protector 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: ffb03e438ddf160d6def55eedad02d8666ed2c4a
-  data.tar.gz: 8c1cf283df6c5ddd6e0cb96dd8439331406911b4
+  metadata.gz: 098c77da509ed0a347c0a22df9dd6c6a8d34289a
+  data.tar.gz: b9ae1d35809445399fda713c3f0276ac91114659
 SHA512:
-  metadata.gz: 83ac0169c982cfa2a839eefb4dda73c10c8432516cb2eea9919e1a337233f1c86be2fbbd53164a3da01b65e19bc929afcef50e48e3918c11348f095fe2376d1c
-  data.tar.gz: 5eaa624122f8c6272b0e7b2f139f83e7f12961f487a3019119f8e05bdd82b68fa2eee5d0d4ebb1888cc122aac58b080c27abf9f4a0a05eec7f34818e72e5063b
+  metadata.gz: d0cc601d414b036f8eb6db9381c9f30a93bc1bdb5bd92a946165f32ea97f9229be9fa76210a7b98ec878da9b0476f6dacffb6bf7e24200c496bf8e6106a6b4bf
+  data.tar.gz: 9994bc1d0e0a3a93f81f4ee07fabf7cf1faf7c02c958952ec8cd80a6452349c20cd8fc7a79bf51665da2cbccdef179ce85963cc4ab0528b039b6b21a735b85bc

data/lib/protector/adapters/active_record.rb

@@ -4,6 +4,8 @@ module Protector
       def self.activate!
         ::ActiveRecord::Base.send :include, Protector::Adapters::ActiveRecord::Base
         ::ActiveRecord::Relation.send :include, Protector::Adapters::ActiveRecord::Relation
+        ::ActiveRecord::Associations::SingularAssociation.send :include, Protector::Adapters::ActiveRecord::Association
+        ::ActiveRecord::Associations::CollectionAssociation.send :include, Protector::Adapters::ActiveRecord::Association
       end
 
       module Base
@@ -33,6 +35,28 @@ module Protector
           def restrict(subject)
             all.restrict(subject)
           end
+
+          def define_method_attribute(name)
+            safe_name = name.unpack('h*').first
+
+            if primary_key == name || (primary_key.is_a?(Array) && primary_key.include?(name))
+              condition = "true"
+            else
+              condition = "!@protector_subject || protector_meta.readable?(#{name.inspect})"
+            end
+
+            generated_attribute_methods.module_eval <<-STR, __FILE__, __LINE__ + 1
+              def __temp__#{safe_name}
+                if #{condition}
+                  read_attribute(AttrNames::ATTR_#{safe_name}) { |n| missing_attribute(n, caller) }
+                else
+                  nil
+                end
+              end
+              alias_method #{name.inspect}, :__temp__#{safe_name}
+              undef_method :__temp__#{safe_name}
+            STR
+          end
         end
 
         def protector_meta
@@ -50,23 +74,37 @@ module Protector
 
         def visible?
           protector_meta.relation.where(
-            self.class.primary_key => send(self.class.primary_key)
+            self.class.primary_key => id
           ).any?
         end
 
         def creatable?
-          fields = HashWithIndifferentAccess[changed.map{|x| [x, __send__(x)]}]
+          fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
           protector_meta.creatable?(fields)
         end
 
         def updatable?
-          fields = HashWithIndifferentAccess[changed.map{|x| [x, __send__(x)]}]
+          fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
           protector_meta.updatable?(fields)
         end
 
         def destroyable?
           protector_meta.destroyable?
         end
+
+        def [](name)
+          if !@protector_subject || protector_meta.readable?(name)
+            super
+          else
+            nil
+          end
+        end
+
+        def association(*args)
+          association = super
+          association.restrict @protector_subject
+          association
+        end
       end
 
       module Relation
@@ -100,6 +138,20 @@ module Protector
           @records = merge(protector_meta.relation).unrestrict.send :exec_queries
         end
       end
+
+      module Association
+        extend ActiveSupport::Concern
+
+        included do
+          include Protector::DSL::Base
+
+          alias_method_chain :reader, :protector
+        end
+
+        def reader_with_protector
+          reader_without_protector.restrict(@protector_subject)
+        end
+      end
     end
   end
 end

data/lib/protector/dsl.rb

@@ -9,6 +9,7 @@ module Protector
           @model       = model
           @fields      = fields
           @access      = {update: {}, view: {}, create: {}}.with_indifferent_access
+          @access_keys = {}.with_indifferent_access
           @relation    = false
           @destroyable = false
 
@@ -21,6 +22,8 @@ module Protector
               instance_exec &b
             end
           end
+
+          @access.each{|k,v| @access_keys[k] = v.keys}
         end
 
         def scope(&block)
@@ -63,6 +66,10 @@ module Protector
           end
         end
 
+        def readable?(field)
+          @access_keys[:view].include?(field.to_s)
+        end
+
         def creatable?(fields=false)
           modifiable? :create, fields
         end
@@ -78,10 +85,10 @@ module Protector
         private
 
         def modifiable?(part, fields)
-          return false unless @access[part].length > 0
+          return false unless @access_keys[part].length > 0
 
           if fields
-            return false if (fields.keys - @access[part].keys).length > 0
+            return false if (fields.keys - @access_keys[part]).length > 0
 
             fields.each do |k,v|
               case x = @access[part][k]

data/lib/protector/version.rb

@@ -1,3 +1,3 @@
 module Protector
-  VERSION = "0.0.1"
+  VERSION = "0.0.2"
 end

data/spec/lib/adapters/active_record_spec.rb

@@ -4,18 +4,36 @@ describe Protector::Adapters::ActiveRecord do
   before(:all) do
     ActiveRecord::Schema.verbose = false
     ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+
     ActiveRecord::Migration.create_table :dummies do |t|
-      t.string  :string
-      t.integer :number
-      t.text    :text
+      t.string      :string
+      t.integer     :number
+      t.text        :text
+      t.timestamps
+    end
+
+    ActiveRecord::Migration.create_table :fluffies do |t|
+      t.string      :string
+      t.belongs_to  :dummy
       t.timestamps
     end
 
-    class Dummy < ActiveRecord::Base; end
+    Protector::Adapters::ActiveRecord.activate!
+
+    class Dummy < ActiveRecord::Base
+      protect do; end
+      has_many :fluffies
+    end
     Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
     Dummy.create! string: 'zomgstring', number: 777, text: 'zomgtext'
 
-    Protector::Adapters::ActiveRecord.activate!
+    class Fluffy < ActiveRecord::Base
+      protect do
+        can :view, :dummy_id
+      end
+      belongs_to :dummy
+    end
+    Fluffy.create! string: 'zomgstring', dummy_id: 1
   end
 
   describe Protector::Adapters::ActiveRecord::Base do
@@ -30,8 +48,12 @@ describe Protector::Adapters::ActiveRecord do
     end
 
     it "scopes" do
+      @dummy.instance_eval do
+        protect do; scope{ all }; end
+      end
+
       scope = @dummy.restrict('!')
-      scope.should be_an_instance_of ActiveRecord::Relation
+      scope.should be_a_kind_of ActiveRecord::Relation
       scope.protector_subject.should == '!'
     end
 
@@ -56,7 +78,7 @@ describe Protector::Adapters::ActiveRecord do
     context "with null relation" do
       before(:each) do
         @dummy.instance_eval do
-          protect{ scope{ none } }
+          protect do; scope{ none }; end
         end
       end
 
@@ -76,7 +98,7 @@ describe Protector::Adapters::ActiveRecord do
     context "with active relation" do
       before(:each) do
         @dummy.instance_eval do
-          protect{ scope{ where(number: 999) } }
+          protect do; scope{ where(number: 999) }; end
         end
       end
 

data/spec/spec_helpers/model.rb

@@ -39,25 +39,51 @@ shared_examples_for "a model" do
     meta.access[:update].should == fields
   end
 
+  describe "association" do
+    context "(has_many)" do
+      it "passes subject" do
+        Dummy.first.restrict('!').fluffies.protector_subject.should == '!'
+      end
+    end
+
+    context "(belongs_to)" do
+      it "passes subject" do
+        Fluffy.first.restrict('!').dummy.protector_subject.should == '!'
+      end
+    end
+  end
+
   describe "visibility" do
     it "marks blocked" do
       @dummy.instance_eval do
-        protect do
-          scope { none }
-        end
+        protect do; scope { none }; end
       end
 
       @dummy.first.restrict('!').visible?.should == false
     end
 
     it "marks allowed" do
+      @dummy.instance_eval do
+        protect do; scope { limit(5) }; end
+      end
+
+      @dummy.first.restrict('!').visible?.should == true
+    end
+  end
+
+  describe "readability" do
+    it "hides fields" do
       @dummy.instance_eval do
         protect do
-          scope { limit(5) }
+          can :view, :string
         end
       end
 
-      @dummy.first.restrict('!').visible?.should == true
+      dummy = @dummy.first.restrict('!')
+      dummy.number.should == nil
+      dummy[:number].should == nil
+      dummy.read_attribute(:number).should_not == nil
+      dummy.string.should == 'zomgstring'
     end
   end
 
@@ -74,10 +100,10 @@ shared_examples_for "a model" do
         dummy.restrict('!').creatable?.should == false
       end
 
-      it "invalidates" do
-        dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
-        dummy.should invalidate
-      end
+      # it "invalidates" do
+      #   dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
+      #   dummy.should invalidate
+      # end
     end
 
     context "by list of fields" do
@@ -99,10 +125,10 @@ shared_examples_for "a model" do
         dummy.restrict('!').creatable?.should == true
       end
 
-      it "invalidates" do
-        dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
-        dummy.should invalidate
-      end
+      # it "invalidates" do
+      #   dummy = @dummy.new(string: 'bam', number: 1).restrict('!')
+      #   dummy.should invalidate
+      # end
 
       it "validates" do
         dummy = @dummy.new(string: 'bam').restrict('!')
@@ -114,7 +140,7 @@ shared_examples_for "a model" do
       before(:each) do
         @dummy.instance_eval do
           protect do
-            can :create, string: -> (x) { x.length == 5 }
+            can :create, string: -> (x) { x.try(:length) == 5 }
           end
         end
       end
@@ -129,10 +155,10 @@ shared_examples_for "a model" do
         dummy.restrict('!').creatable?.should == true
       end
 
-      it "invalidates" do
-        dummy = @dummy.new(string: 'bam').restrict('!')
-        dummy.should invalidate
-      end
+      # it "invalidates" do
+      #   dummy = @dummy.new(string: 'bam').restrict('!')
+      #   dummy.should invalidate
+      # end
 
       it "validates" do
         dummy = @dummy.new(string: '12345').restrict('!')
@@ -159,10 +185,10 @@ shared_examples_for "a model" do
         dummy.restrict('!').creatable?.should == true
       end
 
-      it "invalidates" do
-        dummy = @dummy.new(number: 500).restrict('!')
-        dummy.should invalidate
-      end
+      # it "invalidates" do
+      #   dummy = @dummy.new(number: 500).restrict('!')
+      #   dummy.should invalidate
+      # end
 
       it "validates" do
         dummy = @dummy.new(number: 2).restrict('!')
@@ -230,7 +256,7 @@ shared_examples_for "a model" do
       before(:each) do
         @dummy.instance_eval do
           protect do
-            can :update, string: -> (x) { x.length == 5 }
+            can :update, string: -> (x) { x.try(:length) == 5 }
           end
         end
       end
@@ -326,7 +352,7 @@ shared_examples_for "a model" do
       end
 
       dummy = @dummy.create!.restrict('!')
-      dummy.destroy.should == dummy
+      dummy.destroy!.should == dummy
       dummy.destroyed?.should == true
     end
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-22 00:00:00.000000000 Z
+date: 2013-05-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport