modify_resource 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in modify_resource.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Colin Young
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,46 @@
+# ModifyResource
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'modify_resource'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install modify_resource
+
+## Usage
+
+#### Including
+
+Just include `ModifyResource` in your controller, or, if you want it available in your entire application:
+
+```ruby
+# application.rb
+class ApplicationController < ActionController::Base
+
+  class << self
+    include Rails.application.routes.url_helpers
+  end
+  
+end
+```
+
+#### `redirect_to`
+
+You can change how your successful `create`s or `update`s are handled by changing where they redirect to in the `options` hash.
+
+Note: If you want to use the `:redirect_to` option, and you want to use Rails routes, you'll need to `include ActionController::Base` in your controller (or ApplicationController) that you also `include ModifyResource` in.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,11 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+   t.libs << "test"
+   t.test_files = FileList['test/test*.rb']
+   t.verbose = true
+end
+ 
+desc "Run tests"
+task :default => :test

data/lib/modify_resource/rails/action_controller/modify_resource.rb

@@ -0,0 +1,236 @@
+require_relative 'resource_info'
+require_relative 'router'
+
+module ActionController
+  
+  module ModifyResource
+    include ResourceInfo
+    include ActionView::Helpers::TextHelper
+    
+    module ClassMethods
+      
+      # A shortcut - just add modify_on :create, :update
+      # if your variable is the controller's name -- e.g. @widget in WidgetsController
+      def modify_on(*actions)
+        # Define in the method so that the user could override if they wanted
+        options = actions.extract_options!
+        actions.each do |action|
+          unless method_defined?(action)
+            define_method action do
+              modify_resource_with action, options
+            end
+          end
+        end
+      end
+    end
+    
+    # :nodoc:
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+        
+    # Handles the usual @var = Model.find(params[:id]); @var.save
+    # etc. stuff.
+    def modify_resource_with(*args) # ([res=nil, ], verb=:update, options={}, args=nil)
+      # Set var to resource matching controller's name if res is a symbol
+      if args.first.is_a? Symbol or args.first.is_a? String
+        res = instance_variable_get(:"@#{resource_name}")
+      else
+        res = args.shift
+      end
+      
+      # Set up default values
+      verb      = args[0] || :update
+      options   = args[1] || {}
+      _params   = args[2] || nil
+      as_user   = nil
+      
+      # model_name is this res's model_name
+      model_name = res.class.model_name.underscore.downcase
+      
+      # Grab params if not set
+      _params ||= params[model_name]
+      
+      # We may need the current user instance
+      options[:as_current] ||= options[:as_user] # Backwards compat
+      
+      if options[:as_current] and res.respond_to?(:as_user)
+        res.as_user = self.send "current_#{options[:as_current]}"
+      end
+      
+      # Actually perform update, or create, destroy, etc.
+      modified = case verb
+        when :update
+          res.update_permitted_attributes(_params)
+        when :create
+          res.deep_attributes = _params
+          res.persisted?
+        else
+          res.method(verb).arity == 0 ? res.send(verb) : res.send(verb, _params)
+        end
+        
+      # the resource was updated
+      instance_variable_set :"@#{resource_name}", res
+      
+      raise 'As_user MUST be unset on ALL items.' if res.valid? and res.as_user.present?
+      
+      # We're updating a nested resource, so we need to set its parent for it
+      update_resource_parent(res) unless parent_for(res).present?
+      
+      # Actually save or create.
+      if modified
+        
+        unless request.xhr?
+          
+          options[:redirect_with_resources] ||= [ :self ]
+          after = params[:after]
+          unless (path = options[:redirect_to]).blank?
+            router = Router.new
+            success_path = if options[:redirect_with_resources].blank?
+              router.send path
+            else
+              router.send path, *collect_resources_for(res, options[:redirect_with_resources])
+            end
+          end
+          success_path ||= resource_path_with_base(:production, res)
+          
+          msg = options[:success].try(:call, res)
+          
+          if msg.blank?
+            
+            msg = "#{action_name.capitalize.gsub(/e$/,'')}ed "
+            
+            if after.present? and after.pluralize == after
+              # Redirect to the plural (index) page
+              model_name = params[:after]
+              msg << model_name.pluralize
+              success_path << '/' + after
+            else
+              # Redirect to the show page for the resource.
+              # Flash is like 'Widget 2 has been updated'.
+              name = String.new.tap do |s|
+                break s = res.title if res.respond_to? :title
+                break s = res.name if res.respond_to? :name
+                s = res.id
+              end
+              msg << "#{model_name.humanize.downcase} '#{truncate(name, length: 20)}'"
+            end
+          end
+          
+          flash[:notice] = msg
+          redirect_to success_path
+        else
+          render json: res
+        end
+      else
+        messages = res.errors.messages
+        unless request.xhr?
+          flash[:error] = messages
+          begin
+            render :edit
+          rescue
+            # They didn't respond to that action
+            if res.persisted?
+              render :show
+            else
+              render :new
+            end
+          end
+        else
+          render json: {errors: messages}, status: :unprocessable_entity
+        end
+      end
+    end
+    
+    private
+    
+    # :nodoc:
+    def resource_path_with_base(base, res)
+      components, resources = path_components_for(res, base).try(:compact)
+      
+      return url_for unless components.present?
+      
+      unless components.nil? || components.empty?
+        path = components.join('_') + '_path'
+        send(path, *resources)
+      else
+        :"#{base.to_s.pluralize}"
+      end
+    end
+    
+    # :nodoc: Climbs up the resource's parent associations to generate a rails route
+    def path_components_for(res, base, components=[], resources=[])
+      return nil unless res.present?
+      
+      component = component_for(res)
+      
+      # Redirect to the index if the res was just deleted
+      component = component.pluralize unless res.persisted?
+      
+      components.unshift component
+      resources.unshift res if res.persisted?
+      
+      unless component.to_s == base.to_s
+        path_components_for(parent_for(res), base, components, resources)
+      else
+        [components, resources]
+      end
+    end
+    
+    # :nodoc: gets path component for a resource
+    def component_for(res)
+      res.class.model_name.downcase
+    end
+    
+    # :nodoc: gets a nested resource's parent
+    def parent_for(res)      
+      parents = possible_parents_for(res)
+      return nil unless parents.count == 1
+      
+      component = component_for(res)
+      parent_component = parents[0].sub('_id', '')
+      res.send(parent_component)
+    end 
+    
+    # :nodoc: gets possible parents based on attributes ending in '_id'
+    def possible_parents_for(res)      
+      Array.new.tap do |possibilities|
+        res.attributes.keys.each do |field|
+          next unless field[/_id$/]
+          cleaned = field.sub '_id', ''
+          # Fields that end in _id but do not point to a constant are ignored.
+          possibilities << cleaned if Object.const_defined? cleaned.classify
+        end
+      end
+    end
+    
+    # :nodoc: Adds the resource to its parent
+    def update_resource_parent(res)
+      parents = possible_parents_for(res)
+      return if parents.empty? or parents.count > 1
+      
+      if parents.count > 1
+        raise "Can't guess parent, multiple options for resource.\n#{res.inspect}\n#{parents.inspect}"
+      end
+      
+      parent_class = parents.first.classify.constantize
+      parent_name = parent_class.model_name.downcase
+      parent_param = parent_name + '_id'
+      parent = parent_class.find(params[parent_param])
+      return unless parent.present?
+      
+      instance_variable_set :"@#{parent_name}", parent
+      
+      child_name = res.class.model_name.downcase.pluralize
+      child_name = child_name.singularize if !parent.respond_to?(child_name)
+      
+      association = parent.send(child_name)
+      association << res
+    end
+    
+    # Converts a list of symbols into the items necessary to compose redirection URLS
+    def collect_resources_for res, arr
+      arr.collect { |i| res.send(i) }
+    end
+  end
+end

data/lib/modify_resource/rails/action_controller/resource_info.rb

@@ -0,0 +1,22 @@
+module ActionController
+  module ModifyResource
+    module ResourceInfo
+      
+      def resource_name
+        controller_name[/(\w+)$/].singularize
+      end
+    
+      def model_class
+        resource_name.capitalize.constantize
+      end
+    
+      def resource
+        res = instance_variable_get "@#{resource_name}"
+        begin
+          res ||= model_class.find params[:id]
+        rescue; end
+        res
+      end      
+    end
+  end
+end

data/lib/modify_resource/rails/action_controller/router.rb

@@ -0,0 +1,11 @@
+module ActionController
+  module ModifyResource
+    class Router
+      
+      def initialize
+        self.class.send :include, Rails.application.routes.url_helpers
+      end
+      
+    end
+  end
+end

data/lib/modify_resource/rails/action_controller/update_as.rb

@@ -0,0 +1,87 @@
+module ActionController
+  
+  module UpdateAs
+    
+    module ClassMethods
+      
+      def update_as_current(user_class=:user, nested_resources={})
+        append_before_filter do
+          return unless [:PUT, :POST, :PATCH].include?(request.method.to_sym) and
+                        params[:_method] != "delete"
+          
+          update_as(self.send(:"current_#{user_class}"), resource, nested_resources)
+        end
+      end
+      
+      def update_as_current_user(nested_resources={})
+        update_as_current :user, nested_resources
+      end
+      
+    end
+    
+    def update_as(user, current_resource, nested_resources={})
+      case nested_resources
+      when Symbol, String, Array
+        update_resource(current_resource, Array(nested_resources), as: user)
+      else
+        return update_resource(current_resource, as: user) if nested_resources.empty?
+
+        nested_resources.each do |res, fields|
+          res = if res.to_s == current_resource.class.name.downcase
+            current_resource
+          else
+            current_resource.send(res)
+          end
+          update_resource res, fields, as: user
+        end
+      end
+    end
+    
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+    
+    private
+    
+    def add_user_id_to(hash_or_user, user_hash)
+      return unless hash_or_user.present?
+      raise UserNotProvidedError unless user = user_hash[:as]
+      user_class = user.class.model_name.downcase.underscore # 'user', etc.
+      
+      case hash_or_user
+      when Hash
+        hash_or_user[:"#{user_class}_identifier"] = user.id
+      else
+        hash_or_user.send :"#{user_class}=", user
+      end
+    end
+    
+    def update_resource(*args) # resource, (optional: fields=[]), user_hash={}
+      resource = args.first
+      user_hash = args.last
+      raise UserNotProvidedError unless user = user_hash[:as]
+      fields = args[1] if args.count > 2
+      
+      resource_name = resource.class.name.downcase
+      parameters = params[resource_name]
+      
+      if parameters.present? and fields.present?
+        fields.each do |field|
+        
+          field_attribute = field.to_s + '_attributes' unless field[/_attributes/].present?
+          handle = parameters[field_attribute]
+  
+          handle = [handle] unless handle.is_a?(Array)
+          handle.each do |individual_resource|
+            add_user_id_to(individual_resource, as: user)
+          end
+        end
+      else
+        add_user_id_to(resource, as: user)
+      end
+    end
+  end
+end
+
+class UserNotProvidedError < StandardError
+end

data/lib/modify_resource/rails/active_model/update_permitted_attributes.rb

@@ -0,0 +1,90 @@
+module ActiveModel
+  
+  # This variable is to aid models methods that need the current user.
+  # It is very different from solutions that use Thread --
+  # 1. First of all, it's paired with modify_resource_with, and
+  # 2. I've hooked into after_save to double-ensure that the 
+  #    @as_user variable is unset after any change.
+  
+  module UpdatePermittedAttributes    
+    def update_permitted_attributes(attributes)
+      if attributes.all_permitted?
+        update_attributes(attributes, without_protection: true)
+      else
+        update_attributes(attributes)
+      end
+    end
+    
+    def deep_attributes=(attributes)
+      attributes.each do |key, value|
+        next unless key.to_s[m = /_attributes$/]
+        nested = self.send key.gsub(m, '')
+        if nested.respond_to? :each
+          self.send(nested).each do |built|
+            value.map { |sub_params| built.attributes = sub_params }
+          end
+          attributes.delete(key)
+        else
+          nested.attributes = value
+        end
+      end
+      self.attributes = attributes
+      save
+    end
+    
+    # Hook into models that accept nested attributes.
+    module ClassMethods
+      
+      def accepts_nested_attributes_for(field, options={})
+        
+        before_validation do
+          return unless @as_user.present?
+          child = self.send(field)
+
+          # Copy down the chain as needed.
+          # As_user will be unset on both models after save.
+          if child.respond_to? :map
+            children = child
+            children.map {|c| c.as_user = @as_user }
+          else
+            child.try(:as_user=, @as_user)
+          end
+        end
+        
+        super(field, options)
+      end
+      
+    end
+    
+    # Add/override statechanging methods to ensure @as_user is unset
+    def self.included(base)
+      # We need ActiveModel callbacks
+      base.extend ActiveModel::Callbacks
+      
+      # Add our stuff
+      base.send :attr_accessor, :as_user
+      base.extend ClassMethods
+      
+      [:after_save, :after_destroy].each do |m|
+        base.send(m) do
+          self.as_user = nil
+        end
+      end
+    end
+  end
+  
+end
+
+ActiveRecord::Base.send :include, ActiveModel::UpdatePermittedAttributes
+
+class Hash
+  
+  def all_permitted?
+    self.each do |key, value|
+      if value.is_a?(Hash)
+        return true unless value.respond_to? :all_permitted? # For those without security enabled.
+        return false if !value.all_permitted? and !key.numeric?
+      end
+    end
+  end
+end

data/lib/modify_resource/rails/active_record/mixed_identifier_for_user_resource.rb

@@ -0,0 +1,50 @@
+module MixedIdentifierForUserResource    
+  def has_mixed_identifier_for(user_resource, options={})
+    
+    user_resource = user_resource.to_s
+    
+    self.send :attr_accessible, :"#{user_resource}_identifier"
+    
+    instance_eval <<-END
+      validate :"#{user_resource}_identifier", presence: true
+    END
+  
+    class_eval <<-END
+      def #{user_resource}_identifier=(identifier)
+        if identifier.is_a? Fixnum or identifier.numeric? or identifier.parameter_id?
+          self.#{user_resource}_id = identifier
+        else
+          # Try to uncover the as_user of either this resource or the parent
+          self.#{user_resource} = #{user_resource.classify}.find_or_initialize_by_email(identifier)
+        end
+      end
+      
+      def #{user_resource}_identifier
+        resource = self.#{user_resource}
+        resource.try(:id) || resource.try(:email) || resource.try(:email_address)
+      end
+      
+      def mass_assignment_authorizer(role)
+        super(role) << "#{user_resource}_identifier"
+      end
+      
+      before_validation do
+        if #{user_resource}.present? and #{user_resource}.new_record? and #{user_resource}.respond_to? :invite!
+          #{user_resource}.invite! @as_user
+          self.#{user_resource}_id = #{user_resource}.id
+        end
+      end
+    END
+    
+  end
+end
+
+class String
+  
+  # Is the string something like '234234234-Joe-Test'? This is used in params.
+  def parameter_id?
+    self[/^[0-9]+\-[\D]+/].present?
+  end
+end
+
+ActiveRecord::Base.extend(MixedIdentifierForUserResource)

data/lib/modify_resource/version.rb

@@ -0,0 +1,3 @@
+module ModifyResource
+  VERSION = "0.0.1"
+end

data/lib/modify_resource.rb

@@ -0,0 +1,22 @@
+require "require_all"
+
+$: << File.dirname(__FILE__)
+
+require "modify_resource/version"
+require "modify_resource/rails/action_controller/modify_resource"
+require "modify_resource/rails/action_controller/update_as"
+require "modify_resource/rails/active_model/update_permitted_attributes"
+require "modify_resource/rails/active_record/mixed_identifier_for_user_resource"
+
+module ModifyResource
+
+  def self.included(base)
+    if defined? Rails and base < ActionController::Base
+      
+      # Add `modify_on` and other methods to the controller
+      base.send :include, ActionController::ModifyResource
+      base.send :include, ActionController::UpdateAs
+    end
+  end
+  
+end

data/modify_resource.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'modify_resource/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "modify_resource"
+  gem.version       = ModifyResource::VERSION
+  gem.authors       = ["Colin Young"]
+  gem.email         = ["me@colinyoung.com"]
+  gem.description   = %q{This gem makes rails automatic. Securely.}
+  gem.summary       = %q{stop writing the same controller actions for resources}
+  gem.homepage      = ""
+  gem.add_dependency "require_all"
+  gem.add_dependency "rake"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+end

data/test/modify_resource_test.rb

@@ -0,0 +1 @@
+require 'test_helper'

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification
+name: modify_resource
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Colin Young
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-02-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: require_all
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem makes rails automatic. Securely.
+email:
+- me@colinyoung.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/modify_resource.rb
+- lib/modify_resource/rails/action_controller/modify_resource.rb
+- lib/modify_resource/rails/action_controller/resource_info.rb
+- lib/modify_resource/rails/action_controller/router.rb
+- lib/modify_resource/rails/action_controller/update_as.rb
+- lib/modify_resource/rails/active_model/update_permitted_attributes.rb
+- lib/modify_resource/rails/active_record/mixed_identifier_for_user_resource.rb
+- lib/modify_resource/version.rb
+- modify_resource.gemspec
+- test/modify_resource_test.rb
+- test/test_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: stop writing the same controller actions for resources
+test_files:
+- test/modify_resource_test.rb
+- test/test_helper.rb