live_record 0.2.6 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: '09689222ba6751a8e3dbeee86e5a1b650efbcad5'
-  data.tar.gz: 475e74270ad477bc58bbc426b315a0d5c3154b7a
+  metadata.gz: 186f7837ba3477c89c64825de64ab23966f633f0
+  data.tar.gz: 8a1d31b23fdbf06a16fb18e0c3460b6f90d77d6a
 SHA512:
-  metadata.gz: dfdbaeb4e262ed2cd2c8ae08ef501217cdeca8e7e280e0c251bdea881a9ce1255fbb3e02c39d1cb11c4c66969105d4e47eb02c0967aae33494e2ebc8375b4d60
-  data.tar.gz: 9117d8f61628a0839862f93e15bb73bbee42ee65ca5e96a60f18e6a7fa7129477fa11e8c4e3c5aa64c4d3f382c9e9aa7b23b58ef0654f964094b21e2e393fd0b
+  metadata.gz: 72b4f7a7ecd74ad4b4f4ad6d5f9d74ce5561d5ebaee4982a0313b3567331810a1e4bcf554d3f90b276a04a1c7b111b999f700bc178d705ebd125a4d27d63ebeb
+  data.tar.gz: 8035a50ec324b8e19f3f143a48379ef510336ffa0f781461fa57df8e1ce0fa964f3ccb7622e1c2125fc3c1724878fdc868165a4af3cef8989af6ede5affb58a8

data/README.md

@@ -35,7 +35,7 @@
   // subscribe and auto-receive newly created Book records from the Rails server
   LiveRecord.Model.all.Book.subscribe()
 
-  // ... or also load all Book records as well (not just the new ones)
+  // ... or also load all Book records as well, and then subscribes for new ones that will be created
   // LiveRecord.Model.all.Book.subscribe({reload: true})
 
   // ...or only those which are enabled (you can also combine this with `reload: true`)
@@ -108,6 +108,16 @@
         []
       end
     end
+
+    def self.live_record_queryable_attributes(current_user)
+      # Add attributes to this array that you would like `current_user` to be able to query upon on the `subscribe({where: {...}}) function`
+      # empty array means not-authorised
+      if current_user.isAdmin?
+        [:title, :author, :created_at, :updated_at, :reference_id, :origin_address]
+      else
+        []
+      end
+    end
   end
   ```
 
@@ -117,7 +127,7 @@
 1. Add the following to your `Gemfile`:
 
     ```ruby
-    gem 'live_record', '~> 0.2.6'
+    gem 'live_record', '~> 0.2.7'
     ```
 
 2. Run:
@@ -172,6 +182,12 @@
         # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
         [:title, :author, :created_at, :updated_at]
       end
+
+      def self.live_record_queryable_attributes(current_user)
+        # Add attributes to this array that you would like current_user to query upon when using `.subscribe({where: {...})`
+        # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
+        [:title, :author, :created_at, :updated_at]
+      end
     end
     ```
 
@@ -194,6 +210,13 @@
           []
         end
       end
+
+      def self.live_record_queryable_attributes(current_user)
+        # this method should look like your `live_record_whitelisted_attributes` above, only except if you want to further customise this for flexibility
+        # or... that you may just simply return `[]` (empty array) if you do not want to allow users to use `subscribe()`
+        # also take note that this method only has `current_user` argument compared to `live_record_whitelisted_attributes` above which also has the `book` argument. This is intended for SQL performance reasons
+        [:title, :author, :created_at, :updated_at]
+      end
     end
     ```
 
@@ -348,6 +371,24 @@
     })
     ```
 
+    ### Example 3 - Using `Subscribe({reload: true})`
+
+    > You may also load records from the backend by using `subscribe({reload: true})`. `subscribe()` just auto-loads NEW records that will be created, while `subscribe({reload: true})` first loads ALL records (subject to its {where: ...} condition), and then also auto-loads new records that will be created
+
+    ```js
+    var subscription = LiveRecord.Model.all.Book.subscribe({
+      reload: true,
+      where: { title_matches: '%Harry Potter%' },
+      callbacks: {
+        'after:create': function(book) {
+          console.log('Created the following', book);
+        }
+      }
+    });
+    ```
+
+    > Take note however that `subscribe()` above not only LOADS but also SUBSCRIBES! See 9. below for details
+
 9. To automatically receive new Book records, and/or also load the old ones, you may subscribe:
 
     ```js
@@ -401,16 +442,22 @@
           [:title, :is_enabled]
         end
 
+        ## this method will be invoked when `subscribe()` is called
+        ## but, you should not use this method when using `ransack` gem!
+        ## ransack's methods like `ransackable_attributes` below will be invoked instead
+        # def self.live_record_queryable_attributes(book, current_user)
+        #   [:title, :is_enabled]
+        # end
+
         private
 
-        # see ransack gem for more details: https://github.com/activerecord-hackery/ransack#authorization-whitelistingblacklisting
-        # you can write your own columns here, but you may just simply allow ALL COLUMNS to be searchable, because the `live_record_whitelisted_attributes` method above will be also called anyway, and therefore just simply handle whitelisting there.
-        # therefore you can actually remove the whole `self.ransackable_attributes` method below
+        # see ransack gem for more details regarding Authorization: https://github.com/activerecord-hackery/ransack#authorization-whitelistingblacklisting
 
-        ## LiveRecord passes the `current_user` into `auth_object`, so you can access `current_user` inside below
-        # def self.ransackable_attributes(auth_object = nil)
-        #   column_names + _ransackers.keys
-        # end
+        # this method will be invoked when `subscribe()` is called
+        # LiveRecord passes the `current_user` into `auth_object`, so you can access `current_user` inside below
+        def self.ransackable_attributes(auth_object = nil)
+          column_names + _ransackers.keys
+        end
       end
       ```
 
@@ -505,8 +552,8 @@
     * `callbacks`: (Object)
       * `on:connect`: (function Object)
       * `on:disconnect`: (function Object)
-      * `before:create`: (function Object)
-      * `after:create`: (function Object)
+      * `before:create`: (function Object; function argument = record)
+      * `after:create`: (function Object; function argument = record)
   * subscribes to the `LiveRecord::PublicationsChannel`, which then automatically receives new records from the backend.
   * when `reload: true`, all records (subject to `where` condition above) are immediately loaded, and not just the new ones.
   * you can also pass in `callbacks` (see above). These callbacks are only applicable to this subscription, and is independent of the Model and Instance callbacks.
@@ -525,6 +572,8 @@
     * `gteq` greater than or equal to; i.e. `created_at_gteq: '2017-12-291T13:47:59.238Z'`
     * `in` in Array; i.e. `id_in: [2, 56, 19, 68]`
     * `not_in` in Array; i.e. `id_not_in: [2, 56, 19, 68]`
+    * `matches` matches using SQL `LIKE`; i.e. `matches: '%Harry Potter%'`
+    * `does_not_match` does not match using SQL `NOT LIKE`; i.e. `does_not_match: '%Harry Potter%'`
 
 ### `MODEL.unsubscribe(SUBSCRIPTION)`
   * unsubscribes to the `LiveRecord::PublicationsChannel`, thereby will not be receiving new records anymore.
@@ -610,6 +659,12 @@
 * MIT
 
 ## Changelog
+* 0.2.7
+  * improved performance when using `subscribe({reload: true})`, but by doing so, I am forced to a conscious decision to have another separate model method for "queryable" attributes: `live_record_queryable_attributes`, which both has `pro` and `cons`
+    * pros:
+      * greatly sped up SQL for loading of data
+    * pro & con: now two methods in model: `live_record_whitelisted_attributes` and `live_record_queryable_attributes` which should have mostly the same code [(see some differences above)]('#example-1---simple-usage') which makes it repetitive to some degree, although this allows more flexibility.
+  * added `matches` and `does_not_match` filters
 * 0.2.6
   * fixed minor bug where `MODELINSTANCE.changes` do not accurately work on NULL values.
 * 0.2.5

data/app/assets/javascripts/live_record/model/create.coffee

@@ -4,7 +4,7 @@ LiveRecord.Model.create = (config) ->
   config.plugins != undefined || config.callbacks = {}
 
   # NEW
-  Model = (attributes) ->
+  Model = (attributes = {}) ->
     @attributes = attributes
 
     Object.keys(@attributes).forEach (attribute_key) ->
@@ -89,14 +89,25 @@ LiveRecord.Model.create = (config) ->
         config.callbacks['on:disconnect'].call(this) if config.callbacks['on:disconnect']
 
       received: (data) ->
-        @onAction[data.action].call(this, data)
+        if data.error
+          @liveRecord._staleSince = (new Date()).toISOString() unless @liveRecord._staleSince
+          @onError[data.error.code].call(this, data)
+        else
+          @onAction[data.action].call(this, data)
 
       onAction:
         create: (data) ->
-          config.callbacks['before:create'].call(this, data) if config.callbacks['before:create']
           record = new Model(data.attributes)
+          config.callbacks['before:create'].call(this, record) if config.callbacks['before:create']
           record.create()
-          config.callbacks['after:create'].call(this, data) if config.callbacks['after:create']
+          config.callbacks['after:create'].call(this, record) if config.callbacks['after:create']
+
+      # handler for received() callback above
+      onError:
+        forbidden: (data) ->
+          console.error('[LiveRecord Response Error]', data.error.code, ':', data.error.message, 'for', this)
+        bad_request: (data) ->
+          console.error('[LiveRecord Response Error]', data.error.code, ':', data.error.message, 'for', this)
 
       syncRecords: ->
         @perform(

data/app/assets/javascripts/live_record/plugins/live_dom/apply_to_model.coffee

@@ -8,10 +8,10 @@ LiveRecord.plugins.LiveDOM.applyToModel = (Model, pluginValue) ->
     $updatableElements = domContext.find('[data-live-record-update-from]')
 
     for key, value of this.attributes
-      $updatableElements.filter('[data-live-record-update-from="' + Model.modelName + '-' + this.id() + '-' + key + '"]').text(this[key]())
+      $updatableElements.filter('[data-live-record-update-from="' + Model.modelName + '-' + this.id() + '-' + key + '"]').text(this.attributes[key])
 
   Model._destroyDomCallback = ->
     $('[data-live-record-destroy-from="' + Model.modelName + '-' + this.id() + '"]').remove()
-  
+
   Model.addCallback('after:update', Model._updateDomCallback)
   Model.addCallback('after:destroy', Model._destroyDomCallback)

data/app/channels/live_record/base_channel.rb

@@ -4,7 +4,7 @@ class LiveRecord::BaseChannel < ActionCable::Channel::Base
 
   def authorised_attributes(record, current_user)
     whitelisted_attributes = record.class.live_record_whitelisted_attributes(record, current_user)
-    raise "#{record.model}.live_record_whitelisted_attributes should return an array" unless whitelisted_attributes.is_a? Array 
+    raise "#{record.model}.live_record_whitelisted_attributes should return an array" unless whitelisted_attributes.is_a? Array
     ([:id] + whitelisted_attributes).map(&:to_s).to_set
   end
 
@@ -38,4 +38,4 @@ class LiveRecord::BaseChannel < ActionCable::Channel::Base
       transmit error: { 'code' => 'bad_request', 'message' => (message || 'Invalid request parameters') }
     end
   end
-end
+end

data/app/channels/live_record/publications_channel.rb

@@ -14,19 +14,22 @@ class LiveRecord::PublicationsChannel < LiveRecord::BaseChannel
       reject_subscription
     end
 
+    if !(model_class && model_class.live_record_queryable_attributes(current_user).present?)
+      respond_with_error(:forbidden, 'You do not have privileges to query')
+      reject_subscription
+    end
+
     stream_from "live_record:publications:#{params[:model_name].underscore}", coder: ActiveSupport::JSON do |message|
       newly_created_record = model_class.find(message['attributes']['id'])
 
-      @authorised_attributes ||= authorised_attributes(newly_created_record, current_user)
-
       active_record_relation = SearchAdapters.mapped_active_record_relation(
         model_class: model_class,
         conditions_hash: params[:where].to_h,
-        current_user: current_user,
-        authorised_attributes: @authorised_attributes
+        current_user: current_user
       )
 
       if active_record_relation.exists?(id: newly_created_record.id)
+        @authorised_attributes ||= authorised_attributes(newly_created_record, current_user)
         # if not just :id
         if @authorised_attributes.size > 1
           message = { 'action' => 'create', 'attributes' => message['attributes'] }
@@ -42,96 +45,31 @@ class LiveRecord::PublicationsChannel < LiveRecord::BaseChannel
     model_class = params[:model_name].safe_constantize
 
     if model_class && model_class < ApplicationRecord
-      records = model_class.all
+
+      active_record_relation = SearchAdapters.mapped_active_record_relation(
+        model_class: model_class,
+        conditions_hash: params[:where].to_h,
+        current_user: current_user,
+      )
 
       if params[:stale_since].present?
-        records = records.where(
+        active_record_relation = active_record_relation.where(
           'created_at >= ?', DateTime.parse(params[:stale_since]) - LiveRecord.configuration.sync_record_buffer_time
         )
       end
 
       # we `transmmit` a message back to client for each matching record
-      records.find_each do |record|
-        # now we check each record if it is part of the "where" condition
+      active_record_relation.find_each do |record|
+        # but first, check for the authorised attributes, if exists
         current_authorised_attributes = authorised_attributes(record, current_user)
 
-        active_record_relation = SearchAdapters.mapped_active_record_relation(
-          model_class: model_class,
-          conditions_hash: params[:where].to_h,
-          current_user: current_user,
-          authorised_attributes: current_authorised_attributes
-        )
-
-        if active_record_relation.exists?(id: record)
-          message = { 'action' => 'create', 'attributes' => record.attributes }
-          response = filtered_message(message, current_authorised_attributes)
-          transmit response if response.present?
-        end
+        message = { 'action' => 'create', 'attributes' => record.attributes }
+        response = filtered_message(message, current_authorised_attributes)
+        transmit response if response.present?
       end
     else
       respond_with_error(:bad_request, 'Not a correct model name')
       reject_subscription
     end
   end
-
-  module SearchAdapters
-    def self.mapped_active_record_relation(**args)
-      # if ransack is loaded, use ransack
-      if Gem.loaded_specs.has_key? 'ransack'
-        active_record_relation = RansackAdapter.mapped_active_record_relation(args)
-      else
-        active_record_relation = ActiveRecordDefaultAdapter.mapped_active_record_relation(args)
-      end
-      active_record_relation
-    end
-
-    module RansackAdapter
-      def self.mapped_active_record_relation(**args)
-        model_class = args.fetch(:model_class)
-        conditions_hash = args.fetch(:conditions_hash)
-        current_user = args.fetch(:current_user)
-
-        model_class.ransack(conditions_hash, auth_object: current_user).result
-      end
-    end
-
-    module ActiveRecordDefaultAdapter
-      def self.mapped_active_record_relation(**args)
-        model_class = args.fetch(:model_class)
-        conditions_hash = args.fetch(:conditions_hash)
-        authorised_attributes = args.fetch(:authorised_attributes)
-
-        current_active_record_relation = model_class.all
-
-        conditions_hash.each do |key, value|
-          operator = key.split('_').last
-          # to get attribute_name, we subtract the end part of the string with size of operator substring; i.e.: created_at_lteq -> created_at
-          attribute_name = key[0..(-1 - operator.size - 1)]
-
-          if authorised_attributes == :all || authorised_attributes.include?(attribute_name)
-            case operator
-            when 'eq'
-              current_active_record_relation = current_active_record_relation.where(attribute_name => value)
-            when 'not_eq'
-              current_active_record_relation = current_active_record_relation.where.not(attribute_name => value)
-            when 'gt'
-              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].gt(value))
-            when 'gteq'
-              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].gteq(value))
-            when 'lt'
-              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].lt(value))
-            when 'lteq'
-              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].lteq(value))
-            when 'in'
-              current_active_record_relation = current_active_record_relation.where(attribute_name => Array.wrap(value))
-            when 'not_in'
-              current_active_record_relation = current_active_record_relation.where.not(attribute_name => Array.wrap(value))
-            end
-          end
-        end
-
-        current_active_record_relation
-      end
-    end
-  end
 end

data/app/channels/live_record/publications_channel/search_adapters.rb

@@ -0,0 +1,68 @@
+class LiveRecord::PublicationsChannel
+
+  module SearchAdapters
+    def self.mapped_active_record_relation(**args)
+      # if ransack is loaded, use ransack
+      if Gem.loaded_specs.has_key? 'ransack'
+        active_record_relation = RansackAdapter.mapped_active_record_relation(args)
+      else
+        active_record_relation = ActiveRecordDefaultAdapter.mapped_active_record_relation(args)
+      end
+      active_record_relation
+    end
+
+    module RansackAdapter
+      def self.mapped_active_record_relation(**args)
+        model_class = args.fetch(:model_class)
+        conditions_hash = args.fetch(:conditions_hash)
+        current_user = args.fetch(:current_user)
+
+        model_class.ransack(conditions_hash, auth_object: current_user).result
+      end
+    end
+
+    module ActiveRecordDefaultAdapter
+      def self.mapped_active_record_relation(**args)
+        model_class = args.fetch(:model_class)
+        conditions_hash = args.fetch(:conditions_hash)
+        current_user = args.fetch(:current_user)
+
+        current_active_record_relation = model_class.all
+        queryable_attributes = model_class.live_record_queryable_attributes(current_user)
+
+        conditions_hash.each do |key, value|
+          operator = key.split('_').last
+          # to get attribute_name, we subtract the end part of the string with size of operator substring; i.e.: created_at_lteq -> created_at
+          attribute_name = key[0..(-1 - operator.size - 1)].to_sym
+
+          if queryable_attributes.include?(attribute_name)
+            case operator
+            when 'eq'
+              current_active_record_relation = current_active_record_relation.where(attribute_name => value)
+            when 'not_eq'
+              current_active_record_relation = current_active_record_relation.where.not(attribute_name => value)
+            when 'gt'
+              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].gt(value))
+            when 'gteq'
+              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].gteq(value))
+            when 'lt'
+              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].lt(value))
+            when 'lteq'
+              current_active_record_relation = current_active_record_relation.where(model_class.arel_table[attribute_name].lteq(value))
+            when 'in'
+              current_active_record_relation = current_active_record_relation.where(attribute_name => Array.wrap(value))
+            when 'not_in'
+              current_active_record_relation = current_active_record_relation.where.not(attribute_name => Array.wrap(value))
+            when 'matches'
+              current_active_record_relation = current_active_record_relation.where("#{attribute_name} LIKE ?", value)
+            when 'does_not_match'
+              current_active_record_relation = current_active_record_relation.where("#{attribute_name} NOT LIKE ?", value)
+            end
+          end
+        end
+
+        current_active_record_relation
+      end
+    end
+  end
+end

data/lib/live_record/generators/templates/model.rb.rb

@@ -9,14 +9,35 @@ class <%= class_name %> < <%= parent_class_name.classify %>
 <% if attributes.any?(&:password_digest?) -%>
   has_secure_password
 <% end -%>
-  
+
   include LiveRecord::Model::Callbacks
   has_many :live_record_updates, as: :recordable, dependent: :destroy
 
   def self.live_record_whitelisted_attributes(<%= class_name.underscore %>, current_user)
-    # Add attributes to this array that you would like current_user to have access to.
+    # Add attributes to this array that you would like current_user client to be able to receive
+    # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
+    # i.e. if this file is a User model, and that a User has been created/updated in the backend,
+    # then only these whitelisted attributes will be sent to this current_user client
+    # Empty array means unauthorized
+    # Example:
+    # [:email, :name, :is_admin, :group_id, :created_at, :updated_at]
+    []
+  end
+
+  def self.live_record_queryable_attributes(current_user)
+    # This method only applies when not using `ransack` gem!
+    # If you're using ransack gem, instead of this method, use one or more of the ransack methods:
+    # see https://github.com/activerecord-hackery/ransack#authorization-whitelistingblacklisting
+    #
+    # Add attributes to this array that you would like current_user client to be able to query upon when "subscribing"
     # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
+    # i.e. if a current_user client subscribes to "new records creation" using `.subscribe({where: {...}})`,
+    # then only these attributes will be considered in the "{where: ...}" argument
+    # if you're using `ransack` gem, use `ransackable_attributes`
+    # Empty array means unauthorized
+    # Example:
+    # [:email, :name, :is_admin, :group_id, :created_at, :updated_at]
     []
   end
 end
-<% end -%>
+<% end -%>

data/lib/live_record/version.rb

@@ -1,3 +1,3 @@
 module LiveRecord
-  VERSION = '0.2.6'.freeze
+  VERSION = '0.2.7'.freeze
 end

data/spec/features/live_record_syncing_spec.rb

@@ -98,7 +98,9 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
   scenario 'JS-Client receives live new (create) post records where specified "conditions" matched', js: true do
     visit '/posts'
 
-    sleep(5)
+    # wait first for all posts to be loaded
+    wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+    expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
 
     post4 = create(:post, id: 98, is_enabled: true)
     post5 = create(:post, id: 99, is_enabled: false)
@@ -114,7 +116,9 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
   scenario 'JS-Client receives live new (create) post records where only considered "conditions" are the whitelisted authorised attributes', js: true do
     visit '/posts'
 
-    sleep(5)
+    # wait first for all posts to be loaded
+    wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+    expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
 
     # in index.html.erb:
     # LiveRecord.Model.all.Post.subscribe({ where: { is_enabled: true, content: 'somecontent' }});
@@ -133,7 +137,9 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
   scenario 'JS-Client receives live new (create) post records having only the whitelisted authorised attributes', js: true do
     visit '/posts'
 
-    sleep(5)
+    # wait first for all posts to be loaded
+    wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+    expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
 
     post4 = create(:post, is_enabled: true, title: 'sometitle', content: 'somecontent')
 
@@ -142,6 +148,44 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
     expect(evaluate_script("LiveRecord.Model.all.Post.all[#{post4.id}].content()")).to eq nil
   end
 
+  scenario 'JS-Client should not have shared callbacks for those callbacks defined only for a particular post record', js: true do
+    visit '/posts'
+
+    # wait first for all posts to be loaded
+    wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+    expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
+
+    execute_script(
+      <<-eos
+      var post1 = LiveRecord.Model.all.Post.all[#{post1.id}];
+      var someCallbackFunction = function() {};
+      post1.addCallback('after:create', someCallbackFunction);
+      eos
+    )
+
+    expect(evaluate_script("LiveRecord.Model.all.Post.all[#{post2.id}]._callbacks['after:create'].length")).to eq 0
+  end
+
+  scenario 'JS-Client should receive response :forbidden error when using `subscribe()` but that the current_user is forbidden to do so', js: true do
+    visit '/posts'
+
+    # wait first for all posts to be loaded
+    wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+    expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
+
+    expect_any_instance_of(LiveRecord::BaseChannel).to(
+      receive(:respond_with_error).with(:forbidden, 'You do not have privileges to query').once
+    )
+
+    execute_script(
+      <<-eos
+      LiveRecord.Model.all.User.subscribe();
+      eos
+    )
+
+    sleep(5)
+  end
+
   # see spec/internal/app/models/post.rb to view specified whitelisted attributes
   context 'when client got disconnected, and then reconnected' do
     scenario 'JS-Client resyncs stale records', js: true do
@@ -150,9 +194,11 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
 
       visit '/posts'
 
-      sleep(5)
+      # wait first for all posts to be loaded
+      wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+      expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
 
-      disconnection_time = 20 # seconds
+      disconnection_time = 10 # seconds
 
       Thread.new do
         sleep(2)
@@ -180,9 +226,11 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
     scenario 'JS-Client receives all post records created during the time it got disconnected', js: true do
       visit '/posts'
 
-      sleep(5)
+      # wait first for all posts to be loaded
+      wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == Post.all.count }, duration: 10.seconds
+      expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be Post.all.count
 
-      disconnection_time = 20 # seconds
+      disconnection_time = 10 # seconds
 
       post_created_before_disconnection = nil
       post_created_while_disconnected_1 = nil
@@ -215,22 +263,5 @@ RSpec.feature 'LiveRecord Syncing', type: :feature do
       wait before: -> { evaluate_script("LiveRecord.Model.all.Post.all[#{post_created_before_disconnection.id}] == undefined") }, becomes: -> (value) { value == false }
       expect(evaluate_script("LiveRecord.Model.all.Post.all[#{post_created_before_disconnection.id}] == undefined")).to be true
     end
-
-    scenario 'JS-Client should not have shared callbacks for those callbacks defined only for a particular post record', js: true do
-      visit '/posts'
-
-      wait before: -> { evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length") }, becomes: -> (value) { value == posts.count }, duration: 10.seconds
-      expect(evaluate_script("Object.keys( LiveRecord.Model.all.Post.all ).length")).to be posts.count
-
-      execute_script(
-        <<-eos
-        var post1 = LiveRecord.Model.all.Post.all[#{post1.id}];
-        var someCallbackFunction = function() {};
-        post1.addCallback('after:create', someCallbackFunction);
-        eos
-      )
-
-      expect(evaluate_script("LiveRecord.Model.all.Post.all[#{post2.id}]._callbacks['after:create'].length")).to eq 0
-    end
   end
 end

data/spec/internal/app/models/post.rb

@@ -5,8 +5,29 @@ class Post < ApplicationRecord
   has_many :live_record_updates, as: :recordable, dependent: :destroy
 
   def self.live_record_whitelisted_attributes(post, current_user)
-    # Add attributes to this array that you would like current_user to have access to.
+    # Add attributes to this array that you would like current_user client to be able to receive
     # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
+    # i.e. if this file is a User model, and that a User has been created/updated in the backend,
+    # then only these whitelisted attributes will be sent to this current_user client
+    # Empty array means unauthorized
+    # Example:
+    # [:email, :name, :is_admin, :group_id, :created_at, :updated_at]
+    [:title, :is_enabled, :user_id, :created_at, :updated_at]
+  end
+
+  def self.live_record_queryable_attributes(current_user)
+    # This method only applies when not using `ransack` gem!
+    # If you're using ransack gem, instead of this method, use one or more of the ransack methods:
+    # see https://github.com/activerecord-hackery/ransack#authorization-whitelistingblacklisting
+    #
+    # Add attributes to this array that you would like current_user client to be able to query upon when "subscribing"
+    # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
+    # i.e. if a current_user client subscribes to "new records creation" using `.subscribe({where: {...}})`,
+    # then only these attributes will be considered in the "{where: ...}" argument
+    # if you're using `ransack` gem, use `ransackable_attributes`
+    # Empty array means unauthorized
+    # Example:
+    # [:email, :name, :is_admin, :group_id, :created_at, :updated_at]
     [:title, :is_enabled, :user_id, :created_at, :updated_at]
   end
 end

data/spec/internal/app/models/user.rb

@@ -9,4 +9,8 @@ class User < ApplicationRecord
     # Defaults to empty array, thereby blocking everything by default, only unless explicitly stated here so.
     [:email, :created_at, :updated_at]
   end
+
+  def self.live_record_queryable_attributes(current_user)
+    []
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: live_record
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.2.7
 platform: ruby
 authors:
 - Jules Roman B. Polidario
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-10 00:00:00.000000000 Z
+date: 2017-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -284,6 +284,7 @@ files:
 - app/channels/live_record/base_channel.rb
 - app/channels/live_record/changes_channel.rb
 - app/channels/live_record/publications_channel.rb
+- app/channels/live_record/publications_channel/search_adapters.rb
 - config.ru
 - lib/live_record.rb
 - lib/live_record/action_view_extensions/view_helper.rb