hyper-mesh 1.0.0.lap23 → 1.0.0.lap24

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0dd51d3374de90e1a070483b1c3db8fd002376dcede0a581e8bddf295605357f
-  data.tar.gz: 374199c45836ce94e38ca0e4a7c82477ac21bf56c37b14294b4c1fff199dd7f8
+  metadata.gz: f71958166fcd1ea5b7b054c460a431f45ebae9389098d3046e805a38225235d6
+  data.tar.gz: 9bcf2cb4090bc56920db979d5e016fdcfa450497c375b8487efa8e94e73da837
 SHA512:
-  metadata.gz: d56429c6e9b76916a9368b1e56550a1e3fa116224703e400160e1fb8f6ec84361cf8560c3d48b0d1ffd3bbd143e7427bc5d8d60fb325d9c9fd8ccd6f5a3f1192
-  data.tar.gz: 3cdbcc9c488c9ddccb962ff1991b2c0c797bb59d772a59d0ef5237e5e1939afa56b7b8664d0285edf4391bbef9ffd1a290aac54150265ade8699a5ac2d6aa429
+  metadata.gz: 59e3c865aa085a2a16ee573d8dcd147d0dc96d91e04fa4799e29e3dc80cce5aba5801e837686a612c2ac72b15f42a21767c8250695552a882c24fd1bdd34fb41
+  data.tar.gz: aaa9fb686b480a3ad322e835fa7f8a95a13e37f4a508a374c94aa75585f12f03eb5053f4d33c819269a09f8864f27d67ed639f7146992e96f2c89555307e6d9a

data/DOCS.md

@@ -617,6 +617,7 @@ Pusher.app_id = "MY_TEST_ID"      # you use the real or fake values
 Pusher.key =    "MY_TEST_KEY"
 Pusher.secret = "MY_TEST_SECRET"
 # The next line actually starts the pusher-fake server (see the Pusher-Fake readme for details.)
+# it is important this require be AFTER the above settings, as it will use these
 require 'pusher-fake/support/base' # if using pusher with rspec change this to pusher-fake/support/rspec
 # now copy over the credentials, and merge with PusherFake's config details
 Hyperloop.configuration do |config|

data/Rakefile

@@ -4,7 +4,7 @@ require "rspec/core/rake_task"
 
 
 task :spec do
-  (1..5).each { |batch| Rake::Task["spec:batch#{batch}"].invoke }
+  (1..6).each { |batch| Rake::Task["spec:batch#{batch}"].invoke }
 end
 
 namespace :spec do
@@ -12,7 +12,7 @@ namespace :spec do
     sh %{bundle update}
     sh %{cd spec/test_app; bundle update; bundle exec rails db:setup} # may need ;bundle exec rails db:setup as well
   end
-  (1..5).each do |batch|
+  (1..6).each do |batch|
     RSpec::Core::RakeTask.new(:"batch#{batch}") do |t|
       t.pattern = "spec/batch#{batch}/**/*_spec.rb"
     end

data/hyper-mesh.gemspec

@@ -25,8 +25,6 @@ Gem::Specification.new do |spec|
   spec.test_files     = `git ls-files -- {spec}/*`.split("\n")
   spec.require_paths  = ['lib']
 
-  spec.post_install_message = "\033[0;31;1mhyper-mesh #{Hypermesh::VERSION} is in development and has known security issues! Not recommended for production use!\033[0;30;21m"
-
   spec.add_dependency 'activerecord', '>= 4.0.0'
   spec.add_dependency 'hyper-component', Hypermesh::VERSION
   spec.add_dependency 'hyper-operation', Hypermesh::VERSION
@@ -65,4 +63,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'timecop', '~> 0.8.1'
   spec.add_development_dependency 'unparser'
   spec.add_development_dependency 'pry'
+  spec.add_development_dependency 'pry-rescue'
 end

data/lib/active_record_base.rb

@@ -1,131 +1,293 @@
+# Monkey patches to ActiveRecord for scoping, security, and to synchronize models
 module ActiveRecord
-  # ActiveRecord monkey patches
-  # 1 - Setup synchronization after commits
-  # 2 - Update scope to accept different procs for server and client
+  # hyperloop adds new features to scopes to allow for computing scopes on client side
+  # and for hinting at what joins are involved in a scope.  _synchromesh_scope_args_check
+  # processes these arguments, and the will always leave the true server side scoping
+  # proc in the `:server` opts.   This method is common to client and server.
   class Base
-
-    class << self
-
-      def _synchromesh_scope_args_check(args)
-        opts = if args.count == 2 && args[1].is_a?(Hash)
-                 args[1].merge(server: args[0])
-               elsif args[0].is_a? Hash
-                 args[0]
-               else
-                 { server: args[0] }
-               end
-        return opts if opts.is_a?(Hash) && opts[:server].respond_to?(:call)
-        raise 'must provide either a proc as the first arg or by the '\
-              '`:server` option to scope and default_scope methods'
+    def self._synchromesh_scope_args_check(args)
+      opts = if args.count == 2 && args[1].is_a?(Hash)
+               args[1].merge(server: args[0])
+             elsif args[0].is_a? Hash
+               args[0]
+             else
+               { server: args[0] }
+             end
+      return opts if opts && opts[:server].respond_to?(:call)
+      raise 'must provide either a proc as the first arg or by the '\
+            '`:server` option to scope and default_scope methods'
+    end
+  end
+  if RUBY_ENGINE != 'opal'
+    # __synchromesh_permission_granted indicates if permission has been given to return a scope
+    # The acting_user attribute is set to the current acting_user so regulation methods can check it
+    # The __secure_collection_check method is called at the end of a scope chain and will fail if
+    # no scope in the chain has positively granted access.
+
+    # allows us to easily handle scopes and finder_methods which return arrays of items
+    # (instead of ActiveRecord::Relations - see below)
+    class ReactiveRecordPsuedoRelationArray < Array
+      attr_accessor :__synchromesh_permission_granted
+      attr_accessor :acting_user
+      def __secure_collection_check(_acting_user)
+        self
       end
+    end
 
-      alias pre_synchromesh_scope scope
-
-      def do_not_synchronize
-        @do_not_synchronize = true
+    # add the __synchromesh_permission_granted, acting_user and __secure_collection_check
+    # methods to Relation
+    class Relation
+      attr_accessor :__synchromesh_permission_granted
+      attr_accessor :acting_user
+      def __secure_collection_check(acting_user)
+        return self if __synchromesh_permission_granted
+        return self if __secure_remote_access_to_unscoped(acting_user).__synchromesh_permission_granted
+        denied!
       end
+    end
+    # Monkey patches and extensions to base
+    class Base
+      class << self
+        # every method call that is legal from the client has a wrapper method prefixed with
+        # __secure_remote_access_to_
+
+        # The wrapper method may simply return the normal result or may act to secure the data.
+        # The simpliest case is for the method to call `denied!` which will raise a Hyperloop
+        # access protection fault.
+
+        def denied!
+          Hyperloop::InternalPolicy.raise_operation_access_violation
+        end
 
-      def do_not_synchronize?
-        @do_not_synchronize
-      end
-
-      if RUBY_ENGINE != 'opal'
-
-        alias pre_synchromesh_default_scope default_scope
+        # Here we set up the base `all` and `unscoped` methods.  See below for more on how
+        # access protection works on relationships.
 
-        def scope(name, *args, &block)
-          opts = _synchromesh_scope_args_check(args)
-          pre_synchromesh_scope(name, opts[:server], &block)
+        def __secure_remote_access_to_all(_acting_user)
+          all
         end
 
-        def default_scope(*args, &block)
-          opts = _synchromesh_scope_args_check([*block, *args])
-          pre_synchromesh_default_scope(opts[:server], &block)
+        def __secure_remote_access_to_unscoped(_acting_user, *args)
+          unscoped(*args)
         end
 
-        def server_method(name, opts = {}, &block)
-          define_method(name, &block)
-        end
+        # finder_method and server_method provide secure RPCs against AR relations and records.
+        # The block is called in context with the object, and acting_user is set to the
+        # current acting user.  The block may interogate acting_user to insure security as needed.
+
+        # For finder_method we have to preapply `all` so that we always have a relationship
 
         def finder_method(name, &block)
-          singleton_class.send(:define_method, "_#{name}") do |*args|
-            [block.call(*args)]
+          singleton_class.send(:define_method, :"__secure_remote_access_to__#{name}") do |acting_user, *args|
+            this = respond_to?(:acting_user) ? self : all
+            begin
+              old = this.acting_user
+              this.acting_user = acting_user
+              # returns a PsuedoRelationArray which will respond to the
+              # __secure_collection_check method
+              ReactiveRecordPsuedoRelationArray.new([this.instance_exec(*args, &block)])
+            ensure
+              this.acting_user = old
+            end
           end
           singleton_class.send(:define_method, name) do |*args|
-            block.call(*args)
+            all.instance_exec(*args, &block)
           end
         end
 
-      else
+        def server_method(name, _opts = {}, &block)
+          # callable from the server internally
+          define_method(name, &block)
+          # callable remotely from the client
+          define_method("__secure_remote_access_to_#{name}") do |acting_user, *args|
+            begin
+              old = self.acting_user
+              self.acting_user = acting_user
+              send(name, *args)
+            ensure
+              self.acting_user = old
+            end
+          end
+        end
 
-        alias pre_synchromesh_method_missing method_missing
+        # relationships (and scopes) are regulated using a tri-state system.  Each
+        # remote access method will return the relationship as normal but will also set
+        # the value of __secure_remote_access_granted using the application defined regulation.
+        # Each regulation can explicitly allow the scope to be chained by returning a truthy
+        # value from the regulation.  Or each regulation can explicitly deny the scope to
+        # be chained by called `denied!`.  Otherwise each regulation can return a falsy
+        # value meaning the scope can be changed, but unless some other scope (before or
+        # after) in the chain explicitly allows the scope, the entire chain will fail.
+
+        # In otherwords within a chain of relationships and scopes, at least one Regulation
+        # must be return a truthy value otherwise the whole chain fails.  Likewise if any
+        # regulation called `deined!` the whole chain fails.
+
+        # If no regulation is defined, the regulation is inherited from the superclass, and if
+        # no regulation is defined anywhere in the class heirarchy then the regulation will
+        # return a falsy value.
+
+        # regulations on scopes are inheritable.  That is if a superclass defines a regulation
+        # for a scope, subclasses will inherit the regulation (but can override)
+
+        # helper method to sort out the options on the regulate_scope, regulate_relationship macros.
+
+        # We allow three forms:
+        # regulate_xxx name &block  : the block is the regulation
+        # regulate_xxx name: const  : const can be denied!, deny, denied, or any other truthy or
+        #                             falsy value
+        # regulate_xxx name: proc   : the proc is the regulation
+
+        def __synchromesh_parse_regulator_params(name, block)
+          if name.is_a? Hash
+            name, block = name.first
+            if %i[denied! deny denied].include? block
+              block = ->(*_args) { denied! }
+            elsif !block.is_a? Proc
+              value = block
+              block = ->(*_args) { value }
+            end
+          end
+          [name, block || ->(*_args) { true }]
+        end
 
-        def method_missing(name, *args, &block)
-          #return get_by_index(*args).first if name == "[]"
-          return all.send(name, *args, &block) if [].respond_to?(name)
-          if name.end_with?('!')
-            return send(name.chop, *args, &block).send(:reload_from_db) rescue nil
+        # helper method for providing a regulation in line with a scope or relationship
+        # this is done using the `regulate` key on the opts.
+        # if no regulate key is provided and there is no regulation already defined for
+        # this name, then we create one that returns nil (don't care)
+        # once we have things figured out, we yield to the provided proc which is either
+        # regulate_scope or regulate_relationship
+
+        def __synchromesh_regulate_from_macro(opts, name, already_defined)
+          if opts.key?(:regulate)
+            yield name => opts[:regulate]
+          elsif !already_defined
+            yield name => ->(*_args) {}
           end
-          pre_synchromesh_method_missing(name, *args, &block)
         end
 
-        def create(*args, &block)
-          new(*args).save(&block)
+        # helper method to set the value of __synchromesh_permission_granted on the relationship
+        # Get the current value of __synchromesh_permission_granted, set acting_user on the
+        # object, and or in the result of running the block in context of the obj
+
+        def __set_synchromesh_permission_granted(r, obj, acting_user, args = [], &block)
+          r.__synchromesh_permission_granted = try(:__synchromesh_permission_granted)
+          old = acting_user
+          obj.acting_user = acting_user
+          r.__synchromesh_permission_granted ||= obj.instance_exec(*args, &block)
+          r
+        ensure
+          obj.acting_user = old
         end
 
-        def scope(name, *args)
-          opts = _synchromesh_scope_args_check(args)
-          scope_description = ReactiveRecord::ScopeDescription.new(self, name, opts)
-          singleton_class.send(:define_method, name) do |*vargs|
-            all.build_child_scope(scope_description, *name, *vargs)
-          end
-          singleton_class.send(:define_method, "#{name}=") do |_collection|
-            raise 'NO LONGER IMPLEMENTED - DOESNT PLAY WELL WITH SYNCHROMESH'
-            # all.replace_child_scope(name, collection)
+        # regulate scope has to deal with the special case that the scope returns an
+        # an array instead of a relationship.  In this case we wrap the array and go on
+
+        def regulate_scope(name, &block)
+          name, block = __synchromesh_parse_regulator_params(name, block)
+          singleton_class.send(:define_method, :"__secure_remote_access_to_#{name}") do |acting_user, *args|
+            r = send(name, *args)
+            r = ReactiveRecordPsuedoRelationArray.new(r) if r.is_a? Array
+            __set_synchromesh_permission_granted(r, r, acting_user, args, &block)
           end
         end
 
+        # regulate_default_scope
+
+        def regulate_default_scope(&block)
+          regulate_scope(:all, &block)
+        end
+
+        # monkey patch scope and default_scope macros to process hyperloop special opts,
+        # and add regulations if present
+
+        alias pre_synchromesh_scope scope
+
+        def scope(name, *args, &block)
+          __synchromesh_regulate_from_macro(
+            (opts = _synchromesh_scope_args_check(args)),
+            name,
+            respond_to?(:"__secure_remote_access_to_#{name}"),
+            &method(:regulate_scope)
+          )
+          pre_synchromesh_scope(name, opts[:server], &block)
+        end
+
+        alias pre_synchromesh_default_scope default_scope
+
         def default_scope(*args, &block)
-          opts = _synchromesh_scope_args_check([*block, *args])
-          @_default_scopes ||= []
-          @_default_scopes << opts
+          __synchromesh_regulate_from_macro(
+            (opts = _synchromesh_scope_args_check([*block, *args])),
+            :all,
+            respond_to?(:__secure_remote_access_to_all),
+            &method(:regulate_scope)
+          )
+          pre_synchromesh_default_scope(opts[:server], &block)
         end
 
-        def all
-          ReactiveRecord::Base.default_scope[self] ||=
-            if @_default_scopes
-              root = ReactiveRecord::Collection
-                     .new(self, nil, nil, self, 'all')
-                     .extend(ReactiveRecord::UnscopedCollection)
-              @_default_scopes.inject(root) do |scope, opts|
-                scope.build_child_scope(ReactiveRecord::ScopeDescription.new(self, :all, opts))
-              end
-            end || unscoped
+        # add regulate_relationship method and monkey patch monkey patch has_many macro
+        # to add regulations if present
+
+        def regulate_relationship(name, &block)
+          name, block = __synchromesh_parse_regulator_params(name, block)
+          define_method(:"__secure_remote_access_to_#{name}") do |acting_user, *args|
+            self.class.__set_synchromesh_permission_granted(
+              send(name, *args), self, acting_user, &block
+            )
+          end
+        end
+
+        alias pre_syncromesh_has_many has_many
+
+        def has_many(name, *args, &block)
+          __synchromesh_regulate_from_macro(
+            opts = args.extract_options!,
+            name,
+            method_defined?(:"__secure_remote_access_to_#{name}"),
+            &method(:regulate_relationship)
+          )
+          pre_syncromesh_has_many name, *args, opts.except(:regulate), &block
         end
 
-        def all=(_collection)
-          raise "NO LONGER IMPLEMENTED DOESNT PLAY WELL WITH SYNCHROMESH"
+        # add secure access for find, find_by, and belongs_to and has_one relations.
+        # No explicit security checks are needed here, as the data returned by these objects
+        # will be further processedand checked before returning.  I.e. it is not possible to
+        # simply return `find(1)` but if you try returning `find(1).name` the permission system
+        # will check to see if the name attribute can be legally sent to the current acting user.
+
+        def __secure_remote_access_to_find(_acting_user, *args)
+          find(*args)
         end
 
-        def unscoped
-          ReactiveRecord::Base.unscoped[self] ||=
-            ReactiveRecord::Collection
-            .new(self, nil, nil, self, 'unscoped')
-            .extend(ReactiveRecord::UnscopedCollection)
+        def __secure_remote_access_to_find_by(_acting_user, *args)
+          find_by(*args)
         end
 
-        def finder_method(name)
-          ReactiveRecord::ScopeDescription.new(self, "_#{name}", {})
-          [name, "#{name}!"].each do |method|
-            singleton_class.send(:define_method, method) do |*vargs|
-              all.apply_scope("_#{method}", *vargs).first
+        %i[belongs_to has_one].each do |macro|
+          alias_method :"pre_syncromesh_#{macro}", macro
+          define_method(macro) do |name, scope = nil, opts = {}, &block|
+            define_method(:"__secure_remote_access_to_#{name}") do |_acting_user, *args|
+              send(name, *args)
             end
+            send(:"pre_syncromesh_#{macro}", name, scope, opts, &block)
           end
         end
       end
-    end
 
-    if RUBY_ENGINE != 'opal'
+      def denied!
+        Hyperloop::InternalPolicy.raise_operation_access_violation
+      end
+
+      # call do_not_synchronize to block synchronization of a model
+
+      def self.do_not_synchronize
+        @do_not_synchronize = true
+      end
+
+      # used by the broadcast mechanism to determine if this model is to be synchronized
+
+      def self.do_not_synchronize?
+        @do_not_synchronize
+      end
 
       def do_not_synchronize?
         self.class.do_not_synchronize?
@@ -136,7 +298,7 @@ module ActiveRecord
       after_commit :synchromesh_after_destroy, on: [:destroy]
 
       def synchromesh_after_create
-        return if do_not_synchronize? #|| previous_changes.empty?
+        return if do_not_synchronize?
         ReactiveRecord::Broadcast.after_commit :create, self
       end
 
@@ -149,27 +311,8 @@ module ActiveRecord
         return if do_not_synchronize?
         ReactiveRecord::Broadcast.after_commit :destroy, self
       end
-    else
-
-      scope :limit, ->() {}
-      scope :offset, ->() {}
-
-      def update_attribute(attr, value, &block)
-        send("#{attr}=", value)
-        save(validate: false, &block)
-      end
-
-      def update(attrs = {}, &block)
-        attrs.each { |attr, value| send("#{attr}=", value) }
-        save(&block)
-      end
-
-      def <=>(other)
-        id.to_i <=> other.id.to_i
-      end
     end
   end
 
   InternalMetadata.do_not_synchronize if defined? InternalMetadata
-
 end

data/lib/hyper-mesh.rb

@@ -22,12 +22,12 @@ if RUBY_ENGINE == 'opal'
   require "reactive_record/active_record/reactive_record/collection"
   require "reactive_record/active_record/reactive_record/scoped_collection"
   require "reactive_record/active_record/reactive_record/unscoped_collection"
+  require "reactive_record/interval"
+  require_relative 'active_record_base'
+  require_relative 'reactive_record/scope_description'
   require "reactive_record/active_record/class_methods"
   require "reactive_record/active_record/instance_methods"
   require "reactive_record/active_record/base"
-  require "reactive_record/interval"
-  require_relative 'reactive_record/scope_description'
-  require_relative 'active_record_base'
   require_relative 'hypermesh/version'
   require_relative 'opal/parse_patch'
   require_relative 'opal/set_patches'

data/lib/hypermesh/version.rb

@@ -1,3 +1,3 @@
 module Hypermesh
-  VERSION = '1.0.0.lap23'
+  VERSION = '1.0.0.lap24'
 end

data/lib/reactive_record/active_record/base.rb

@@ -1,9 +1,11 @@
 module ActiveRecord
+  # client side ActiveRecord::Base proxy
   class Base
-
     extend  ClassMethods
 
     include InstanceMethods
 
+    scope :limit, ->() {}
+    scope :offset, ->() {}
   end
 end

data/lib/reactive_record/active_record/class_methods.rb

@@ -60,6 +60,7 @@ module ActiveRecord
     # ignore any of these methods if they get called on the client.   This list should be trimmed down to include only
     # methods to be called as "macros" such as :after_create, etc...
     SERVER_METHODS = [
+      :regulate_relationship, :regulate_scope,
       :attribute_type_decorations, :defined_enums, :_validators, :timestamped_migrations, :lock_optimistically, :lock_optimistically=,
       :local_stored_attributes=, :lock_optimistically?, :attribute_aliases?, :attribute_method_matchers?, :defined_enums?,
       :has_many_without_reactive_record_add_changed_method, :has_many_with_reactive_record_add_changed_method,
@@ -78,7 +79,7 @@ module ActiveRecord
       :_find_callbacks, :_find_callbacks?, :_find_callbacks=, :_touch_callbacks, :_touch_callbacks?, :_touch_callbacks=, :_save_callbacks,
       :_save_callbacks?, :_save_callbacks=, :_create_callbacks, :_create_callbacks?, :_create_callbacks=, :_update_callbacks,
       :_update_callbacks?, :_update_callbacks=, :_destroy_callbacks, :_destroy_callbacks?, :_destroy_callbacks=, :record_timestamps?,
-      :_synchromesh_scope_args_check, :pre_synchromesh_scope, :pre_synchromesh_default_scope, :do_not_synchronize, :do_not_synchronize?,
+      :pre_synchromesh_scope, :pre_synchromesh_default_scope, :do_not_synchronize, :do_not_synchronize?,
       :logger=, :maintain_test_schema, :maintain_test_schema=, :scope, :time_zone_aware_attributes, :time_zone_aware_attributes=,
       :default_timezone, :default_timezone=, :_attr_readonly, :warn_on_records_fetched_greater_than, :configurations, :configurations=,
       :_attr_readonly?, :table_name_prefix=, :table_name_suffix=, :schema_migrations_table_name=, :internal_metadata_table_name,
@@ -145,33 +146,107 @@ module ActiveRecord
     def method_missing(name, *args, &block)
       if args.count == 1 && name.start_with?("find_by_") && !block
         find_by(name.sub(/^find_by_/, "") => args[0])
+      elsif [].respond_to?(name)
+        all.send(name, *args, &block)
+      elsif name.end_with?('!')
+        send(name.chop, *args, &block).send(:reload_from_db) rescue nil
       elsif !SERVER_METHODS.include?(name)
         raise "#{self.name}.#{name}(#{args}) (called class method missing)"
       end
     end
 
-    def abstract_class=(val)
-      @abstract_class = val
+    # client side AR
+
+    # Any method that can be applied to an array will be applied to the result
+    # of all instead.
+    # Any method ending with ! just means apply the method after forcing a reload
+    # from the DB.
+
+    # alias pre_synchromesh_method_missing method_missing
+    #
+    # def method_missing(name, *args, &block)
+    #   return all.send(name, *args, &block) if [].respond_to?(name)
+    #   if name.end_with?('!')
+    #     return send(name.chop, *args, &block).send(:reload_from_db) rescue nil
+    #   end
+    #   pre_synchromesh_method_missing(name, *args, &block)
+    # end
+
+    def create(*args, &block)
+      new(*args).save(&block)
     end
 
-    def scope(name, body)
-      singleton_class.send(:define_method, name) do | *args |
-        args = (args.count == 0) ? name : [name, *args]
-        ReactiveRecord::Base.class_scopes(self)[args] ||= ReactiveRecord::Collection.new(self, nil, nil, self, args)
-      end
-      singleton_class.send(:define_method, "#{name}=") do |collection|
-        ReactiveRecord::Base.class_scopes(self)[name] = collection
+    def scope(name, *args)
+      opts = _synchromesh_scope_args_check(args)
+      scope_description = ReactiveRecord::ScopeDescription.new(self, name, opts)
+      singleton_class.send(:define_method, name) do |*vargs|
+        all.build_child_scope(scope_description, *name, *vargs)
       end
+      # singleton_class.send(:define_method, "#{name}=") do |_collection|
+      #   raise 'NO LONGER IMPLEMENTED - DOESNT PLAY WELL WITH SYNCHROMESH'
+      # end
+    end
+
+    def default_scope(*args, &block)
+      opts = _synchromesh_scope_args_check([*block, *args])
+      @_default_scopes ||= []
+      @_default_scopes << opts
     end
 
     def all
-      ReactiveRecord::Base.class_scopes(self)[:all] ||= ReactiveRecord::Collection.new(self, nil, nil, self, "all")
+      ReactiveRecord::Base.default_scope[self] ||=
+        begin
+        root = ReactiveRecord::Collection
+               .new(self, nil, nil, self, 'all')
+               .extend(ReactiveRecord::UnscopedCollection)
+        (@_default_scopes || [{ client: -> () { true } }]).inject(root) do |scope, opts|
+          scope.build_child_scope(ReactiveRecord::ScopeDescription.new(self, :all, opts))
+        end
+      end
     end
 
-    def all=(collection)
-      ReactiveRecord::Base.class_scopes(self)[:all] = collection
+    # def all=(_collection)
+    #   raise "NO LONGER IMPLEMENTED DOESNT PLAY WELL WITH SYNCHROMESH"
+    # end
+
+    def unscoped
+      ReactiveRecord::Base.unscoped[self] ||=
+        ReactiveRecord::Collection
+        .new(self, nil, nil, self, 'unscoped')
+        .extend(ReactiveRecord::UnscopedCollection)
     end
 
+    def finder_method(name)
+      ReactiveRecord::ScopeDescription.new(self, "_#{name}", {})
+      [name, "#{name}!"].each do |method|
+        singleton_class.send(:define_method, method) do |*vargs|
+          all.apply_scope("_#{method}", *vargs).first
+        end
+      end
+    end
+
+    def abstract_class=(val)
+      @abstract_class = val
+    end
+
+    # def scope(name, body)
+    #   singleton_class.send(:define_method, name) do | *args |
+    #     args = (args.count == 0) ? name : [name, *args]
+    #     ReactiveRecord::Base.class_scopes(self)[args] ||= ReactiveRecord::Collection.new(self, nil, nil, self, args)
+    #   end
+    #   singleton_class.send(:define_method, "#{name}=") do |collection|
+    #     ReactiveRecord::Base.class_scopes(self)[name] = collection
+    #   end
+    # end
+
+    # def all
+    #   ReactiveRecord::Base.class_scopes(self)[:all] ||= ReactiveRecord::Collection.new(self, nil, nil, self, "all")
+    # end
+    #
+    # def all=(collection)
+    #   ReactiveRecord::Base.class_scopes(self)[:all] = collection
+    # end
+
     [:belongs_to, :has_many, :has_one].each do |macro|
       define_method(macro) do |*args| # is this a bug in opal?  saying name, scope=nil, opts={} does not work!
         name = args.first

data/lib/reactive_record/active_record/instance_methods.rb

@@ -116,7 +116,7 @@ module ActiveRecord
         # for rails auto generated methods for booleans, remove '?' to get the attribute
         name = name.chop if !is_server_method && is_attribute && name.end_with?('?')
         @backing_record.reactive_get!(name, force_update)
-      elsif !block 
+      elsif !block
         # for rails auto generated methods for booleans, remove '?' to get the attribute
         name = name.chop if !is_server_method && is_attribute && name.end_with?('?')
         @backing_record.reactive_get!([[name]+args], force_update)
@@ -167,6 +167,20 @@ module ActiveRecord
       @backing_record.errors
     end
 
+    def update_attribute(attr, value, &block)
+      send("#{attr}=", value)
+      save(validate: false, &block)
+    end
+
+    def update(attrs = {}, &block)
+      attrs.each { |attr, value| send("#{attr}=", value) }
+      save(&block)
+    end
+
+    def <=>(other)
+      id.to_i <=> other.id.to_i
+    end
+
   end
 
 end

data/lib/reactive_record/active_record/reactive_record/base.rb

@@ -87,7 +87,7 @@ module ReactiveRecord
           record = @records[model].detect { |record| record.id == id}
         end
         # if we don't have a record then create one
-        (record = new(model)).vector = [model, ["find_by_#{attribute}", value]] unless record
+        (record = new(model)).vector = [model, [:find_by, attribute => value]] unless record
         # and set the value
         record.sync_attribute(attribute, value)
         # and set the primary if we have one
@@ -263,7 +263,7 @@ module ReactiveRecord
     # nil must not have any children.
     def initialize_collections
       if (!vector || vector.empty?) && id && id != ''
-        @vector = [@model, ["find_by_#{@model.primary_key}", id]]
+        @vector = [@model, [:find_by, @model.primary_key => id]]
       end
       @model.reflect_on_all_associations.each do |assoc|
         if assoc.collection? && attributes[assoc.attribute].nil?

data/lib/reactive_record/active_record/reactive_record/collection.rb

@@ -252,7 +252,7 @@ module ReactiveRecord
         elsif filter?
           @collection = filter_records(@parent.collection)
         end
-      elsif @parent.count.zero?
+      elsif @parent._count_internal(false).zero?  # just changed this from count.zero?
         @count = 0
       end
     end
@@ -289,18 +289,26 @@ module ReactiveRecord
       @count = val
     end
 
-    def count
+
+
+    def _count_internal(load_from_client)
+      # when count is called on a leaf, count_internal is called for each
+      # ancestor.  Only the outermost count has load_from_client == true
       observed
       if @collection
         @collection.count
       elsif @count ||= ReactiveRecord::Base.fetch_from_db([*@vector, "*count"])
         @count
       else
-        ReactiveRecord::Base.load_from_db(nil, *@vector, "*count")
+        ReactiveRecord::Base.load_from_db(nil, *@vector, "*count") if load_from_client
         @count = 1
       end
     end
 
+    def count
+      _count_internal(true)
+    end
+
     alias_method :length, :count
 
     # WHY IS THIS NEEDED?  Perhaps it was just for debug
@@ -473,15 +481,19 @@ module ReactiveRecord
       @dummy_collection.loading?
     end
 
-    def empty?  # should be handled by method missing below, but opal-rspec does not deal well with method missing, so to test...
+    def empty?
+      # should be handled by method missing below, but opal-rspec does not deal well
+      # with method missing, so to test...
       all.empty?
     end
 
     def method_missing(method, *args, &block)
       if [].respond_to? method
         all.send(method, *args, &block)
-      elsif ScopeDescription.find(@target_klass, method) || (args.count == 1 && method.start_with?("find_by_"))
+      elsif ScopeDescription.find(@target_klass, method)
         apply_scope(method, *args)
+      elsif args.count == 1 && method.start_with?('find_by_')
+        apply_scope(:find_by, method.sub(/^find_by_/, '') => args.first)
       elsif @target_klass.respond_to?(method) && ScopeDescription.find(@target_klass, "_#{method}")
         apply_scope("_#{method}", *args).first
       else

data/lib/reactive_record/active_record/reactive_record/isomorphic_base.rb

@@ -133,6 +133,7 @@ module ReactiveRecord
     end
 
     def self.schedule_fetch
+      React::State.set_state(WhileLoading, :quiet, false)  # moved from while loading module see loading! method
       @fetch_scheduled ||= after(0) do
         if @pending_fetches.count > 0  # during testing we might reset the context while there are pending fetches otherwise this would never normally happen
           last_fetch_at = @last_fetch_at
@@ -143,23 +144,29 @@ module ReactiveRecord
           start_time = `Date.now()`
           Operations::Fetch.run(models: models, associations: associations, pending_fetches: pending_fetches)
             .then do |response|
-              fetch_time = `Date.now()`
-              log("       Fetched in:   #{`(fetch_time - start_time)/ 1000`}s")
               begin
-                ReactiveRecord::Base.load_from_json(response)
-              rescue Exception => e
-                log("Unexpected exception raised while loading json from server: #{e}", :error)
+                fetch_time = `Date.now()`
+                log("       Fetched in:   #{`(fetch_time - start_time)/ 1000`}s")
+                begin
+                  ReactiveRecord::Base.load_from_json(response)
+                rescue Exception => e
+                  log("Unexpected exception raised while loading json from server: #{e}", :error)
+                end
+                log("       Processed in: #{`(Date.now() - fetch_time) / 1000`}s")
+                log(["       Returned: %o", response.to_n])
+                ReactiveRecord.run_blocks_to_load last_fetch_at
+              ensure
+                ReactiveRecord::WhileLoading.loaded_at last_fetch_at
+                ReactiveRecord::WhileLoading.quiet! if @pending_fetches.empty?
               end
-              log("       Processed in: #{`(Date.now() - fetch_time) / 1000`}s")
-              log(["       Returned: %o", response.to_n])
-              ReactiveRecord.run_blocks_to_load last_fetch_at
-              ReactiveRecord::WhileLoading.loaded_at last_fetch_at
-              ReactiveRecord::WhileLoading.quiet! if @pending_fetches.empty?
             end
             .fail do |response|
               log("Fetch failed", :error)
-              # not sure what response was supposed to look like here was response.body before conversion to operations....
-              ReactiveRecord.run_blocks_to_load(last_fetch_at, response)
+              begin
+                ReactiveRecord.run_blocks_to_load(last_fetch_at, response)
+              ensure
+                ReactiveRecord::WhileLoading.quiet! if @pending_fetches.empty?
+              end
             end
           @pending_fetches = []
           @pending_records = []

data/lib/reactive_record/active_record/reactive_record/while_loading.rb

@@ -123,7 +123,8 @@ module ReactiveRecord
         def loading!
           React::RenderingContext.waiting_on_resources = true
           React::State.get_state(self, :loaded_at)
-          React::State.set_state(self, :quiet, false)
+          # this was moved to where the fetch is actually pushed on to the fetch array in isomorphic base
+          # React::State.set_state(self, :quiet, false)
           @is_loading = true
         end
 
@@ -298,7 +299,7 @@ if RUBY_ENGINE == 'opal'
         def reactive_record_link_set_while_loading_container_class
           node = dom_node
           loading = (waiting_on_resources ? `true` : `false`)
-          %x{ 
+          %x{
               if (typeof node === "undefined" || node === null) return;
               var while_loading_container_id = node.getAttribute('data-reactive_record_while_loading_container_id');
               if (#{!self.is_a?(ReactiveRecord::WhileLoading)} && while_loading_container_id !== null && while_loading_container_id !== "") {

data/lib/reactive_record/server_data_cache.rb

@@ -203,29 +203,36 @@ module ReactiveRecord
           def apply_method_to_cache(method)
             @db_cache.inject(nil) do |representative, cache_item|
               if cache_item.vector == vector
-                # TODO: Security - this is the wrong check in the wrong place...
-                if @value.class < ActiveRecord::Base and @value.attributes.has_key?(method) # TODO: second check is not needed, its built into  check_permmissions,  check should be does class respond to check_permissions...
-                  @value.check_permission_with_acting_user(@acting_user, :view_permitted?, method)
-                end
                 if method == "*"
+                  # apply_star does the security check if value is present
                   cache_item.apply_star || representative
                 elsif method == "*all"
-                  cache_item.build_new_cache_item(cache_item.value.collect { |record| record.id }, method, method)
+                  # if we secure the collection then we assume its okay to read the ids
+                  cache_item.build_new_cache_item(cache_item.value.__secure_collection_check(@acting_user).collect { |record| record.id }, method, method)
                 elsif method == "*count"
-                  cache_item.build_new_cache_item(cache_item.value.count, method, method)
+                  cache_item.build_new_cache_item(cache_item.value.__secure_collection_check(@acting_user).count, method, method)
                 elsif preloaded_value = @preloaded_records[cache_item.absolute_vector + [method]]
+                  # no security check needed since we already evaluated this
                   cache_item.build_new_cache_item(preloaded_value, method, method)
                 elsif aggregation = cache_item.aggregation?(method)
+                  # aggregations are not protected
                   cache_item.build_new_cache_item(aggregation.mapping.collect { |attribute, accessor| cache_item.value[attribute] }, method, method)
                 else
-                  if !cache_item.value || cache_item.value.class == Array
+                  if !cache_item.value || cache_item.value.is_a?(Array)
+                    # seeing as we just returning representative, no check is needed (its already checked)
                     representative
                   else
-                    # TODO: Security.  Protect the send(*method). But its complicated.. method can be an attribute, scope, relationship or actual method.
-                    #                  Each needs some protection logic.
                     begin
-                      cache_item.build_new_cache_item(cache_item.value.send(*method), method, method)
-                    rescue Exception => e
+                      secured_method = "__secure_remote_access_to_#{[*method].first}"
+                      if @value.class < ActiveRecord::Base and @value.attributes.has_key?(method) # TODO: second check is not needed, its built into  check_permmissions,  check should be does class respond to check_permissions...
+                        @value.check_permission_with_acting_user(@acting_user, :view_permitted?, method)
+                        cache_item.build_new_cache_item(cache_item.value.send(*method), method, method)
+                      elsif cache_item.value.respond_to? secured_method
+                        cache_item.build_new_cache_item(cache_item.value.send(secured_method, @acting_user, *([*method][1..-1])), method, method)
+                      else
+                        raise "method missing"
+                      end
+                    rescue Exception => e # this check may no longer be needed as we are quite explicit now on which methods we apply
                       # ReactiveRecord::Pry::rescued(e)
                       ::Rails.logger.debug "\033[0;31;1mERROR: HyperModel exception caught when applying #{method} to db object #{cache_item.value}: #{e}\033[0;30;21m"
                       raise e, "HyperModel fetching records failed, exception caught when applying #{method} to db object #{cache_item.value}: #{e}", e.backtrace
@@ -248,9 +255,9 @@ module ReactiveRecord
             end
           end
 
-          # SECURITY - SAFE
+          # SECURITY - NOW SAFE
           def apply_star
-            if @value && @value.length > 0
+            if @value && @value.__secure_collection_check(@acting_user) && @value.length > 0
               i = -1
               @value.inject(nil) do |representative, current_value|
                 i += 1

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: hyper-mesh
 version: !ruby/object:Gem::Version
-  version: 1.0.0.lap23
+  version: 1.0.0.lap24
 platform: ruby
 authors:
 - Mitch VanDuyn
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-18 00:00:00.000000000 Z
+date: 2018-02-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -31,28 +31,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
 - !ruby/object:Gem::Dependency
   name: hyper-operation
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -129,14 +129,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 1.0.0.lap23
+        version: 1.0.0.lap24
 - !ruby/object:Gem::Dependency
   name: hyper-trace
   requirement: !ruby/object:Gem::Requirement
@@ -549,6 +549,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-rescue
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: HyperMesh is the base for HyperModel. HyperModel gives your HyperComponents
   CRUD access to your ActiveRecord models on the client, using the the standard ActiveRecord
   API. HyperModel also implements push notifications (via a number of possible technologies)
@@ -622,8 +636,7 @@ homepage: http://ruby-hyperloop.org
 licenses:
 - MIT
 metadata: {}
-post_install_message: "\e[0;31;1mhyper-mesh 1.0.0.lap23 is in development and has
-  known security issues! Not recommended for production use!\e[0;30;21m"
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib