RubyGems - openstax_utilities - Versions diffs - 2.1.0 → 2.2.0 - Mend

openstax_utilities 2.1.0 → 2.2.0

Files changed (10) hide show

checksums.yaml +8 -8
data/README.md +15 -15
data/lib/openstax/utilities/access_policy.rb +2 -1
data/lib/openstax/utilities/version.rb +1 -1
data/lib/openstax_utilities.rb +0 -2
metadata +2 -8
data/lib/openstax/utilities/controller_extensions.rb +0 -47
data/lib/openstax/utilities/roar.rb +0 -135
data/spec/lib/openstax/utilities/controller_extensions_spec.rb +0 -29
data/spec/lib/openstax/utilities/extended_controller_spec.rb +0 -82

checksums.yaml CHANGED Viewed

@@ -1,15 +1,15 @@
 ---
 !binary "U0hBMQ==":
   metadata.gz: !binary |-
-    NzdiOTJlYTJhMThlMWQzYjI0MGVkYWI1NzRlNjdlZmUyNmJmMzdlOQ==
+    YmY4Y2JiYmY4YTEzOTIyOTU5OTJiNjAxZjU5M2ViZWRlMWVmOWZlMQ==
   data.tar.gz: !binary |-
-    YTQzYTI0YTEzMTQxZDZmZTNkNzQ0OWNkZGI2OWMwZWU5ZjQ3ZjA1ZQ==
+    ZjczNDQxMjExMGQ5NmRiYTZkMDJmOTM1ZmEzMDM5ZDQ5YjdhN2Y1Mg==
 SHA512:
   metadata.gz: !binary |-
-    MjBhYTQ2NTc2ODAxNDgxYjhhYzFjYWVhYzFlZWJiOWMyMjBmN2Y5MzExYzgz
-    ZDdmZmI3N2RlMDgzMzMyMmUzMmFhOWVhNjk5OGIyYTdmZGUxNTEzZjY3YjRk
-    OWFlNTMxNmE0MzkzOWU4M2NlODIwMTk3ZDhlNGEzNGE3Njk0NTM=
+    OTVlMGExOGJlMzM5MmQ5ZWI3MzBjMmE4Nzk3YmMyMzNjNzBmNDBkYzZjMTVi
+    ZDQ3ZjkxYzI0YjA5ZTI1YzIyODdmMTNkZTViMGVhNDUzMWE2ODQ0OWU0YjNk
+    YzYzYzgyNDI1NDMxZGQ1ODU3NjhkZmNhNjE5ZjdlMGJiNTcyNzc=
   data.tar.gz: !binary |-
-    YzYyY2Y0ZTMxOGQ3NGYxZTg3Y2M0NWEzNjZlNDI0N2RmMmYzYzkxMTg2OTk2
-    YWFjOTc4YjI2NDcxYTJkZTA3ZjgxNDdmMjM1NjhiMDFlZmVkOGYzZjM5Yzlj
-    YWNhYTlmNjM5NjlmODQyYTNjYWU5MGUxODQ2NjI5OTE1NmJhZGY=
+    MGJiMmE2MmYyMjNkNjhhZmNjOWFkZDE0YTJlNDViOWJkNTNkNTc1ZDVjNWY5
+    MzhiMjliODNlY2VhZTQ3MDIxYjBiYmI3M2FjMTJiYjA0OGVhZmQ1MzY5M2I5
+    YzMzYWIyZDRiYmZhNzQzNmJhMjNlZjYyYjM0OGFiYWQ5ZGQyZDE=

data/README.md CHANGED Viewed

@@ -1,19 +1,32 @@
 OpenstaxUtilities
 =================
-A set of common utilities for the various OpenStax projects.
+A set of common utilities for the various OpenStax projects.
 Documentation available on [rdoc.info](http://rdoc.info/github/openstax/openstax_utilities/master/frames).
 To use this utility engine, include it in your Gemfile.
+## Configuration
+This engine accepts configuration options. These are best added in an initializer:
+```rb
+OSU.configure do |config|
+  config.<parameter name> = <parameter value>
+  ...
+end
+```
+See `lib/openstax_utilities.rb` for valid configuration options.
 ## Helpers
 This engine's helpers are available in the main application by preceding them with `osu.`, e.g. `osu.section_block('Heading') { "guts" }`
 ## Access Policies
-As applications grow to include different kinds of users, including signed-in and anonymous human users, as well as other applications, the logic for controlling which user has which accesses to which resources can grow complex.  Controllers certainly aren't the place for this logic.  In a case with one kind of User, models *may* be the place for this logic but even then this makes models know way too much about other models.
+As applications grow to include different kinds of users, including signed-in and anonymous human users, as well as other applications, the logic for controlling which user has which accesses to which resources can grow complex.  Controllers certainly aren't the place for this logic.  In a case with one kind of User, models *may* be the place for this logic but even then this makes models know way too much about other models.
 Access Policies were created to be a dedicated place to store the logic controlling who has access to what.  All other code can ask the `AccessPolicy` class for this info, via the `action_allowed?` or the convenience methods `read_allowed?`, `create_allowed?`, etc.  `AccessPolicy` then delegates the access decisions off to other policy classes, of which there is normally one per kind of resource (e.g. a `UserAccessPolicy`, `ContactInfoPolicy`, etc).
@@ -24,16 +37,3 @@ OSU::AccessPolicy.register(User, UserAccessPolicy)
 ```
 This call is typically made after the policy class' definition so that it is called when the Rails application is loaded. We recommend placing the policy classes under `app/access_policies`, as all files under the `app` directory are autoloaded by Rails.
-## Controller Extensions
-The following methods will be added to all controllers:
-`get_model(id_param, klass)` tries to use the id_param to return the model in question for
-restful actions, or a new instance of klass if the id could not be found.
-(e.g. on :new, :create and even :index)
-By default, id_param is :id and klass is controller_name.classify.constantize.
-`self.require_restful_actions_allowed!(options)` adds a before_filter that calls AccessPolicy.require_action_allowed! for all restful actions except :index. So by default it will add checks to :show, :new, :create, :edit, :update and :destroy.
-options is a hash that contains any desired before_filter options, plus the optional keys :id_param and :model_class, which are passed to get_model instead.
-By default, options is an empty hash.

data/lib/openstax/utilities/access_policy.rb CHANGED Viewed

@@ -32,7 +32,8 @@ module OpenStax
         # If the incoming requestor is an ApiUser, choose to use either its
         # human_user or its application.  If there is a human user involved, it
         # should always take precedence when testing for access.
-        if defined?(ApiUser) && requestor.is_a?(ApiUser)
+        if defined?(OpenStax::Api::ApiUser) &&
+           requestor.is_a?(OpenStax::Api::ApiUser)
           requestor = requestor.human_user ? requestor.human_user : requestor.application
         end

data/lib/openstax/utilities/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module OpenStax
   module Utilities
-    VERSION = "2.1.0"
+    VERSION = "2.2.0"
   end
 end

data/lib/openstax_utilities.rb CHANGED Viewed

@@ -18,9 +18,7 @@ require "openstax/utilities/network"
 require "openstax/utilities/action_list"
 require "openstax/utilities/acts_as_numberable"
 require "openstax/utilities/delegate_access_control"
-require "openstax/utilities/roar"
 require "openstax/utilities/access_policy"
-require "openstax/utilities/controller_extensions"
 require "openstax/utilities/classy_helper"
 require "openstax/utilities/helpers/misc"

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: openstax_utilities
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - JP Slavinsky
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-03-31 00:00:00.000000000 Z
+date: 2014-04-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -95,7 +95,6 @@ files:
 - lib/openstax/utilities/blocks/table_cell_block.rb
 - lib/openstax/utilities/blocks/table_row_block.rb
 - lib/openstax/utilities/classy_helper.rb
-- lib/openstax/utilities/controller_extensions.rb
 - lib/openstax/utilities/delegate_access_control.rb
 - lib/openstax/utilities/engine.rb
 - lib/openstax/utilities/enum.rb
@@ -106,7 +105,6 @@ files:
 - lib/openstax/utilities/helpers/misc.rb
 - lib/openstax/utilities/helpers/partials.rb
 - lib/openstax/utilities/network.rb
-- lib/openstax/utilities/roar.rb
 - lib/openstax/utilities/ruby.rb
 - lib/openstax/utilities/settings.rb
 - lib/openstax/utilities/text.rb
@@ -152,8 +150,6 @@ files:
 - spec/dummy/public/favicon.ico
 - spec/dummy/script/rails
 - spec/lib/openstax/utilities/access_policy_spec.rb
-- spec/lib/openstax/utilities/controller_extensions_spec.rb
-- spec/lib/openstax/utilities/extended_controller_spec.rb
 - spec/spec_helper.rb
 homepage: http://github.com/openstax/openstax_utilities
 licenses:
@@ -220,6 +216,4 @@ test_files:
 - spec/dummy/README.md
 - spec/dummy/script/rails
 - spec/lib/openstax/utilities/access_policy_spec.rb
-- spec/lib/openstax/utilities/controller_extensions_spec.rb
-- spec/lib/openstax/utilities/extended_controller_spec.rb
 - spec/spec_helper.rb

data/lib/openstax/utilities/controller_extensions.rb DELETED Viewed

@@ -1,47 +0,0 @@
-module OpenStax
-  module Utilities
-    module ControllerExtensions
-      def self.included(base)
-        base.extend(ClassMethods)
-      end
-      # Tries to find model if id is given, or returns a new model if not
-      def get_model(id_param = nil, klass = nil)
-        id_param ||= :id
-        id = params[id_param]
-        klass ||= controller_name.classify.constantize
-        id.nil? ? klass.new : klass.find(id)
-      end
-      module ClassMethods
-        # Calls AccessPolicy.require_action_allowed! on all restful actions
-        # For create and update, the new params are not yet set
-        def require_restful_actions_allowed!(options = {})
-          class_eval do
-            before_filter({:only => [:show, :new, :create, :edit, :update,
-                          :destroy]}.merge(options.except(:id_param,
-                                                          :model_class))) do |c|
-              case c.action_name
-              when 'show'
-                action = :read
-              when 'new'
-                action = :create
-              when 'edit'
-                action = :update
-              else
-                action = c.action_name.to_sym
-              end
-              OSU::AccessPolicy.require_action_allowed!(action,
-                c.current_user, c.get_model(options[:id_param],
-                                            options[:model_class]))
-            end
-          end
-        end
-      end
-    end
-  end
-end
-ActionController::Base.send :include, OpenStax::Utilities::ControllerExtensions

data/lib/openstax/utilities/roar.rb DELETED Viewed

@@ -1,135 +0,0 @@
-# Copyright 2011-2014 Rice University. Licensed under the Affero General Public
-# License version 3 or later.  See the COPYRIGHT file for details.
-module OpenStax
-  module Utilities
-    module Roar
-      def self.included(base)
-        base.send :extend, ClassMethods
-      end
-      def get_representer(represent_with, model=nil)
-        return nil if represent_with.nil?
-        if represent_with.is_a? Proc
-          represent_with.call(model)
-        else
-          represent_with
-        end
-      end
-      def standard_read(model_klass, id, represent_with=nil)
-        @model = model_klass.find(id)
-        raise SecurityTransgression unless current_user.can_read?(@model)
-        respond_with @model, represent_with: get_representer(represent_with, @model)
-      end
-      def standard_update(model_klass, id, represent_with=nil)
-        @model = model_klass.find(id)
-        raise SecurityTransgression unless current_user.can_update?(@model)
-        consume!(@model, represent_with: get_representer(represent_with, @model))
-        if @model.save
-          head :no_content
-        else
-          render json: @model.errors, status: :unprocessable_entity
-        end
-      end
-      def standard_create(model_klass, represent_with=nil)
-        standard_nested_create(model_klass, nil, nil, represent_with)
-      end
-      def standard_nested_create(model_klass, container_association=nil, container_id=nil, represent_with=nil)
-        @model = model_klass.new()
-        if container_association && container_id
-          foreign_key = model_klass.reflect_on_association(container_association).association_foreign_key
-          @model.send(foreign_key + '=', container_id)
-        end
-        # Unlike the implications of the representable README, "consume!" can
-        # actually make changes to the database.  See http://goo.gl/WVLBqA.
-        # We do want to consume before checking the permissions so we can know
-        # what we're dealing with, but if user doesn't have permission we don't
-        # want to have changed the DB.  Wrap in a transaction to protect ourselves.
-        model_klass.transaction do
-          consume!(@model, represent_with: get_representer(represent_with, @model))
-          raise SecurityTransgression unless current_user.can_create?(@model)
-        end
-        if @model.save
-          respond_with @model, represent_with: get_representer(represent_with, @model), status: :created
-        else
-          render json: @model.errors, status: :unprocessable_entity
-        end
-      end
-      def standard_destroy(model_klass, id)
-        @model = model_klass.find(id)
-        raise SecurityTransgression unless current_user.can_destroy?(@model)
-        if @model.destroy
-          head :no_content
-        else
-          render json: @model.errors, status: :unprocessable_entity
-        end
-      end
-      def standard_sort(model_klass)
-        # take array of all IDs or hash of id => position,
-        # regardless build up an array of all IDs in the right order and pass those to sort
-        new_positions = params['newPositions']
-        return head :no_content if new_positions.length == 0
-        # Can't have duplicate positions or IDs
-        unique_ids =       new_positions.collect{|np| np['id']}.uniq
-        unique_positions = new_positions.collect{|np| np['position']}.uniq
-        return head :bad_request if unique_ids.length != new_positions.length
-        return head :bad_request if unique_positions.length != new_positions.length
-        first = model_klass.where(:id => new_positions[0]['id']).first
-        return head :not_found if first.blank?
-        originalOrdered = first.me_and_peers.ordered.all
-        originalOrdered.each do |item|
-          raise SecurityTransgression unless item.send(:container_column) == originalOrdered[0].send(:container_column) \
-            if item.respond_to?(:container_column)
-          raise SecurityTransgression unless current_user.can_sort?(item)
-        end
-        originalOrderedIds = originalOrdered.collect{|sc| sc.id}
-        newOrderedIds = Array.new(originalOrderedIds.size)
-        new_positions.each do |newPosition|
-          id = newPosition['id'].to_i
-          newOrderedIds[newPosition['position']] = id
-          originalOrderedIds.delete(id)
-        end
-        ptr = 0
-        for oldId in originalOrderedIds
-          while !newOrderedIds[ptr].nil?; ptr += 1; end
-          newOrderedIds[ptr] = oldId
-        end
-        begin
-          model_klass.sort!(newOrderedIds)
-        rescue Exception => e
-          return head :internal_server_error
-        end
-        head :no_content
-      end
-    end
-  end
-end

data/spec/lib/openstax/utilities/controller_extensions_spec.rb DELETED Viewed

@@ -1,29 +0,0 @@
-require 'spec_helper'
-module OpenStax
-  module Utilities
-    describe ControllerExtensions do
-      it 'adds get_model to controllers' do
-        expect(ApplicationController.new).to respond_to(:get_model)
-        expect(UsersController.new).to respond_to(:get_model)
-      end
-      it 'adds require_restful_actions_allowed! to controllers' do
-        expect(ApplicationController).to(
-          respond_to(:require_restful_actions_allowed!))
-        expect(UsersController).to respond_to(:require_restful_actions_allowed!)
-      end
-    end
-  end
-end

data/spec/lib/openstax/utilities/extended_controller_spec.rb DELETED Viewed

@@ -1,82 +0,0 @@
-require 'spec_helper'
-describe UsersController, :type => :controller do
-  let!(:user) { User.create }
-  before(:all) do
-    UsersController.require_restful_actions_allowed!
-    OSU::AccessPolicy.register(User, DummyAccessPolicy)
-  end
-  context 'when user visits restful actions' do
-    it 'returns the correct resource with get_model' do
-      controller.current_user = user
-      get :new
-      expect(controller.get_model).to be_instance_of(User)
-      expect(controller.get_model.id).to be_nil
-      get :show, :id => user.id
-      expect(controller.get_model).to eq(user)
-      get :new, :user_id => user.id
-      expect(controller.get_model(:user_id)).to eq(user)
-    end
-    it 'calls AccessPolicy with the expected arguments' do
-      controller.current_user = user
-      DummyAccessPolicy.last_action = nil
-      DummyAccessPolicy.last_requestor = nil
-      DummyAccessPolicy.last_resource = nil
-      get :index
-      expect(DummyAccessPolicy.last_action).to be_nil
-      expect(DummyAccessPolicy.last_requestor).to be_nil
-      expect(DummyAccessPolicy.last_resource).to be_nil
-      get :show, :id => user.id
-      expect(DummyAccessPolicy.last_action).to eq(:read)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to eq(user)
-      get :new
-      expect(DummyAccessPolicy.last_action).to eq(:create)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to be_instance_of(User)
-      expect(DummyAccessPolicy.last_resource.id).to be_nil
-      post :create, :user => user.attributes
-      expect(DummyAccessPolicy.last_action).to eq(:create)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to be_instance_of(User)
-      expect(DummyAccessPolicy.last_resource.id).to be_nil
-      get :edit, :id => user.id, :user => user.attributes
-      expect(DummyAccessPolicy.last_action).to eq(:update)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to eq(user)
-      put :update, :id => user.id, :user => user.attributes
-      expect(DummyAccessPolicy.last_action).to eq(:update)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to eq(user)
-      delete :destroy, :id => user.id
-      expect(DummyAccessPolicy.last_action).to eq(:destroy)
-      expect(DummyAccessPolicy.last_requestor).to eq(user)
-      expect(DummyAccessPolicy.last_resource).to eq(user)
-    end
-  end
-end