multi_client 1.0.1 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e0aad312dfaac45befa64752dc639ef151cea896
-  data.tar.gz: ef6961bfb900171c169e0c6323216b43b3796e36
+  metadata.gz: 3b44ece79b0218ae58e6e4c2a7331ffe257f7654
+  data.tar.gz: 233c3b8ebabfba00eccf49881cf36a5f991373e0
 SHA512:
-  metadata.gz: 9730d9d7176c30a7b1ec1f8009db1012e2c75a07493b9191df86d4f09898b5b36b7894f90af9e170813d24b41299275a07aa600709364699d4e84fd4f11bed6d
-  data.tar.gz: 1d8c161a1721415b08e38f968b7d32893d1668fd2659f233a4554b5a611567715c235b9044f2c1a009c60cf5be95e8ecefec446fbd0ef44a06f46e985f8f11e0
+  metadata.gz: 182613c3ea3f06da0d634aa7b55fecdb89b79875903089ebba085aa23e9a0aa6341ac51cf486bd2ba1504c24940bf3d03004610faab2f6fe5dc2dd0d8eded802
+  data.tar.gz: 0db9559ccab05da28ab07dc01f93fd88b8761910ef76898f1cf89f357c533c00e16149ce505342866dd16412bd9890e32e856f475a857c165084e7fe5996a5bb

data/Rakefile

@@ -14,13 +14,9 @@ RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
 end
 
-APP_RAKEFILE = File.expand_path("../spec/dummy/Rakefile", __FILE__)
+APP_RAKEFILE = File.expand_path('../spec/dummy/Rakefile', __FILE__)
 load 'rails/tasks/engine.rake'
 
-
 load 'rails/tasks/statistics.rake'
 
-
-
 Bundler::GemHelper.install_tasks
-

data/app/controllers/concerns/multi_client/controller_with_client.rb

@@ -19,7 +19,7 @@ module MultiClient
     end
 
     def set_current_client
-      redirect_to root_url(subdomain: 'www') and return unless current_client = client_class.enabled.find_by_subdomain(request.subdomains.first)
+      redirect_to(root_url(subdomain: 'www')) && return unless current_client = client_class.enabled.find_by_subdomain(request.subdomains.first)
       client_class.current_id = current_client.id
       begin
         yield
@@ -28,4 +28,4 @@ module MultiClient
       end
     end
   end
-end
+end

data/app/exceptions/unscoped_forbidden_error.rb

@@ -1,2 +1,2 @@
 class UnscopedForbiddenError < StandardError
-end
+end

data/app/helpers/multi_client_helper.rb

@@ -3,4 +3,4 @@ module MultiClientHelper
     clients = MultiClient::Client.all
     render 'multi_client/client_navigation', clients: clients
   end
-end
+end

data/app/models/concerns/multi_client/model_with_client.rb

@@ -5,38 +5,31 @@ module MultiClient
     included do
       klass = Class.new(self) do
         default_scope { unscoped }
-        
+
         def unscoped
           super
         end
       end
-      self.const_set 'Unscoped', klass
+      const_set 'Unscoped', klass
 
       belongs_to MultiClient::Configuration.method_name.to_sym, class_name: MultiClient::Configuration.model_name
 
-      scope "for_current_#{MultiClient::Configuration.method_name}".to_sym, lambda { where(MultiClient::Configuration.foreign_key.to_sym => MultiClient::Configuration.model_name.constantize.current_id) }
+      scope "for_current_#{MultiClient::Configuration.method_name}".to_sym, -> { where(MultiClient::Configuration.foreign_key.to_sym => MultiClient::Configuration.model_name.constantize.current_id) }
       default_scope { send("for_current_#{MultiClient::Configuration.method_name}".to_sym) }
 
       validates MultiClient::Configuration.foreign_key.to_sym, presence: true
 
-      ::MultiClient::Client.has_many self.name.demodulize.underscore.pluralize.to_sym, class_name: "::#{self.name}", foreign_key: MultiClient::Configuration.foreign_key.to_sym
-
+      ::MultiClient::Client.has_many name.demodulize.underscore.pluralize.to_sym, class_name: "::#{name}", foreign_key: MultiClient::Configuration.foreign_key.to_sym
     end
 
     class_methods do
       def unscoped
-        return super if self.name.demodulize == 'Unscoped'
-        return where(MultiClient::Configuration.foreign_key.to_sym => MultiClient::Configuration.model_name.constantize.current_id) if caller_locations(1,1)[0].label == 'aggregate_column'
-
-        # Experimental
-        # return where(MultiClient::Configuration.foreign_key.to_sym => MultiClient::Configuration.model_name.constantize.current_id) if  ['aggregate_column', 'bottom_item', 'scope_for_slug_generator'].include?(caller_locations(1,1)[0].label)
-
-        if ['_create_record', 'scope', 'validate_each', 'eval_scope', '_update_record', 'aggregate_column', 'bottom_item', 'scope_for_slug_generator', 'update_counters'].include?(caller_locations(1,1)[0].label)
-          super
-        else
-          raise UnscopedForbiddenError, "Calling unscoped from #{caller_locations(1,1)[0].label} is not allowed to prevent client data leakage" 
-        end
+        return super if name.demodulize == 'Unscoped'
+        caller = caller_locations(1, 1)[0].label
+        return where(MultiClient::Configuration.foreign_key.to_sym => MultiClient::Configuration.model_name.constantize.current_id) if MultiClient::Configuration.force_client_scope_for_unscoped_callers.include?(caller)
+        return super if MultiClient::Configuration.allowed_unscoped_callers.include?(caller)
+        raise UnscopedForbiddenError, "Calling unscoped from #{caller} is not allowed to prevent client data leakage"
       end
     end
   end
-end
+end

data/lib/generators/multi_client/install/install_generator.rb

@@ -1,13 +1,13 @@
 module MultiClient
   module Generators
     class InstallGenerator < Rails::Generators::Base
-      desc "Generates the initializer"
+      desc 'Generates the initializer'
 
       source_root File.expand_path('../templates', __FILE__)
 
       def generate_intializer
-        copy_file "multi_client.rb", "config/initializers/multi_client.rb"
+        copy_file 'multi_client.rb', 'config/initializers/multi_client.rb'
       end
     end
   end
-end
+end

data/lib/generators/multi_client/install/templates/multi_client.rb

@@ -13,4 +13,44 @@ MultiClient.configure do |config|
   #
   # default: config.method_name = 'client'
   config.method_name = 'client'
+
+  # Calling unscoped is blocked to prevent data leakage. You can define
+  # exceptions here.
+  # 
+  # default: config.allowed_unscoped_callers = %w(
+  #   _create_record 
+  #   _update_record 
+  #   aggregate_column 
+  #   bottom_item 
+  #   eval_scope
+  #   relation_for_destroy 
+  #   reload 
+  #   scope
+  #   scope_for_slug_generator 
+  #   update_counters
+  #   update_positions 
+  #   validate_each
+  # )
+  #
+  config.allowed_unscoped_callers = %w(
+    _create_record 
+    _update_record 
+    aggregate_column 
+    bottom_item 
+    eval_scope
+    relation_for_destroy 
+    reload 
+    scope
+    scope_for_slug_generator 
+    update_counters
+    update_positions 
+    validate_each
+  )
+
+  # Calling unscoped is blocked to prevent data leakage. You can override the behaviour of unscoped
+  # here. If the caller is in this list, it wont get the unscoped scope, but a client scoped relation.
+  #
+  # default: config.force_client_scope_for_unscoped_callers = ['aggregate_column']
+  #
+  config.force_client_scope_for_unscoped_callers = ['aggregate_column']
 end

data/lib/multi_client/configuration.rb

@@ -16,6 +16,10 @@ module MultiClient
       'client'
     end
 
+    mattr_accessor(:allowed_unscoped_callers) { [] }
+
+    mattr_accessor(:force_client_scope_for_unscoped_callers) { [] }
+
     def self.namespaced_model_name
       "MultiClient::#{model_name}"
     end

data/lib/multi_client/no_subdomain.rb

@@ -9,4 +9,4 @@ module MultiClient
       end
     end
   end
-end
+end

data/lib/multi_client/subdomain.rb

@@ -9,4 +9,4 @@ module MultiClient
       end
     end
   end
-end
+end

data/lib/multi_client/version.rb

@@ -1,3 +1,3 @@
 module MultiClient
-  VERSION = "1.0.1"
+  VERSION = '1.1.0'.freeze
 end

data/lib/multi_client.rb

@@ -1,5 +1,5 @@
-require "multi_client/engine"
-require "multi_client/configuration"
+require 'multi_client/engine'
+require 'multi_client/configuration'
 
 module MultiClient
   extend Configuration

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: multi_client
 version: !ruby/object:Gem::Version
-  version: 1.0.1
+  version: 1.1.0
 platform: ruby
 authors:
 - Roberto Vasquez Angel