graph_starter 0.9.4 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e98f3c7ee6475a49cb99d72b761c13d3a790ff83
-  data.tar.gz: 70c586c7ab39e375eb2283835faa2ba534faa465
+  metadata.gz: c4f7f66052018dcf8a94121a654733fa97c9e1a1
+  data.tar.gz: d8f71d20a22f76534c4a2b40a1c21b6cf541c9cc
 SHA512:
-  metadata.gz: 32003ffb3bb3bbc43ab83e046b317332a7cda0a51342aef9e7223dbf947b3599576f197c5b5fc9ec0f7f69edcd364cf4143d0c2451150e8218990b32257ba112
-  data.tar.gz: 900d2853774e51b3bf0baad68387a137528f3bb394237460b7e9a00821aafa22814d887223336d814e6046d526df5b8641e2bed0bc571289924195d9a7fc260e
+  metadata.gz: 81cbae0034ccb63a95cfaaaba7deeb1f84a3ecaf4e1d092c365c263f5d9093dfb1fe087cd77b93f9473cde36c55567e0133b77a6463e598732a09f4d007b0f97
+  data.tar.gz: e7fa706ecb5071cc0fb6a6098e6d3a1c45d1e75a61b3107091b847e9a144ef1cb89a0d47581392b15dd822052e4af53cdc3944beb662bcdc5b1699a0d9280701

data/app/controllers/graph_starter/assets_controller.rb

@@ -49,18 +49,20 @@ module GraphStarter
                 scope
               end
 
-      asset_scope_filter ? asset_scope_filter.call(scope) : scope
+      scope
     end
 
     def show
       @asset = asset
 
-      View.record_view(@session_node,
-                       @asset,
-                       browser_string: request.env['HTTP_USER_AGENT'],
-                       ip_address: request.remote_ip)
-
-      render file: 'public/404.html', status: :not_found, layout: false if !@asset
+      if @asset
+        View.record_view(@session_node,
+                         @asset,
+                         browser_string: request.env['HTTP_USER_AGENT'],
+                         ip_address: request.remote_ip)
+      else
+        render file: 'public/404.html', status: :not_found, layout: false
+      end
     end
 
     def edit
@@ -114,24 +116,15 @@ module GraphStarter
     end
 
     def asset
-      model_class_scope.find(params[:id])
+      model_class_scope.where(uuid: params[:id]).to_a[0]
     end
 
     def model_class_scope(var = :asset)
-      #@model_class_scope = if defined?(current_user)
-      #  model_class.authorized_for(current_user)
-      #else
-      #  model_class.all(var)
-      #end
-
-      @model_class_scope ||= model_class.all(var)
-    end
-
-    private
-
-    def asset_scope_filter
-      GraphStarter.configuration.scope_filters[model_class.name.to_sym]
+      @model_class_scope ||= if defined?(current_user)
+        model_class.authorized_for(current_user)
+      else
+        model_class.all(var)
+      end
     end
-
   end
 end

data/app/models/graph_starter/asset.rb

@@ -303,17 +303,23 @@ module GraphStarter
     def self.authorized_for(user)
       require 'graph_starter/query_authorizer'
 
-      if category_association
-        ::GraphStarter::QueryAuthorizer.new(all(:asset).send(category_association, :category, nil, optional: true))
-          .authorized_query([:asset, :category], user)
-          .with('DISTINCT asset AS asset')
-          .proxy_as(self, :asset)
-      else
-        ::GraphStarter::QueryAuthorizer.new(all(:asset))
-          .authorized_query(:asset, user)
-          .with('DISTINCT asset AS asset')
-          .proxy_as(self, :asset)
-      end
+      query, associations = if category_associations.size > 0
+                              where_clause = category_associations.map do |association_name|
+                                category_association = self.associations[association_name]
+                                "(asset)#{category_association.arrow_cypher}(category:#{category_association.target_class})"
+                              end.join(' OR ')
+
+                              [all(:asset).query.optional_match(:category).where(where_clause),
+                               [:asset, :category]]
+                            else
+                              [all(:asset),
+                               :asset]
+                            end
+
+      ::GraphStarter::QueryAuthorizer.new(query, asset: GraphStarter.configuration.scope_filters[self.name.to_sym])
+        .authorized_query(associations, user)
+        .with('DISTINCT asset AS asset, level')
+        .proxy_as(self, :asset)
     end
 
     def self.authorized_properties(user)

data/config/routes.rb

@@ -24,7 +24,7 @@ GraphStarter::Engine.routes.draw do
 
   get ':model_slug/:id' => 'assets#show', as: :asset
   get ':model_slug/:id/edit' => 'assets#edit', as: :edit_asset
-  put ':model_slug/:id/rate/:new_rating' => 'assets#rate', as: :rate_asset
+  put ':model_slug/:id/rate(/:new_rating)' => 'assets#rate', as: :rate_asset
   get ':model_slug/search/:query.json' => 'assets#search', as: :search_assets
 
   get ':model_slug/:id/destroy' => 'assets#destroy', as: :destroy_asset

data/lib/graph_starter/query_authorizer.rb

@@ -4,10 +4,11 @@ module GraphStarter
     #  * a Query
     #  * a Proxy object
     #  * Anything that responds to #query where a `Query` is returned
-    def initialize(query_object)
+    def initialize(query_object, filter = nil)
       validate_query_object!(query_object)
 
       @query_object = query_object
+      @filter = filter
     end
 
     def authorized_pluck(variable, user)
@@ -57,7 +58,10 @@ module GraphStarter
 
     def authorized_user_query(query, user, variables, user_variable = :user)
       collect_levels_string = variables.flat_map do |variable|
-        ["CASE WHEN (user.admin OR #{variable}_created_rel IS NOT NULL) THEN 'write' WHEN NOT(#{variable}.private) THEN 'read' END",
+        filter = scope_filter(variable)
+
+        filter_string = filter ? ' AND ' + filter.call(variable) : ''
+        ["CASE WHEN (user.admin OR #{variable}_created_rel IS NOT NULL) THEN 'write' WHEN NOT(#{variable}.private) #{filter_string} THEN 'read' END",
          "#{variable}_direct_access_rel.level",
          "#{variable}_indirect_can_access_rel.level"]
       end.compact.join(', ')
@@ -71,6 +75,14 @@ module GraphStarter
         .with("collect([#{collect_levels_string}]) AS level_collections", *variables)
     end
 
+    def scope_filter(variable)
+      if @filter.is_a?(Hash)
+        @filter[variable.to_sym]
+      else
+        @filter
+      end
+    end
+
     def user_authorization_paths(variable, user_variable = :user)
       ["#{variable}<-[#{variable}_created_rel:CREATED]-#{user_variable}",
        "#{variable}<-[#{variable}_direct_access_rel:CAN_ACCESS]-#{user_variable}",

data/lib/graph_starter/version.rb

@@ -1,3 +1,3 @@
 module GraphStarter
-  VERSION = "0.9.4"
+  VERSION = "0.10.0"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: graph_starter
 version: !ruby/object:Gem::Version
-  version: 0.9.4
+  version: 0.10.0
 platform: ruby
 authors:
 - Brian Underwood
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-09 00:00:00.000000000 Z
+date: 2015-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails