kojac 0.9.0

data/app/serializers/default_kojac_serializer.rb

@@ -0,0 +1,10 @@
+class DefaultKojacSerializer < ActiveModel::Serializer
+
+	def initialize(object, options={})
+		super(object,options)
+	end
+
+	def attributes
+		object.attributes
+	end
+end

data/kojac.gemspec

@@ -0,0 +1,36 @@
+$:.push File.expand_path("../lib", __FILE__)
+
+# Maintain your gem's version:
+require "kojac/version"
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |s|
+  s.name        = "kojac"
+  s.version     = Kojac::VERSION
+  s.authors       = ["Gary McGhee"]
+  s.email         = ["contact@buzzware.com.au"]
+  s.homepage      = "https://github.com/buzzware/KOJAC"
+  s.license       = "MIT"
+
+  s.summary     = "KOJAC is an opinionated design and implementation for data management within Single Page Applications."
+  s.description = "KOJAC is an opinionated design and implementation for data management within Single Page Applications. It relates most heavily to the client and data protocol. The server may continue the key/value style down to a key/value-style database if desired, but that is not necessary. KOJAC also supports standard REST-style servers."
+
+  #s.files = Dir["{app,config,db,lib}/**/*"] + ["MIT-LICENSE", "Rakefile", "README.rdoc"]
+  s.files         = `git ls-files`.split($/)
+  s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+  
+  s.add_dependency "underscore_plus"
+  s.add_dependency "json2-rails"
+  s.add_dependency "jquery-rails"
+  s.add_dependency 'strong_parameters'
+
+  s.add_development_dependency "rails", "~> 3.2"
+  s.add_development_dependency "rspec-rails"
+  s.add_development_dependency "canjs-rails"
+  s.add_development_dependency "ember-rails"
+  s.add_development_dependency "jquery-rails"
+  s.add_development_dependency "capybara"
+  s.add_development_dependency "sqlite3"
+end

data/lib/kojac/app_serialize.rb

@@ -0,0 +1,29 @@
+require 'active_record/serializer_override'
+
+def app_serialize(aObject,aScope)
+	result = case aObject.class
+		when Fixnum then aObject.to_s
+		when Bignum then aObject.to_s
+		when Array
+			sz_class = ActiveModel::ArraySerializer
+			sz_class.new(aObject).to_json(:scope => aScope, :root => false)
+		when String then aObject
+		when FalseClass then 'false'
+		when TrueClass then 'true'
+		when Symbol then aObject.to_s
+		#when Hash
+			#sz_class = ActiveModel::Serializer
+			#sz_class.new(aObject).to_json(:scope => aScope, :root => false)
+
+		else
+			sz_class = aObject.respond_to?(:active_model_serializer) && aObject.send(:active_model_serializer)
+			sz_class = DefaultKojacSerializer if !sz_class && aObject.is_a?(ActiveModel)
+			if sz_class
+				sz_class.new(aObject).to_json(:scope => aScope, :root => false)
+			else
+				aObject.to_json
+			end
+
+	end
+	result
+end

data/lib/kojac/kojac_rails.rb

@@ -0,0 +1,432 @@
+#require File.expand_path('ring_strong_parameters',File.dirname(__FILE__))
+
+Kernel.class_eval do
+  def key_join(aResource,aId=nil,aAssoc=nil)
+    result = aResource
+    if aId
+			result += "__#{aId}"
+			result += ".#{aAssoc}" if aAssoc
+    end
+		result
+  end
+end
+
+class String
+	def is_i?
+		!!(self =~ /^[-+]?[0-9]+$/)
+  end
+
+	def split_kojac_key
+		r,ia = self.split('__')
+		id,a = ia.split('.') if ia
+		id = id.to_i if id && id.is_i?
+		[r,id,a]
+	end
+
+	# eg deals__5 => deals
+	def resource
+		self.split('__')[0]
+	end
+
+	# eg. deals__5.options => deals__5
+	def base_key
+		self.split('.')[0]
+	end
+
+	def key_assoc
+		self.split('.')[1]
+	end
+end
+
+module KojacUtils
+	module_function
+
+	def model_class_for_key(aKey)
+		resource = aKey.split_kojac_key[0]
+		resource.singularize.camelize.constantize rescue nil
+	end
+
+	def model_for_key(aKey)
+		klass = KojacUtils.model_class_for_key(aKey)
+		resource,id,assoc = aKey.split_kojac_key
+		klass.find(id) rescue nil
+	end
+
+	def upgrade_hashes_to_params(aValue)
+		if aValue.is_a? Hash
+			aValue = ActionController::Parameters.new(aValue) unless aValue.is_a?(ActionController::Parameters)
+		elsif aValue.is_a? Array
+			aValue = aValue.map {|v| upgrade_hashes_to_params(v)}
+		end
+		aValue
+	end
+
+end
+
+module Kojac::ModelMethods
+
+	def self.included(aClass)
+    aClass.send :extend, ClassMethods
+  end
+
+	module ClassMethods
+		def by_key(aKey,aContext=nil)
+			r,id,a = aKey.split_kojac_key
+			model = self
+			model = self.rescope(model,aContext) if self.respond_to? :rescope
+			if id
+				model.where(id: id).first
+			else
+				model.all
+			end
+		end
+	end
+
+	def kojac_key
+		self.class.to_s.snake_case.pluralize+'__'+self.id.to_s
+	end
+
+	def update_permitted_attributes!(aChanges, aRing)
+		aChanges = KojacUtils.upgrade_hashes_to_params(aChanges)
+		permitted_fields = self.class.permitted_fields(:write, aRing)
+		permitted_fields = aChanges.permit(*permitted_fields)
+		assign_attributes(permitted_fields, :without_protection => true)
+		save!
+	end
+
+end
+
+module Kojac::ControllerOpMethods
+
+	def self.included(aClass)
+    #aClass.send :extend, ClassMethods
+    aClass.send :include, ActiveSupport::Callbacks
+    aClass.send :define_callbacks, :update_op, :scope => [:kind, :name]
+  end
+
+	#module ClassMethods
+	#end
+
+	module_function
+
+	public
+
+	attr_accessor :item
+
+	def results
+		@results ||= {}
+	end
+
+	def deduce_model_class
+		KojacUtils.model_class_for_key(self.kojac_resource)
+	end
+
+	def kojac_resource
+		self.class.to_s.chomp('Controller').snake_case
+	end
+
+	def create_on_association(aItem,aAssoc,aValues,aRing)
+		raise "User does not have permission for create on #{aAssoc}" unless aItem.class.permitted_associations(:create,aRing).include?(aAssoc.to_sym)
+
+		return nil unless ma = aItem.class.reflect_on_association(aAssoc.to_sym)
+		a_model_class = ma.klass
+
+		aValues = KojacUtils.upgrade_hashes_to_params(aValues || {})
+
+		case ma.macro
+			when :belongs_to
+				return nil if !aValues.is_a?(Hash)
+				fields = aValues.permit( *a_model_class.permitted_fields(:write,aRing) )
+				return aItem.send("build_#{aAssoc}".to_sym,fields)
+			when :has_many
+				aValues = [aValues] if aValues.is_a?(Hash)
+				return nil unless aValues.is_a? Array
+				aValues.each do |v|
+					fields = v.permit( *a_model_class.permitted_fields(:write,aRing) )
+					new_sub_item = nil
+					case ma.macro
+						when :has_many
+							new_sub_item = aItem.send(aAssoc.to_sym).create(fields)
+						else
+							raise "#{ma.macro} association unsupported in CREATE"
+					end
+					merge_model_into_results(new_sub_item)
+				end
+		end
+		#
+		#
+		#
+		#a_value = op[:value][a]        # get data for this association, assume {}
+		#if a_value.is_a?(Hash)
+		#	a_model_class = ma.klass
+		#	fields = a_value.permit( *permitted_fields(:write,a_model_class) )
+		#	item.send("build_#{a}".to_sym,fields)
+		#	included_assocs << a.to_sym
+		#elsif a_value.is_a?(Array)
+		#	raise "association collections not yet implemented for create"
+		#else
+		#	next
+		#end
+	end
+
+	def create_op
+		ring = current_user.try(:ring)
+		op = params[:op]
+		options = op[:options] || {}
+		model_class = deduce_model_class
+		resource,id,assoc = op['key'].split_kojac_key
+		if assoc  # create operation on an association eg. {verb: "CREATE", key: "order.items"}
+			raise "User does not have permission for #{op[:verb]} operation on #{model_class.to_s}.#{assoc}" unless model_class.permitted_associations(:create,ring).include?(assoc.to_sym)
+			item = KojacUtils.model_for_key(key_join(resource,id))
+			ma = model_class.reflect_on_association(assoc.to_sym)
+			a_value = op[:value]        # get data for this association, assume {}
+			raise "create multiple not yet implemented for associations" unless a_value.is_a?(Hash)
+
+			a_model_class = ma.klass
+			p_fields = a_model_class.permitted_fields(:write,ring)
+			fields = a_value.permit( *p_fields )
+			new_sub_item = nil
+			case ma.macro
+				when :has_many
+					new_sub_item = item.send(assoc.to_sym).create(fields)
+				else
+					raise "#{ma.macro} association unsupported in CREATE"
+			end
+			result_key = op[:result_key] || new_sub_item.kojac_key
+			merge_model_into_results(new_sub_item)
+		else    # create operation on a resource eg. {verb: "CREATE", key: "order_items"} but may have embedded association values
+			p_fields = model_class.permitted_fields(:write,ring)
+			raise "User does not have permission for #{op[:verb]} operation on #{model_class.to_s}" unless model_class.ring_can?(:create,ring)
+
+			p_fields = op[:value].permit( *p_fields )
+			item = model_class.create!(p_fields)
+
+			options_include = options['include'] || []
+			included_assocs = []
+			p_assocs = model_class.permitted_associations(:write,ring)
+			if p_assocs
+				p_assocs.each do |a|
+					next unless (a_value = op[:value][a]) || options_include.include?(a.to_s)
+					create_on_association(item,a,a_value,ring)
+					included_assocs << a.to_sym
+				end
+			end
+			item.save!
+			result_key = op[:result_key] || item.kojac_key
+			merge_model_into_results(item,result_key,:include => included_assocs)
+		end
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  result_key: result_key,
+		  results: results
+		}
+	end
+
+	protected
+
+	def merge_model_into_results(aItem,aResultKey=nil,aOptions=nil)
+		ring = current_user.try(:ring)
+		aResultKey ||= aItem.kojac_key
+		aOptions ||= {}
+		results[aResultKey] = aItem.sanitized_hash(ring)
+		if included_assocs = aOptions[:include]
+			included_assocs = included_assocs.split(',') if included_assocs.is_a?(String)
+			included_assocs = [included_assocs] unless included_assocs.is_a?(Array)
+			included_assocs.map!(&:to_sym) if included_assocs.is_a?(Array)
+			p_assocs = aItem.class.permitted_associations(:read,ring)
+			use_assocs = p_assocs.delete_if do |a|
+				if included_assocs.include?(a) and ma = aItem.class.reflect_on_association(a)
+					![:belongs_to,:has_many].include?(ma.macro)   # is supported association type
+				else
+					true  # no such assoc
+				end
+			end
+			use_assocs.each do |a|
+				next unless a_contents = aItem.send(a)
+				if a_contents.is_a? Array
+					contents_h = []
+					a_contents.each do |sub_item|
+						results[sub_item.kojac_key] = sub_item.sanitized_hash(ring)
+						#contents_h << sub_item.id
+					end
+					#results[aResultKey] = contents_h
+				else
+					results[a_contents.kojac_key] = a_contents.sanitized_hash(ring)
+				end
+			end
+		end
+	end
+
+	public
+
+	def read_op
+		op = params[:op]
+		key = op[:key]
+		result_key = nil
+		resource,id = key.split '__'
+		model = deduce_model_class
+
+		if id   # item
+			if model
+				item = model.by_key(key,op)
+				result_key = op[:result_key] || (item && item.kojac_key) || op[:key]
+				merge_model_into_results(item,result_key,op[:options])
+			else
+				result_key = op[:result_key] || op[:key]
+				results[result_key] = null
+			end
+		else    # collection
+			result_key = op[:result_key] || op[:key]
+			results[result_key] = []
+			if model
+				items = model.by_key(key,op)
+				items.each do |m|
+					item_key = m.kojac_key
+					results[result_key] << item_key.bite(resource+'__')
+					merge_model_into_results(m,item_key,op[:options])
+				end
+			end
+		end
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  results: results,
+		  result_key: result_key
+		}
+	end
+
+	def update_op
+		result = nil
+		model = deduce_model_class
+
+		ring = current_user.try(:ring)
+		op = params[:op]
+		result_key = nil
+		if self.item = model.by_key(op[:key],op)
+
+			run_callbacks :update_op do
+				item.update_permitted_attributes!(op[:value], ring)
+
+				associations = model.permitted_associations(:write,ring)
+				associations.each do |k|
+					next unless assoc = model.reflect_on_association(k)
+					next unless op[:value][k]
+					case assoc.macro
+						when :belongs_to
+							if leaf = (item.send(k) || item.send("build_#{k}".to_sym))
+								#permitted_fields = leaf.class.permitted_fields(:write,ring)
+								#permitted_fields = op[:value][k].permit( *permitted_fields )
+								#leaf.assign_attributes(permitted_fields, :without_protection => true)
+								#leaf.save!
+								leaf.update_permitted_attributes!(op[:value][k], ring)
+							end
+					end
+				end
+
+				result_key = item.kojac_key
+				results[result_key] = item
+
+				associations.each do |a|
+					next unless assoc_item = item.send(a)
+					next unless key = assoc_item.respond_to?(:kojac_key) && assoc_item.kojac_key
+					results[key] = assoc_item
+				end
+			end
+		end
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  result_key: result_key,
+		  results: results
+		}
+	end
+
+	def destroy_op
+		ring = current_user.try(:ring)
+		op = params[:op]
+		result_key = op[:result_key] || op[:key]
+		item = KojacUtils.model_for_key(op[:key])
+		item.destroy if item
+		results[result_key] = nil
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  result_key: result_key,
+		  results: results
+		}
+	end
+
+	#def execute_op
+	#	puts 'execute_op'
+	#end
+
+	def add_op
+		ring = current_user.try(:ring)
+		op = params[:op]
+		model = deduce_model_class
+		raise "ADD only supports associated collections at present eg order.items" unless op[:key].index('.')
+
+		item = KojacUtils.model_for_key(op[:key].base_key)
+		assoc = (assoc=op[:key].key_assoc) && assoc.to_sym
+		id = op[:value]['id']
+
+		ma = item.class.reflect_on_association(assoc)
+		case ma.macro
+			when :has_many
+				assoc_class = ma.klass
+				assoc_item = assoc_class.find(id)
+				item.send(assoc) << assoc_item
+
+				#ids_method = assoc.to_s.singularize+'_ids'
+				#ids = item.send(ids_method.to_sym)
+				#item.send((ids_method+'=').to_sym,ids + [id])
+				result_key = assoc_item.kojac_key
+				merge_model_into_results(assoc_item)
+			else
+				raise "ADD does not yet support #{ma.macro} associations"
+		end
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  result_key: result_key,
+		  results: results
+		}
+	end
+
+	def remove_op
+		ring = current_user.try(:ring)
+		op = params[:op]
+		model = deduce_model_class
+		raise "REMOVE only supports associated collections at present eg order.items" unless op[:key].key_assoc
+
+		item = KojacUtils.model_for_key(op[:key].base_key)
+		assoc = (assoc=op[:key].key_assoc) && assoc.to_sym
+		id = op[:value]['id']
+
+		ma = item.class.reflect_on_association(assoc)
+		case ma.macro
+			when :has_many
+				assoc_class = ma.klass
+				if assoc_item = item.send(assoc).find(id)
+					item.send(assoc).delete(assoc_item)
+					result_key = assoc_item.kojac_key
+					if (assoc_item.destroyed?)
+						results[result_key] = nil
+					else
+						merge_model_into_results(assoc_item,result_key)
+					end
+				end
+			else
+				raise "REMOVE does not yet support #{ma.macro} associations"
+		end
+		{
+			key: op[:key],
+		  verb: op[:verb],
+		  result_key: result_key,
+		  results: results
+		}
+	end
+
+
+end

data/lib/kojac/ring_strong_parameters.rb

@@ -0,0 +1,195 @@
+#ring_strong_parameters
+#
+#Assists implementation of ring level security (http://en.wikipedia.org/wiki/Ring_(computer_security)) with Rails 4 (or Rails 3 with gem) Strong Parameters.
+#
+#Ring Level Security is a simpler alternative to Role Based Security. Rings are arranged in a concentric hierarchy from most-privileged innermost Ring 0 to the least privileged highest ring number. Users have their own ring level which gives them access to that ring and below.
+#
+#For example, a sysadmin could have Ring 0, a website manager ring 1, a customer ring 2, and anonymous users ring 3. A customer would have all the capabilities of anonymous users, and more. Likewise, a website manager has all the capabilities of a customer, and more etc.
+#
+#This inheritance of capabilities of outer rings, and the simple assigning of users to rings, makes security rules less repetitive and easier to write and maintain, minimising dangerous mistakes.
+#
+#This gem does not affect or replace or prevent the standard strong parameters methods from being used in parallel, it merely generates arguments for the standard strong parameters methods.
+#
+#
+#
+#BASIC_FIELDS = [:name, :address]
+#
+#class Deal
+#  ring 1, :write, BASIC_FIELDS
+#  ring 1, :write, :phone
+#  ring 1, :delete
+#  ring 2, :read, BASIC_FIELDS
+#end
+#
+#
+#class DealsController
+#
+#  def update
+#    ring_fields(:write,model)
+#    if ring_can(:write,model,:name)
+#    if ring_can(:delete,model)
+#    model.update(params.permit( ring_fields(:write,model) ))
+#  end
+#
+#end
+
+
+
+class RingStrongParameters
+
+	cattr_accessor :config
+
+	def self.lookup_ring(aRingName)
+		return nil if !aRingName
+		return aRingName if aRingName.is_a?(Fixnum)
+		if ring_names = RingStrongParameters.config[:ring_names]
+			return ring_names[aRingName.to_sym]
+		else
+			return nil
+		end
+	end
+
+end
+
+
+# see http://yehudakatz.com/2009/11/12/better-ruby-idioms/ re class and instance methods and modules
+
+module RingStrongParameters::Model
+
+	def self.included(aClass)
+		aClass.cattr_accessor :rings_fields
+    aClass.rings_fields = []  # [1] => {read: [:name,:address], delete: true}
+		aClass.cattr_accessor :rings_abilities
+    aClass.rings_abilities = []  # [1] => {read: [:name,:address], delete: true}
+    aClass.send :extend, ClassMethods
+  end
+
+	def sanitized_hash(aRing)
+		p_fields = self.class.permitted_fields(:read, aRing)
+		self.attributes.filter_include(p_fields)
+	end
+
+	module ClassMethods
+
+		# supports different formats :
+		# ring :sales, :write => [:name,:address]   ie. sales can write the name and address fields
+		# ring :sales, :read                        ie. sales can read this model
+		# ring :sales, [:read, :create, :destroy]   ie. sales can read, create and destroy this model
+		def ring(aRing,aAbilities)
+			aRing = RingStrongParameters.lookup_ring(aRing)
+			raise "aRing must be a number or a symbol defined in RingStrongParameters.config.ring_names" if !aRing.is_a?(Fixnum)
+
+			if aAbilities.is_a? Hash    # eg. fields like :write => [:name,:address]
+				ring_rec = self.rings_fields[aRing] || {}
+				aAbilities.each do |abilities,fields|
+					abilities = [abilities] unless abilities.is_a?(Array)
+					fields = [fields] unless fields.is_a?(Array)
+					abilities.each do |a|
+						a = a.to_sym
+						ring_fields = ring_rec[a] || []
+						ring_fields = ring_fields + fields.map(&:to_sym)
+						ring_fields.uniq!
+						ring_fields.sort!
+						ring_rec[a] = ring_fields
+					end
+				end
+				self.rings_fields[aRing] = ring_rec
+			elsif aAbilities.is_a?(Array) || aAbilities.is_a?(Symbol)   # eg. abilities like :sales, [:read, :create, :destroy]
+				aAbilities = [aAbilities] unless aAbilities.is_a?(Array)
+				ring_ab = self.rings_abilities[aRing] || []
+				aAbilities.each do |ability|
+					ring_ab << ability.to_sym
+				end
+				ring_ab.uniq!
+				ring_ab.sort!
+				self.rings_abilities[aRing] = ring_ab
+			end
+		end
+
+		def permitted(aAbility,aRing)
+			aRing = RingStrongParameters.lookup_ring(aRing)
+			return [] unless aRing and rings_fields = self.respond_to?(:rings_fields).to_nil && self.rings_fields
+
+			fields = []
+			aRing.upto(rings_fields.length-1) do |i|
+				next unless ring_rec = rings_fields[i]
+				if af = ring_rec[aAbility.to_sym]
+					fields += af if af.is_a?(Array)
+				end
+			end
+			fields.uniq!
+			fields.sort!
+			fields
+		end
+
+		def permitted_fields(aAbility, aRing)
+			result = self.permitted(aAbility, aRing)
+			result.delete_if { |f| self.reflections.has_key? f }
+			result
+		end
+
+		def permitted_associations(aAbility, aRing)
+			aRing = RingStrongParameters.lookup_ring(aRing)
+			return [] unless aRing and rings_fields = self.respond_to?(:rings_fields).to_nil && self.rings_fields
+
+			associations = self.reflections.keys
+
+			fields = []
+			aRing.upto(rings_fields.length-1) do |i|
+				next unless ring_rec = rings_fields[i]
+				if af = ring_rec[aAbility.to_sym]
+					fields += associations & af
+				end
+			end
+			fields.uniq!
+			fields.sort!
+			fields
+		end
+
+		def ring_can?(aAbility, aRing)
+			aRing = RingStrongParameters.lookup_ring(aRing)
+			return [] unless aRing and rings_abilities = self.respond_to?(:rings_abilities).to_nil && self.rings_abilities
+
+			fields = []
+			aRing.upto(rings_abilities.length-1) do |i|
+				next unless ring_ab = rings_abilities[i]
+				return true if ring_ab.include?(aAbility)
+			end
+			return false
+		end
+
+	end
+
+end
+
+#module RingStrongParameters::Controller
+#
+#	#def permitted(aAbility,aModel)
+#	#	# lookup aModel.rings_fields and return fields that current_user can access with given ability
+#	#	aModel = aModel.class if aModel.is_a? ActiveRecord::Base
+#	#	ring = current_user.try(:ring)
+#	#	aModel.permitted(aAbility,ring)
+#	#end
+#
+#	#def permitted_fields(aAbility,aModel)
+#	#	aModel = aModel.class if aModel.is_a? ActiveRecord::Base
+#	#	ring = current_user.try(:ring)
+#	#	aModel.permitted_fields(aAbility,ring)
+#	#end
+#
+#	#def permitted_associations(aAbility,aModel)
+#	#	aUser = current_user
+#	#	aRing = aUser.try(:ring)
+#	#	aModel = aModel.class if aModel.is_a? ActiveRecord::Base
+#	#	aModel.permitted_associations(aAbility, aRing)
+#	#end
+#
+#	#def ring_can?(aAbility,aModel)
+#	#	aModel = aModel.class if aModel.is_a? ActiveRecord::Base
+#	#	aAbility = aAbility.to_sym
+#	#	ring = current_user.try(:ring)
+#	#	aModel.ring_can?(aAbility, ring)
+#	#end
+#
+#end
+

data/lib/kojac/version.rb

@@ -0,0 +1,3 @@
+module Kojac
+  VERSION = "0.9.0"
+end