb8da35ad1d2b786
7
+ data.tar.gz: c2a0d1ff9b404a105b4c14090acc239fb46078d5313a18bd0f54049280f8df377e9de7622011b94e8a0870ca6c9bbbc481d02514aba1465cc25920a405edab62
data/lib/databound.rb CHANGED
@@ -71,22 +71,7 @@ module Databound
71
71
  end
72
72
 
73
73
  def permitted_columns
74
- # permit all by default
75
- if mongoid?
76
- model.fields.keys.map(&:to_sym)
77
- elsif activerecord?
78
- model.column_names
79
- else
80
- raise 'ORM not supported. Use ActiveRecord or Mongoid'
81
- end
82
- end
83
-
84
- def mongoid?
85
- defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
86
- end
87
-
88
- def activerecord?
89
- defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
74
+ []
90
75
  end
91
76
 
92
77
  def init_crud
@@ -76,7 +76,39 @@ module Databound
76
76
  end
77
77
 
78
78
  def permitted_columns
79
- @controller.send(:permitted_columns)
79
+ columns = @controller.send(:permitted_columns)
80
+
81
+ case columns
82
+ when :all
83
+ :all
84
+ when :table_columns
85
+ table_columns
86
+ else
87
+ columns
88
+ end
89
+ end
90
+
91
+ def table_columns
92
+ # permit all by default
93
+ if mongoid?
94
+ model.fields.keys.map(&:to_sym)
95
+ elsif activerecord?
96
+ model.column_names
97
+ else
98
+ raise 'ORM not supported. Use ActiveRecord or Mongoid'
99
+ end
100
+ end
101
+
102
+ def mongoid?
103
+ defined?(Moigoid) and model.ancestors.include?(Mongoid::Document)
104
+ end
105
+
106
+ def activerecord?
107
+ defined?(ActiveRecord) and model.ancestors.include?(ActiveRecord::Base)
108
+ end
109
+
110
+ def model
111
+ @controller.send(:model)
80
112
  end
81
113
 
82
114
  def scope_js
@@ -2,11 +2,12 @@ class ActionDispatch::Routing::Mapper
2
2
  def databound(*resources)
3
3
  namespace = @scope[:path]
4
4
  namespace = namespace[1..-1] if namespace
5
+ opts = resources.pop if resources.last.is_a?(Hash)
5
6
 
6
7
  resources.each do |resource|
7
8
  Rails.application.routes.draw do
8
9
  controller = [namespace, resource].compact.join('/')
9
- Databound::Utils.create_controller_unless_exists(controller, resource)
10
+ Databound::Utils.create_controller_unless_exists(controller, resource, opts)
10
11
 
11
12
  %i(where create update destroy).each do |name|
12
13
  path = [namespace, resource, name].compact.join('/')
@@ -1,6 +1,6 @@
1
1
  module Databound
2
2
  class Utils
3
- def self.create_controller_unless_exists(path, resource)
3
+ def self.create_controller_unless_exists(path, resource, opts)
4
4
  return if exists?(path)
5
5
 
6
6
  controller = Class.new(ApplicationController)
@@ -8,6 +8,9 @@ module Databound
8
8
  controller.send(:define_method, :model) do
9
9
  resource.to_s.classify.constantize
10
10
  end
11
+ controller.send(:define_method, :permitted_columns) do
12
+ opts[:permitted_columns]
13
+ end
11
14
 
12
15
  Object.const_set(controller_name(path), controller)
13
16
  end
@@ -1,3 +1,3 @@
1
1
  module Databound
2
- VERSION = '1.1.0'
2
+ VERSION = '2.0.0'
3
3
  end
@@ -0,0 +1,98 @@
1
+ require 'spec_helper'
2
+
3
+ describe PostsController, type: :controller do
4
+ describe '#create' do
5
+ it 'raise when param is not permitted' do
6
+ data = {
7
+ data: {
8
+ description: 'Barcelona',
9
+ },
10
+ scope: {},
11
+ }
12
+
13
+ expect { post(:create, javascriptize(data)) }.to raise_error(
14
+ Databound::NotPermittedError,
15
+ 'Request includes unpermitted columns: description',
16
+ )
17
+ end
18
+
19
+ it 'should create when param is permitted' do
20
+ data = {
21
+ data: {
22
+ title: 'Hello',
23
+ },
24
+ scope: {},
25
+ }
26
+
27
+ expect { post(:create, javascriptize(data)) }.not_to raise_error
28
+ end
29
+ end
30
+
31
+ describe '#update' do
32
+ before :each do
33
+ Post.create(title: 'Nikki')
34
+ end
35
+
36
+ it 'raise when param is not permitted' do
37
+ data = {
38
+ data: {
39
+ id: 1,
40
+ description: 'Barcelona',
41
+ },
42
+ scope: {},
43
+ }
44
+
45
+ expect { post(:update, javascriptize(data)) }.to raise_error(
46
+ Databound::NotPermittedError,
47
+ 'Request includes unpermitted columns: description',
48
+ )
49
+ end
50
+
51
+ it 'should update when param is permitted' do
52
+ data = {
53
+ data: {
54
+ id: 1,
55
+ title: 'Hello',
56
+ },
57
+ scope: {},
58
+ }
59
+
60
+ expect { post(:update, javascriptize(data)) }.not_to raise_error
61
+ end
62
+ end
63
+
64
+ describe 'via scope' do
65
+ describe '#create' do
66
+ it 'should raise when not permitted' do
67
+ data = {
68
+ data: {
69
+ title: 'Hello',
70
+ },
71
+ scope: { description: 'Barcelona' },
72
+ }
73
+
74
+ expect { post(:create, javascriptize(data)) }.to raise_error(
75
+ Databound::NotPermittedError,
76
+ 'Request includes unpermitted columns: description',
77
+ )
78
+ end
79
+ end
80
+
81
+ describe '#update' do
82
+ it 'should raise when not permitted' do
83
+ Post.create(title: 'Hello', description: 'Barcelona')
84
+ data = {
85
+ data: {
86
+ title: 'Hello 2',
87
+ },
88
+ scope: { description: 'Barcelona 2' },
89
+ }
90
+
91
+ expect { post(:update, javascriptize(data)) }.to raise_error(
92
+ Databound::NotPermittedError,
93
+ 'Request includes unpermitted columns: description',
94
+ )
95
+ end
96
+ end
97
+ end
98
+ end
@@ -7,6 +7,10 @@ class DslController < ApplicationController
7
7
  User
8
8
  end
9
9
 
10
+ def permitted_columns
11
+ %i(name city)
12
+ end
13
+
10
14
  dsl(:city, :hottest) do
11
15
  'Miami'
12
16
  end
@@ -3,6 +3,10 @@ class LooseDslController < ApplicationController
3
3
 
4
4
  private
5
5
 
6
+ def permitted_columns
7
+ %i(name city)
8
+ end
9
+
6
10
  def model
7
11
  User
8
12
  end
@@ -3,6 +3,10 @@ class PermitUpdateDestroyController < ApplicationController
3
3
 
4
4
  private
5
5
 
6
+ def permitted_columns
7
+ %i(name city)
8
+ end
9
+
6
10
  def model
7
11
  Project
8
12
  end
@@ -6,4 +6,8 @@ class UsersController < ApplicationController
6
6
  def model
7
7
  User
8
8
  end
9
+
10
+ def permitted_columns
11
+ %i(name city)
12
+ end
9
13
  end
@@ -0,0 +1,2 @@
1
+ class Post < ActiveRecord::Base
2
+ end
@@ -4,6 +4,7 @@ Rails.application.routes.draw do
4
4
  databound :permitted_columns
5
5
  databound :dsl
6
6
  databound :loose_dsl
7
- databound :messages
7
+ databound :messages, permitted_columns: :table_columns
8
8
  databound :permit_update_destroy
9
+ databound :posts, permitted_columns: %i(title)
9
10
  end
@@ -16,4 +16,10 @@ ActiveRecord::Schema.define do
16
16
  t.integer :user_id
17
17
  t.timestamps
18
18
  end
19
+
20
+ create_table(:posts, force: true) do |t|
21
+ t.string :title
22
+ t.string :description
23
+ t.timestamps
24
+ end
19
25
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: databound
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0
4
+ version: 2.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Domas Bitvinskas
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-01-03 00:00:00.000000000 Z
11
+ date: 2015-01-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rspec-rails
@@ -154,6 +154,7 @@ files:
154
154
  - spec/controllers/on_the_fly_spec.rb
155
155
  - spec/controllers/permit_update_destroy_controller_spec.rb
156
156
  - spec/controllers/permitted_columns_controller_spec.rb
157
+ - spec/controllers/permitted_routes_columns_controller_spec.rb
157
158
  - spec/internal/app/controllers/application_controller.rb
158
159
  - spec/internal/app/controllers/dsl_controller.rb
159
160
  - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -162,6 +163,7 @@ files:
162
163
  - spec/internal/app/controllers/permitted_columns_controller.rb
163
164
  - spec/internal/app/controllers/users_controller.rb
164
165
  - spec/internal/app/models/message.rb
166
+ - spec/internal/app/models/post.rb
165
167
  - spec/internal/app/models/project.rb
166
168
  - spec/internal/app/models/user.rb
167
169
  - spec/internal/config/database.yml
@@ -252,6 +254,7 @@ test_files:
252
254
  - spec/controllers/on_the_fly_spec.rb
253
255
  - spec/controllers/permit_update_destroy_controller_spec.rb
254
256
  - spec/controllers/permitted_columns_controller_spec.rb
257
+ - spec/controllers/permitted_routes_columns_controller_spec.rb
255
258
  - spec/internal/app/controllers/application_controller.rb
256
259
  - spec/internal/app/controllers/dsl_controller.rb
257
260
  - spec/internal/app/controllers/loose_dsl_controller.rb
@@ -260,6 +263,7 @@ test_files:
260
263
  - spec/internal/app/controllers/permitted_columns_controller.rb
261
264
  - spec/internal/app/controllers/users_controller.rb
262
265
  - spec/internal/app/models/message.rb
266
+ - spec/internal/app/models/post.rb
263
267
  - spec/internal/app/models/project.rb
264
268
  - spec/internal/app/models/user.rb
265
269
  - spec/internal/config/database.yml