kojac 0.13.0 → 0.15.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e697fc52a995658f75cf2064bfdb2fe1b1d4d280
-  data.tar.gz: 15edfaca5fd47b4d860ae74382d12ea761f84a4a
+  metadata.gz: c4c2362fb512574c8a5ef15983cca66fd6bd2aab
+  data.tar.gz: 1f23df6b7d057f077b5563523cd7cf86d6e4862f
 SHA512:
-  metadata.gz: 6e0fd6b7d3a30b9ddce381f2c8c4ea477bc7bceeb9df2d6e1f57f8974eda3f33e76c71fb9ce5292788ad28044b8359f10fd1bda2689e0253a89f81568e9c6bc4
-  data.tar.gz: b69cab1d039380b960f25ee761df2b1cdb389090e7e51053c84cbe9896ac45d5721e20a4504fb6079368c1f45503dde681a9c684c93a043d2c9923d3f017f117
+  metadata.gz: a6ca900452043b77c3cdb3433dc3ab4763d9be78483f514f6c09e87c31fed58ef3c67c43ee81f074a45569a70ae1a0f4ff47c4d0b28b711f77b1df7e037f6ae3
+  data.tar.gz: 177f53ce53cdd7f5d3f4afa9128332b78cbd392cfce2b4228cbea2dad4e2666ebb275088eb33e8669bcc14eb931bc399dec2a406d6a6e20206f0b16259a9f603

data/app/assets/javascripts/kojac_ember.js

@@ -280,7 +280,7 @@ Ember.computed.collectIds = function(aCollectionProperty,aPrefix,aModelCachePath
 	 	}
 	 	return objects;
   });
-	return result.property.apply(result, _.compact([aModelCachePath,aCollectionProperty]));
+	return result.property.apply(result, _.compact([aModelCachePath,aCollectionProperty+'.@each']));
 };
 
 Ember.computed.has_many = function(aResource,aForeignKey,aLocalPropertyPath,aModelCachePath,aFilterFn){

data/app/controllers/{kojac_base_controller.rb → kojac_front_controller.rb}

@@ -1,8 +1,10 @@
 require File.expand_path(File.dirname(__FILE__) + '/kojac_front_methods.rb')
 
-class KojacBaseController < ActionController::Base
+class KojacFrontController < ActionController::Base
 
 	include KojacFrontMethods
+	include Kojac::ControllerOpMethods
+
 	respond_to :json
 
 	public

data/app/controllers/kojac_front_methods.rb

@@ -6,40 +6,49 @@ module KojacFrontMethods
 		raise aMessage || "You are not authorized to perform this action"
 	end
 
-	def kojac_current_user
-		current_user
+	def do_op(op)
+		output = nil
+		method = "#{op[:verb].to_s.downcase}_op".to_sym
+		resource = op[:key].split('__').first
+		
+		if controller_class = (resource.camelize+'Controller::KojacController').safe_constantize
+			ctrlr = controller_class.new
+			raise "Unsupported verb #{op[:verb]} on #{class_name}" unless ctrlr.respond_to? method
+			ctrlr.kojac_setup(current_user,op) if ctrlr.respond_to? :kojac_setup
+			output = ctrlr.send method
+		elsif (controller_class = (resource.camelize+'Controller').safe_constantize) and ctrlr = controller_class.new and ctrlr.respond_to?(method) # use rails controller
+		# 	result = controller_class.new
+		#	raise "Unsupported verb #{op[:verb]} on #{class_name}" unless ctrlr.respond_to? method
+			ctrlr.current_user = self.current_user
+			ctrlr.params = {op: op}
+			output = ctrlr.send method
+		# else
+		# 	raise "Controller class #{class_name} not defined" unless
+		else
+			raise "Controller not found for #{resource} resource. Please define #{resource.camelize+'Controller::KojacController'}"
+		end
+		output
 	end
-
+	
 	def process_ops(aInput)
 		result = {}
 		if ops = aInput[:ops]
 			result[:ops] = []
-			ops.each do |op|
-				method = "#{op[:verb].to_s.downcase}_op".to_sym
-				ctrlr = self.controller_for_key(op[:key])
-				if ctrlr.respond_to? method
-					ctrlr.params = {op: op}
-					output = ctrlr.send method
-					result[:ops] << output
+			ops.each_with_index do |op,i|
+				output = do_op(op)
+				if output[:error]
+					result[:error] = output[:error]
+					result[:error_index] = i
+					result.delete :ops
+					break
 				else
-					raise "Unsupported verb #{op[:verb]}"
+					result[:ops] << output
 				end
 			end
 		end
 		result
 	end
 
-	def controller_for_key(aKey)
-		resource = aKey.split('__').first
-		controller_name = resource.camelize+'Controller'
-		if controller = controller_name.constantize
-			result = controller.new
-			result.current_user = self.kojac_current_user
-			result
-		else
-			nil
-		end
-	end
 
 	def process_input(aInputJson)
 		output = nil
@@ -67,7 +76,7 @@ module KojacFrontMethods
 		end
 		send(:after_process, [aInputJson, output]) if respond_to? :after_process
 		status = output[:error] ? :unprocessable_entity : :ok
-		jsono = KojacUtils.to_jsono(output, scope: kojac_current_user)
+		jsono = KojacUtils.to_jsono(output, scope: current_user)
 		[jsono,status]
 	end
 

data/app/policies/concentric_policy.rb

@@ -0,0 +1,131 @@
+class ConcentricPolicy
+
+	class_attribute :filters
+
+  attr_reader :user, :record, :ability
+
+  def initialize(user, record)
+	  raise Pundit::NotAuthorizedError, "must be logged in" unless user
+    @user = user
+    @record = record
+  end
+
+  def unauthorized!(aMessage=nil)
+	  raise Pundit::NotAuthorizedError, aMessage||"You are not authorized to perform this action"
+  end
+
+  def self.allow_filter(aOptions=nil,&block)
+	  aOptions = {all: true} if !aOptions
+	  if rings = aOptions[:ring]
+		  rings = [rings] unless rings.is_a? Array
+		  aOptions[:ring] = rings.map {|r| Concentric.lookup_ring(r) }
+		end
+	  if abilities = aOptions[:ability]
+		  aOptions[:ability] = [abilities] unless abilities.is_a? Array
+	  end
+	  if block
+		  self.filters ||= []
+		  self.filters += [[aOptions,block]]  # double brackets necessary to add an array into the array
+		end
+  end
+
+	# this could use an alternative field or method in future
+  def user_ring
+	  user.ring
+  end
+
+	def apply_filters(aResult)
+		if self.class.filters
+			self.class.filters.each do |f|
+				options, handler = f
+				unless options[:all]
+					if rings = options[:ring]
+						next unless rings.include? user_ring
+					end
+					if abilities = options[:ability]
+						next unless abilities.include? @ability
+					end
+				end
+				aResult = handler.call(self, aResult.clone)   # ring not necessary, use aPolicy.user.ring instead. aAbility not necessary, use aPolicy.ability
+			end
+			aResult.uniq!
+			aResult.sort!
+		end
+		aResult
+	end
+
+  def inner_query_fields(aAbility=nil)
+	  aAbility = @ability = (aAbility || @ability)
+	  raise "Ability must be set or given" unless aAbility
+	  cls = record.is_a?(Class) ? record : record.class
+	  result = cls.permitted(user_ring,aAbility)
+	  result = apply_filters(result)
+	  result
+  end
+
+	def permitted_attributes(aAbility=nil)
+		inner_query_fields(aAbility)
+	end
+
+  def permitted_fields(aAbility=nil)
+	  result = inner_query_fields(aAbility)
+	  cls = record.is_a?(Class) ? record : record.class
+		result.delete_if { |f| cls.reflections.has_key? f }
+		result
+	end
+
+	def permitted_associations(aAbility=nil)
+	  result = inner_query_fields(aAbility)
+	  cls = record.is_a?(Class) ? record : record.class
+		result.delete_if { |f| !cls.reflections.has_key? f }
+		result
+	end
+
+	def inner_query_ability(aAbility)
+		@ability = aAbility
+		inner_query_fields.length > 0
+	end
+
+  # kojac methods
+  def create?
+	  inner_query_ability(:create)
+  end
+
+  def read?
+	  inner_query_ability(:read)
+  end
+
+  def write?
+	  inner_query_ability(:write)
+  end
+
+  def destroy?
+	  inner_query_ability(:destroy)
+  end
+
+  # rails methods
+  def index?
+	  inner_query_ability(:read)
+  end
+
+  def show?
+	  inner_query_ability(:read)
+  end
+
+  def new?
+	  inner_query_ability(:create)
+  end
+
+  def update?
+	  inner_query_ability(:write)
+  end
+
+  def edit?
+	  inner_query_ability(:write)
+  end
+
+  def scope
+    Pundit.policy_scope!(user, record.class)
+  end
+
+end

data/app/policies/kojac_base_policy.rb

@@ -1,154 +1,2 @@
-class KojacBasePolicy
-
-	class_attribute :filters
-
-  attr_reader :user, :record, :op
-
-  def initialize(user, record, op=nil)
-	  raise Pundit::NotAuthorizedError, "must be logged in" unless user
-    @user = user
-    @record = record
-	  @op = op
-  end
-
-  def unauthorized!(aMessage=nil)
-	  raise Pundit::NotAuthorizedError, aMessage||"You are not authorized to perform this action"
-  end
-
-	def self.ability_from_op(aOp)
-	  return nil unless aOp
-	  case aOp[:verb]
-			when 'CREATE'
-			when 'UPDATE'
-				:write
-			when 'READ'
-				:read
-			when 'ADD'
-				:add
-			when 'REMOVE'
-				:remove
-			when 'CREATE_ON'
-				:create_on
-		end
-  end
-
-  def self.allow_filter(aOptions=nil,&block)
-	  aOptions = {all: true} if !aOptions
-	  if rings = aOptions[:ring]
-		  rings = [rings] unless rings.is_a? Array
-		  aOptions[:ring] = rings.map {|r| Concentric.lookup_ring(r) }
-		end
-	  if abilities = aOptions[:ability]
-		  aOptions[:ability] = [abilities] unless abilities.is_a? Array
-	  end
-	  if block
-		  self.filters ||= []
-		  self.filters += [[aOptions,block]]  # double brackets necessary to add an array into the array
-		end
-  end
-
-  def query_ring
-	  user.ring
-  end
-
-	def apply_filters(aResult, aAbility)
-		if self.class.filters
-			self.class.filters.each do |f|
-				options, handler = f
-				unless options[:all]
-					if rings = options[:ring]
-						next unless rings.include? query_ring
-					end
-					if abilities = options[:ability]
-						next unless abilities.include? aAbility
-					end
-				end
-				aResult = handler.call(self, aResult.clone, query_ring, aAbility)
-			end
-			aResult.uniq!
-			aResult.sort!
-		end
-		aResult
-	end
-
-  def inner_query_fields(aAbility)
-	  cls = record.is_a?(Class) ? record : record.class
-	  result = cls.permitted(query_ring,aAbility)
-	  result = apply_filters(result, aAbility)
-	  result
-  end
-
-	def inner_query_record(aAbility)
-		inner_query_fields(aAbility).length > 0
-	end
-
-	def permitted_attributes(aAbility=nil)
-		#raise "Ability from op no longer supported" if !aAbility && @op && @op[:verb]
-		aAbility ||= self.class.ability_from_op(@op)
-		raise "ability not given" unless aAbility
-		fields = inner_query_fields(aAbility)
-
-		#cls = record.is_a?(Class) ? record : record.class
-		#fields = cls.permitted(query_ring,aAbility)
-		#result = apply_filters(fields,aAbility)
-		fields
-	end
-
-  def permitted_fields(aAbility=nil)
-	  result = permitted_attributes(aAbility)
-	  cls = record.is_a?(Class) ? record : record.class
-		result.delete_if { |f| cls.reflections.has_key? f }
-		result
-	end
-
-	def permitted_associations(aAbility=nil)
-	  result = permitted_attributes(aAbility)
-	  cls = record.is_a?(Class) ? record : record.class
-		result.delete_if { |f| !cls.reflections.has_key? f }
-		result
-	end
-
-  # kojac methods
-  def create?
-	  inner_query_record(:create)
-  end
-
-  def read?
-	  inner_query_record(:read)
-  end
-
-  def write?
-	  inner_query_record(:write)
-  end
-
-  def destroy?
-	  inner_query_record(:destroy)
-  end
-
-  # rails methods
-  def index?
-	  inner_query_record(:read)
-  end
-
-  def show?
-	  inner_query_record(:read)
-  end
-
-  def new?
-	  inner_query_record(:create)
-  end
-
-  def update?
-	  inner_query_record(:write)
-  end
-
-  def edit?
-	  inner_query_record(:write)
-  end
-
-  def scope
-    Pundit.policy_scope!(user, record.class)
-  end
-
+class KojacBasePolicy < ConcentricPolicy
 end
-

data/app/serializers/kojac_base_serializer.rb

@@ -1,3 +1,5 @@
+require 'active_model/serializer'
+
 class KojacBaseSerializer < ActiveModel::Serializer
 
 	self.root = false
@@ -10,7 +12,7 @@ class KojacBaseSerializer < ActiveModel::Serializer
 
 	def attributes
 		attrs = nil
-		source = if policy = Kojac::policy(scope,object)
+		source = if policy = Pundit::policy(scope,object)
 			attrs = policy.permitted_attributes(:read).map(&:to_s)
 			object.attributes
 		elsif object.respond_to? :attributes

data/kojac.gemspec

@@ -28,7 +28,8 @@ Gem::Specification.new do |s|
 
   #s.add_runtime_dependency "jquery-rails"
   #s.add_runtime_dependency "rails", ">= 3.1"
-  # s.add_development_dependency "rspec-rails"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "rspec"
   # s.add_development_dependency "canjs-rails"
   # s.add_development_dependency "ember-rails"
   # s.add_development_dependency "jquery-rails"

data/lib/kojac/concentric.rb

@@ -33,7 +33,20 @@
 #
 #end
 
-
+# Update: 2015-03-26
+#
+# * Extracted ConcentricPolicy from Kojac
+# * Concentric is now a way of creating Pundit policies based on ConcentricPolicy. It allows shorthand ring security for
+# simple scenarios, then allow_filter for refinement and arbitrary complex logic to be implemented
+# * Concentric works on the simple idea that there are 4 basic abilities: read, write, create and delete.
+# * Read and write apply primarily to fields; create and delete apply to records.
+# * Creating a record requires the ability to create the record, then normally you require the ability to write some fields.
+# * In order to read a record, you need the ability to read at least one field
+# * In order to write to a record, you need the ability to write at least one field
+# * In order to delete a record, you need the ability to delete the record
+# * With Concentric you first use the ring and
+#
+# implement Pundit Policy classes and methods (eg. update? show?) by querying these 4 abilities
 
 class Concentric
 
@@ -67,29 +80,29 @@ module Concentric::Model
 
 	def self.included(aClass)
 		aClass.cattr_accessor :rings_abilities
-    aClass.rings_abilities = []  # [1] => {read: [:name,:address], delete: true}
+    aClass.rings_abilities = {}  # [1] => {read: [:name,:address], delete: true}
     aClass.send :extend, ClassMethods
   end
 
 	module ClassMethods
 
 		# supports different formats :
-		# ring :sales, :write => [:name,:address]   ie. sales can write the name and address fields
-		# ring :sales, :read                        ie. sales can read this model
-		# ring :sales, [:read, :create, :destroy]   ie. sales can read, create and destroy this model
-		def ring(aRing,aAbilities)
+		# allow :sales, :write => [:name,:address]   ie. sales can write the name and address fields
+		# allow :sales, :read                        ie. sales can read this model
+		# allow :sales, [:read, :create, :destroy]   ie. sales can read, create and destroy this model
+		def allow(aRing,aAbilities)
 			#aRing.each {|r| ring(r,aAbilities)} and return if aRing.is_a? Array shouldn't need this because of ring system
 			aRing = Concentric.lookup_ring(aRing)
 			raise "aRing must be a number or a symbol defined in Concentric.config.ring_names" if !aRing.is_a?(Fixnum)
 			raise "aAbilities must be a Hash" unless aAbilities.is_a? Hash # eg. :write => [:name,:address]
 
 			ring_rec = self.rings_abilities[aRing]
-				aAbilities.each do |abilities,fields|
-					abilities = [abilities] unless abilities.is_a?(Array)
-					fields = [fields] unless fields.is_a?(Array)
+			aAbilities.each do |abilities, fields|
+				abilities = [abilities] unless abilities.is_a?(Array)
+				fields = [fields] unless fields.is_a?(Array)
 				next if fields.empty?
-					abilities.each do |a|
-						a = a.to_sym
+				abilities.each do |a|
+					a = a.to_sym
 					ring_rec ||= {}
 					if fields==[:this]
 						ring_rec[a] = true unless ring_rec[a].to_nil
@@ -106,6 +119,11 @@ module Concentric::Model
 			end
 		end
 
+		# deprecated
+		def ring(aRing,aAbilities)
+			allow(aRing,aAbilities)
+		end
+
 		# returns properties that this ring can use this ability on
 		def permitted(aRing,aAbility)
 			aRing = Concentric.lookup_ring(aRing)
@@ -113,7 +131,9 @@ module Concentric::Model
 			return [] unless aRing and rings_abilities = self.respond_to?(:rings_abilities) && self.rings_abilities.to_nil
 
 			fields = []
-			aRing.upto(rings_abilities.length-1) do |i|
+			ring_keys = rings_abilities.keys.sort
+			ring_keys.each do |i|
+				next unless i >= aRing
 				next unless ring_rec = rings_abilities[i]
 				if af = ring_rec[aAbility.to_sym]
 					next if af==true
@@ -128,7 +148,7 @@ module Concentric::Model
 		# Query
 		# aFields specifies fields you require to act on
 		# This is no longer used by KojacBasePolicy because it does not observe its filters that operate on fields. It may still provide a faster check when there are no filters applied
-		def ring_can?(aRing,aAbility,aFields=nil)
+		def allowed?(aRing,aAbility,aFields=nil)
 			if aFields
 				pf = permitted(aRing,aAbility)
 				if aFields.is_a? Array
@@ -141,13 +161,20 @@ module Concentric::Model
 			aRing = Concentric.lookup_ring(aRing)
 			return [] unless aRing and rings_abilities = self.respond_to?(:rings_abilities).to_nil && self.rings_abilities
 
-			aRing.upto(rings_abilities.length-1) do |i|
+			ring_keys = rings_abilities.keys.sort
+			ring_keys.each do |i|
+				next unless i >= aRing
 				next unless ring_rec = rings_abilities[i]
 				return true if ring_rec[aAbility.to_sym].to_nil
 			end
 			return false
 		end
 
+		# deprecated
+		def ring_can?(aRing,aAbility,aFields=nil)
+			allowed?(aRing,aAbility,aFields)
+		end
+
 	end
 
 end

data/lib/kojac/kojac_controller.rb

@@ -0,0 +1,7 @@
+module Kojac
+	class KojacController
+		include ::Kojac::ControllerOpMethods
+
+	  attr_accessor :op, :options, :verb, :key, :value, :error, :params, :current_user
+	end
+end