ocean-rails 2.7.1 → 2.8.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/ocean-rails.rb +21 -2
  3. data/lib/ocean/api_resource.rb +5 -4
  4. data/lib/ocean/ocean_application_controller.rb +8 -6
  5. data/lib/ocean/version.rb +1 -1
  6. data/lib/templates/rails/scaffold_controller/controller.rb +3 -0
  7. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 5196e49a82cdc5c825f9b4524b2fe9adfe3a9e15
4
- data.tar.gz: 5e57fb8270cc2fad3f6f9f39fbf907539e4a2a0e
3
+ metadata.gz: c40e04d9a10d45f336d5c870c88bb78520d5fc90
4
+ data.tar.gz: 42d04e38d27d92bd906daeca2d817a5dc80c8ddb
5
5
  SHA512:
6
- metadata.gz: 8ddf46f41e2bdbad6268f85587ae486518bac79c4f7a7bde144838c8feb2d73d6658b6e06de51176331d083dd56adb65c903d5362675f2c77bff8958411a940e
7
- data.tar.gz: 06cfdf2f0db1b8cc5261d63ac0e56c4dddb456e6c7f02b8d4f822c8df1792b6a2c27ee3d7cf493d1e55f856dc10921ad2c3a3e44297800b8bf65945310468344
6
+ metadata.gz: 0ce76c663f2a663a91d6262f73f98e9e99a1f834053731ac66712a429c159f9a3ab6d88d32c0f338913d17bf288fd13a32abbbfdd539698a4bcbd75e64389c90
7
+ data.tar.gz: 97fd6522add6458b8e98e1801ee66f286a984f37484da1351c1b8bf7825361decdf86f2f552992839c544176fe3ef4bfe791046a700f09434e348fdab079cf25
data/lib/ocean-rails.rb CHANGED
@@ -36,13 +36,16 @@ end
36
36
  #
37
37
  # For stubbing successful authorisation calls. Makes <tt>Api.permitted?</tt> return
38
38
  # the status, and a body containing a partial authentication containing the +user_id+
39
- # and +creator_uri+ given by the parameters.
39
+ # and +creator_uri+ given by the parameters. It also allows the value of 'right' to
40
+ # be specified: this will restrict all SQL queries accordingly.
40
41
  #
41
- def permit_with(status, user_id: 123, creator_uri: "https://api.example.com/v1/api_users/#{user_id}")
42
+ def permit_with(status, user_id: 123, creator_uri: "https://api.example.com/v1/api_users/#{user_id}",
43
+ right: nil)
42
44
  Api.stub(:permitted?).
43
45
  and_return(double(:status => status,
44
46
  :body => {'authentication' =>
45
47
  {'user_id' => user_id,
48
+ 'right' => right,
46
49
  '_links' => { 'creator' => {'href' => creator_uri,
47
50
  'type' => 'application/json'}}}}))
48
51
  end
@@ -56,3 +59,19 @@ def deny_with(status, *error_messages)
56
59
  and_return(double(:status => status,
57
60
  :body => {'_api_error' => error_messages}))
58
61
  end
62
+
63
+
64
+ #
65
+ # Takes a relation and adds right restrictions, if present.
66
+ #
67
+ def add_right_restrictions(rel, restrictions)
68
+ return rel unless restrictions
69
+ # The below works only for a single restriction (multiple should be ORed)
70
+ restrictions.each do |rr|
71
+ rel = rel.where("app" => rr["app"]) if rr["app"] != "*"
72
+ rel = rel.where("context" => rr["context"]) if rr["context"] != "*"
73
+ end
74
+ rel
75
+ end
76
+
77
+
data/lib/ocean/api_resource.rb CHANGED
@@ -41,13 +41,14 @@ module ApiResource
41
41
  # also be declared using +ocean_resource_model+.
42
42
  #
43
43
  def collection(bag={})
44
- collection_internal bag, bag[:group], bag[:search], bag[:page], bag[:page_size]
44
+ collection_internal bag, bag[:group], bag[:search], bag[:page], bag[:page_size],
45
+ bag['_right_restrictions']
45
46
  end
46
47
 
47
48
 
48
49
  private
49
50
 
50
- def collection_internal(conds={}, group, search, page, page_size)
51
+ def collection_internal(conds={}, group, search, page, page_size, restrictions)
51
52
  if index_only != []
52
53
  new_conds = {}
53
54
  index_only.each do |key|
@@ -77,8 +78,8 @@ module ApiResource
77
78
  page_size = page_size.to_i || collection_page_size
78
79
  query = query.limit(page_size).offset(page_size * page)
79
80
  end
80
- # Finally, return the accumulated Relation
81
- query
81
+ # Finally, add any app/context restrictions, then return the accumulated Relation
82
+ add_right_restrictions(query, restrictions)
82
83
  end
83
84
 
84
85
 
data/lib/ocean/ocean_application_controller.rb CHANGED
@@ -64,9 +64,12 @@ module OceanApplicationController
64
64
  qs = Api.authorization_string(@@extra_actions, controller_name, action_name)
65
65
  response = Api.permitted?(@x_api_token, query: qs)
66
66
  if response.status == 200
67
- @auth_api_user_id = response.body['authentication']['user_id'] # Deprecate and remove
68
- @auth_api_user_uri = response.body['authentication']['_links']['creator']['href'] # Keep
69
- Thread.current[:username] = response.body['authentication']['username']
67
+ @authentication = response.body['authentication']
68
+ @auth_api_user_id = @authentication['user_id'] # Deprecate and remove
69
+ @auth_api_user_uri = @authentication['_links']['creator']['href'] # Keep
70
+ Thread.current[:username] = @authentication['username']
71
+ @right_restrictions = @authentication['right']
72
+ params['_right_restrictions'] = @right_restrictions if @right_restrictions
70
73
  return true
71
74
  end
72
75
  error_messages = response.body['_api_error']
@@ -236,6 +239,7 @@ module OceanApplicationController
236
239
  # member.
237
240
  #
238
241
  def collection_etag(coll)
242
+ coll = add_right_restrictions(coll, @right_restrictions)
239
243
  klass = coll.name.constantize # Force a load of the class (for secondary collections)
240
244
  timestamp = klass.update_timestamp || klass.create_timestamp
241
245
  if (timestamp)
@@ -244,9 +248,7 @@ module OceanApplicationController
244
248
  else
245
249
  last_updated = 0
246
250
  end
247
- # We could also, in the absence of an updated_at attribute, use created_at.
248
- { etag: "#{coll.name}:#{coll.count}:#{last_updated}"
249
- }
251
+ { etag: "#{coll.name}:#{coll.count}:#{last_updated}" }
250
252
  end
251
253
 
252
254
 
data/lib/ocean/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Ocean
2
- VERSION = "2.7.1"
2
+ VERSION = "2.8.0"
3
3
  end
data/lib/templates/rails/scaffold_controller/controller.rb CHANGED
@@ -63,6 +63,9 @@ class <%= controller_class_name %>Controller < ApplicationController
63
63
 
64
64
  def find_<%= singular_table_name %>
65
65
  @<%= singular_table_name %> = <%= class_name %>.find_by_id params[:id]
66
+ # If your table has app and context columns and you have created Rights utilising them,
67
+ # comment out the line above this comment and uncomment the following one:
68
+ #@<%= singular_table_name %> = add_right_restrictions(<%= class_name %>.where(id: params[:id]), @right_restrictions).first
66
69
  return true if @<%= singular_table_name %>
67
70
  render_api_error 404, "<%= class_name %> not found"
68
71
  false
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ocean-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.7.1
4
+ version: 2.8.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Peter Bengtson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-03-16 00:00:00.000000000 Z
11
+ date: 2014-03-18 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: typhoeus