databound 3.0.1 → 3.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/databound.rb +2 -1
- data/lib/databound/manager.rb +18 -11
- data/lib/databound/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8322326585649558acc1ed2eb32b33d482e98cbd
|
4
|
+
data.tar.gz: fd4b49ed1dcde4d599c1dddcdf330ee7e74ff46d
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1d7652796be05f0dc3e95494f5094329332f433c276610b480a4fd61085d189a8e2b39482b5f9b5e5bfc41cd7c6bc59fcf969e3c88747f7657d5225ebf1cb2a6
|
7
|
+
data.tar.gz: db5a2949024d7a5958cbdb1941ba3dde1f16183886344fbdf0f47a29ff500e204d7e0e71c98df98dc753be8772c107dc249b8373065aa248c8f594759467dc99
|
data/lib/databound.rb
CHANGED
data/lib/databound/manager.rb
CHANGED
@@ -14,16 +14,19 @@ module Databound
|
|
14
14
|
|
15
15
|
def find_scoped_records(only_extra_scopes: false)
|
16
16
|
records = model.where(or_query(@scope, *@extra_where_scopes))
|
17
|
-
records = filter_by_params!(records) unless only_extra_scopes
|
18
17
|
|
19
|
-
|
18
|
+
unless only_extra_scopes
|
19
|
+
records = filter_by_params!(records)
|
20
|
+
check_permit!(:read, records)
|
21
|
+
end
|
22
|
+
|
20
23
|
records
|
21
24
|
end
|
22
25
|
|
23
26
|
def create_from_data
|
24
27
|
check_params!(:create)
|
25
28
|
record = model.new(params.to_h)
|
26
|
-
check_permit!(:create,
|
29
|
+
check_permit!(:create, record)
|
27
30
|
|
28
31
|
record.save
|
29
32
|
record
|
@@ -35,7 +38,7 @@ module Databound
|
|
35
38
|
|
36
39
|
check_params!(:update)
|
37
40
|
record = model.find(id)
|
38
|
-
check_permit!(:update,
|
41
|
+
check_permit!(:update, record)
|
39
42
|
|
40
43
|
record.update(attributes)
|
41
44
|
record
|
@@ -43,10 +46,18 @@ module Databound
|
|
43
46
|
|
44
47
|
def destroy_from_data
|
45
48
|
record = model.find(params.id)
|
46
|
-
check_permit!(:destroy,
|
49
|
+
check_permit!(:destroy, record)
|
47
50
|
record.destroy
|
48
51
|
end
|
49
52
|
|
53
|
+
def action_allowed?(method, record)
|
54
|
+
permit_checks = @controller.databound_config.read(:permit)
|
55
|
+
check = permit_checks[method]
|
56
|
+
return true unless check
|
57
|
+
|
58
|
+
@controller.instance_exec(params, record, &check)
|
59
|
+
end
|
60
|
+
|
50
61
|
private
|
51
62
|
|
52
63
|
def or_query(*scopes)
|
@@ -67,12 +78,8 @@ module Databound
|
|
67
78
|
raise NotPermittedError, "Request includes unpermitted columns: #{unpermitted_columns.join(', ')}"
|
68
79
|
end
|
69
80
|
|
70
|
-
def check_permit!(method,
|
71
|
-
|
72
|
-
check = permit_checks[method]
|
73
|
-
|
74
|
-
return unless check
|
75
|
-
return if @controller.instance_exec(params, record, &check)
|
81
|
+
def check_permit!(method, record)
|
82
|
+
return if action_allowed?(method, record)
|
76
83
|
|
77
84
|
raise NotPermittedError, "Request for #{method} not permitted"
|
78
85
|
end
|
data/lib/databound/version.rb
CHANGED