heimdallr 1.0.1 → 1.0.2

data/LICENSE

@@ -1,19 +1,21 @@
-    Copyright (C) 2012  Peter Zotov <whitequark@whitequark.org>
+The MIT License
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy of
-    this software and associated documentation files (the "Software"), to deal in
-    the Software without restriction, including without limitation the rights to
-    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-    of the Software, and to permit persons to whom the Software is furnished to do
-    so, subject to the following conditions:
+Copyright (c) 2012 Round Lake, inc.
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
 
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -32,6 +32,7 @@ class Article < ActiveRecord::Base
       if record.try(:owner) == user
         can :view
         can :update, {
+          # each field may have validators that will allow update
           secrecy_level: { inclusion: { in: 0..4 } }
         }
       else
@@ -42,6 +43,7 @@ class Article < ActiveRecord::Base
       # ... and can create them with certain restrictions.
       can :create, %w(content)
       can :create, {
+        # each field may have fixed value that cannot be overridden
         owner_id:      user.id,
         secrecy_level: { inclusion: { in: 0..4 } }
       }
@@ -121,27 +123,15 @@ Compatibility
 
 Ruby 1.8 and ActiveRecord versions prior to 3.0 are not supported.
 
-Licensing
----------
+Credits
+-------
 
-    Copyright (C) 2012  Peter Zotov <whitequark@whitequark.org>
+<img src="http://roundlake.ru/assets/logo.png" align="right" />
 
-    Funded by Round Lake.
+* Peter Zotov ([@whitequark](http://twitter.com/#!/whitequark))
+* Boris Staal ([@_inossidabile](http://twitter.com/#!/_inossidabile))
 
-    Permission is hereby granted, free of charge, to any person obtaining a copy of
-    this software and associated documentation files (the "Software"), to deal in
-    the Software without restriction, including without limitation the rights to
-    use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-    of the Software, and to permit persons to whom the Software is furnished to do
-    so, subject to the following conditions:
+LICENSE
+-------
 
-    The above copyright notice and this permission notice shall be included in all
-    copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-    SOFTWARE.
+It is free software, and may be redistributed under the terms of MIT license.

data/heimdallr.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "heimdallr"
-  s.version     = "1.0.1"
+  s.version     = "1.0.2"
   s.authors     = ["Peter Zotov", "Boris Staal"]
   s.email       = ["whitequark@whitequark.org", "boris@roundlake.ru"]
   s.homepage    = "http://github.com/roundlake/heimdallr"

data/lib/heimdallr/proxy/collection.rb

@@ -21,11 +21,16 @@ module Heimdallr
       @restrictions = @scope.restrictions(context)
     end
 
-    # Collections cannot be restricted twice.
+    # Collections cannot be restricted with different context or options.
     #
+    # @return self
     # @raise [RuntimeError]
-    def restrict(*args)
-      raise RuntimeError, "Collections cannot be restricted twice"
+    def restrict(context, options=nil)
+      if @context == context && options.nil?
+        self
+      else
+        raise RuntimeError, "Heimdallr proxies cannot be restricted with nonmatching context or options"
+      end
     end
 
     # @private
@@ -208,7 +213,7 @@ module Heimdallr
 
     # Return the associated security metadata. The returned hash will contain keys
     # +:context+, +:scope+ and +:options+, corresponding to the parameters in
-    # {#initialize}, and +:model+, representing the model class.
+    # {#initialize}, +:model+ and +:restrictions+, representing the model class.
     #
     # Such a name was deliberately selected for this method in order to reduce namespace
     # pollution.
@@ -216,10 +221,11 @@ module Heimdallr
     # @return [Hash]
     def reflect_on_security
       {
-        model:   @scope,
-        context: @context,
-        scope:   @scope,
-        options: @options
+        model:        @scope,
+        context:      @context,
+        scope:        @scope,
+        options:      @options,
+        restrictions: @restrictions,
       }.merge(@restrictions.reflection)
     end
 

data/lib/heimdallr/proxy/record.rb

@@ -140,11 +140,16 @@ module Heimdallr
       @record.class.name
     end
 
-    # Records cannot be restricted twice.
+    # Records cannot be restricted with different context or options.
     #
+    # @return self
     # @raise [RuntimeError]
-    def restrict(context)
-      raise RuntimeError, "Records cannot be restricted twice"
+    def restrict(context, options=nil)
+      if @context == context && options.nil?
+        self
+      else
+        raise RuntimeError, "Heimdallr proxies cannot be restricted with nonmatching context or options"
+      end
     end
 
     # A whitelisting dispatcher for attribute-related method calls.
@@ -237,7 +242,7 @@ module Heimdallr
 
     # Return the associated security metadata. The returned hash will contain keys
     # +:context+, +:record+, +:options+, corresponding to the parameters in
-    # {#initialize}, and +:model+, representing the model class.
+    # {#initialize}, +:model+ and +:restrictions+, representing the model class.
     #
     # Such a name was deliberately selected for this method in order to reduce namespace
     # pollution.
@@ -245,10 +250,11 @@ module Heimdallr
     # @return [Hash]
     def reflect_on_security
       {
-        model:   @record.class,
-        context: @context,
-        record:  @record,
-        options: @options
+        model:        @record.class,
+        context:      @context,
+        record:       @record,
+        options:      @options,
+        restrictions: @restrictions,
       }.merge(@restrictions.reflection)
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: heimdallr
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.0.2
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-04-03 00:00:00.000000000 Z
+date: 2012-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70094345321720 !ruby/object:Gem::Requirement
+  requirement: &70206639185180 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70094345321720
+  version_requirements: *70206639185180
 - !ruby/object:Gem::Dependency
   name: activemodel
-  requirement: &70094345321100 !ruby/object:Gem::Requirement
+  requirement: &70206639184300 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +33,10 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70094345321100
+  version_requirements: *70206639184300
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70094345320640 !ruby/object:Gem::Requirement
+  requirement: &70206639183840 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +44,10 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70094345320640
+  version_requirements: *70206639183840
 - !ruby/object:Gem::Dependency
   name: activerecord
-  requirement: &70094345320060 !ruby/object:Gem::Requirement
+  requirement: &70206639183200 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,7 +55,7 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70094345320060
+  version_requirements: *70206639183200
 description: ! "Heimdallr aims to provide an easy to configure and efficient object-
   and field-level access\n control solution, reusing proven patterns from gems like
   CanCan and allowing one to manage permissions in a very\n fine-grained manner."