protector 0.0.2 → 0.0.4

data/lib/protector/adapters/active_record.rb

@@ -1,3 +1,7 @@
+require 'protector/adapters/active_record/base'
+require 'protector/adapters/active_record/association'
+require 'protector/adapters/active_record/relation'
+
 module Protector
   module Adapters
     module ActiveRecord
@@ -6,151 +10,7 @@ module Protector
         ::ActiveRecord::Relation.send :include, Protector::Adapters::ActiveRecord::Relation
         ::ActiveRecord::Associations::SingularAssociation.send :include, Protector::Adapters::ActiveRecord::Association
         ::ActiveRecord::Associations::CollectionAssociation.send :include, Protector::Adapters::ActiveRecord::Association
-      end
-
-      module Base
-        extend ActiveSupport::Concern
-
-        included do
-          include Protector::DSL::Base
-          include Protector::DSL::Entry
-
-          validate(on: :create) do
-            return unless @protector_subject
-            errors[:base] << I18n.t('protector.invalid') unless creatable?
-          end
-
-          validate(on: :update) do
-            return unless @protector_subject
-            errors[:base] << I18n.t('protector.invalid') unless updatable?
-          end
-
-          before_destroy do
-            return true unless @protector_subject
-            destroyable?
-          end
-        end
-
-        module ClassMethods
-          def restrict(subject)
-            all.restrict(subject)
-          end
-
-          def define_method_attribute(name)
-            safe_name = name.unpack('h*').first
-
-            if primary_key == name || (primary_key.is_a?(Array) && primary_key.include?(name))
-              condition = "true"
-            else
-              condition = "!@protector_subject || protector_meta.readable?(#{name.inspect})"
-            end
-
-            generated_attribute_methods.module_eval <<-STR, __FILE__, __LINE__ + 1
-              def __temp__#{safe_name}
-                if #{condition}
-                  read_attribute(AttrNames::ATTR_#{safe_name}) { |n| missing_attribute(n, caller) }
-                else
-                  nil
-                end
-              end
-              alias_method #{name.inspect}, :__temp__#{safe_name}
-              undef_method :__temp__#{safe_name}
-            STR
-          end
-        end
-
-        def protector_meta
-          unless @protector_subject
-            raise "Unprotected entity detected: use `restrict` method to protect it."
-          end
-
-          self.class.protector_meta.evaluate(
-            self.class,
-            self.class.column_names,
-            @protector_subject,
-            self
-          )
-        end
-
-        def visible?
-          protector_meta.relation.where(
-            self.class.primary_key => id
-          ).any?
-        end
-
-        def creatable?
-          fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
-          protector_meta.creatable?(fields)
-        end
-
-        def updatable?
-          fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
-          protector_meta.updatable?(fields)
-        end
-
-        def destroyable?
-          protector_meta.destroyable?
-        end
-
-        def [](name)
-          if !@protector_subject || protector_meta.readable?(name)
-            super
-          else
-            nil
-          end
-        end
-
-        def association(*args)
-          association = super
-          association.restrict @protector_subject
-          association
-        end
-      end
-
-      module Relation
-        extend ActiveSupport::Concern
-
-        included do
-          include Protector::DSL::Base
-
-          alias_method_chain :exec_queries, :protector
-        end
-
-        def protector_meta
-          @klass.protector_meta.evaluate(@klass, @klass.column_names, @protector_subject)
-        end
-
-        def count
-          super || 0
-        end
-
-        def sum
-          super || 0
-        end
-
-        def calculate(*args)
-          return super unless @protector_subject
-          merge(protector_meta.relation).unrestrict.calculate *args
-        end
-
-        def exec_queries_with_protector(*args)
-          return exec_queries_without_protector unless @protector_subject
-          @records = merge(protector_meta.relation).unrestrict.send :exec_queries
-        end
-      end
-
-      module Association
-        extend ActiveSupport::Concern
-
-        included do
-          include Protector::DSL::Base
-
-          alias_method_chain :reader, :protector
-        end
-
-        def reader_with_protector
-          reader_without_protector.restrict(@protector_subject)
-        end
+        # ::ActiveRecord::Associations::Preloader::Association.send :include, Protector::Adapters::ActiveRecord::PreloaderAssociation
       end
     end
   end

data/lib/protector/dsl.rb

@@ -2,6 +2,9 @@ module Protector
   module DSL
     # DSL meta storage and evaluator
     class Meta
+
+      # Evaluation result moved out of Meta to make it thread-safe
+      # and incapsulate better
       class Box
         attr_accessor :access, :relation, :destroyable
 
@@ -14,9 +17,10 @@ module Protector
           @destroyable = false
 
           blocks.each do |b|
-            if b.arity == 2
+            case b.arity
+            when 2
               instance_exec subject, entry, &b
-            elsif b.arity == 1
+            when 1
               instance_exec subject, &b
             else
               instance_exec &b
@@ -120,12 +124,12 @@ module Protector
         attr_reader :protector_subject
       end
 
-      def restrict(subject)
+      def restrict!(subject)
         @protector_subject = subject
         self
       end
 
-      def unrestrict
+      def unrestrict!
         @protector_subject = nil
         self
       end

data/lib/protector/version.rb

@@ -1,3 +1,3 @@
 module Protector
-  VERSION = "0.0.2"
+  VERSION = "0.0.4"
 end

data/lib/protector.rb

@@ -1,4 +1,5 @@
 require "active_support/all"
+require "i18n"
 
 require "protector/version"
 require "protector/dsl"
@@ -6,8 +7,4 @@ require "protector/adapters/active_record"
 
 I18n.load_path << Dir[File.join File.expand_path(File.dirname(__FILE__)), '..', 'locales', '*.yml']
 
-Protector::Adapters::ActiveRecord.activate! if defined?(ActiveRecord)
-
-module Protector
-  # Your code goes here...
-end
+Protector::Adapters::ActiveRecord.activate! if defined?(ActiveRecord)

data/spec/lib/adapters/active_record_spec.rb

@@ -1,118 +1,196 @@
 require 'spec_helpers/boot'
 
-describe Protector::Adapters::ActiveRecord do
-  before(:all) do
-    ActiveRecord::Schema.verbose = false
-    ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
-
-    ActiveRecord::Migration.create_table :dummies do |t|
-      t.string      :string
-      t.integer     :number
-      t.text        :text
-      t.timestamps
-    end
-
-    ActiveRecord::Migration.create_table :fluffies do |t|
-      t.string      :string
-      t.belongs_to  :dummy
-      t.timestamps
-    end
+if defined?(ActiveRecord)
 
-    Protector::Adapters::ActiveRecord.activate!
+  RSpec::Matchers.define :invalidate do
+  match do |actual|
+    actual.save.should == false
+    actual.errors[:base].should == ["Access denied"]
+  end
+  end
 
-    class Dummy < ActiveRecord::Base
-      protect do; end
-      has_many :fluffies
+  RSpec::Matchers.define :validate do
+  match do |actual|
+    actual.class.transaction do
+      actual.save.should == true
+      raise ActiveRecord::Rollback
     end
-    Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
-    Dummy.create! string: 'zomgstring', number: 777, text: 'zomgtext'
 
-    class Fluffy < ActiveRecord::Base
-      protect do
-        can :view, :dummy_id
-      end
-      belongs_to :dummy
-    end
-    Fluffy.create! string: 'zomgstring', dummy_id: 1
+    true
+  end
   end
 
-  describe Protector::Adapters::ActiveRecord::Base do
-    before(:each) do
-      @dummy = Class.new(ActiveRecord::Base) do
-        self.table_name = "dummies"
+  describe Protector::Adapters::ActiveRecord do
+    before(:all) do
+      ActiveRecord::Schema.verbose = false
+      ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+
+      ActiveRecord::Migration.create_table :dummies do |t|
+        t.string      :string
+        t.integer     :number
+        t.text        :text
+        t.timestamps
       end
-    end
-
-    it "includes" do
-      @dummy.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
-    end
 
-    it "scopes" do
-      @dummy.instance_eval do
-        protect do; scope{ all }; end
+      ActiveRecord::Migration.create_table :fluffies do |t|
+        t.string      :string
+        t.integer     :number
+        t.belongs_to  :dummy
+        t.timestamps
       end
 
-      scope = @dummy.restrict('!')
-      scope.should be_a_kind_of ActiveRecord::Relation
-      scope.protector_subject.should == '!'
-    end
+      Protector::Adapters::ActiveRecord.activate!
 
-    it_behaves_like "a model"
-  end
+      class Dummy < ActiveRecord::Base
+        protect do |x|
+          scope{ where('1=0') } if x == '-'
+          scope{ where(number: 999) } if x == '+'
+        end
 
-  describe Protector::Adapters::ActiveRecord::Relation do
-    before(:all) do
-      @dummy = Class.new(ActiveRecord::Base) do
-        self.table_name = "dummies"
+        scope :none, where('1 = 0') unless respond_to?(:none)
+        has_many :fluffies
       end
-    end
+      Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
+      Dummy.create! string: 'zomgstring', number: 777, text: 'zomgtext'
 
-    it "includes" do
-      @dummy.all.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
-    end
+      class Fluffy < ActiveRecord::Base
+        protect do |x|
+          scope{ where('1=0') } if x == '-'
+          scope{ where(number: 999) } if x == '+'
 
-    it "saves subject" do
-      @dummy.all.restrict('!').where(number: 999).protector_subject.should == '!'
+          can :view, :dummy_id unless x == '-'
+        end
+
+        scope :none, where('1 = 0') unless respond_to?(:none)
+        belongs_to :dummy
+      end
+      Fluffy.create! string: 'zomgstring', number: 999, dummy_id: 1
+      Fluffy.create! string: 'zomgstring', number: 777, dummy_id: 1
     end
 
-    context "with null relation" do
+    describe Protector::Adapters::ActiveRecord::Base do
       before(:each) do
-        @dummy.instance_eval do
-          protect do; scope{ none }; end
+        @dummy = Class.new(ActiveRecord::Base) do
+          self.table_name = "dummies"
+          scope :none, where('1 = 0') unless respond_to?(:none)
         end
       end
 
-      it "counts" do
-        @dummy.all.count.should == 2
-        @dummy.all.restrict('!').count.should == 0
+      it "includes" do
+        @dummy.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
       end
 
-      it "fetches" do
-        fetched = @dummy.all.restrict('!').to_a
+      it "scopes" do
+        @dummy.instance_eval do
+          protect do; scope{ all }; end
+        end
+
+        scope = @dummy.restrict!('!')
+        scope.should be_a_kind_of ActiveRecord::Relation
+        scope.protector_subject.should == '!'
+      end
 
-        @dummy.all.to_a.length.should == 2
-        fetched.length.should == 0
+      it_behaves_like "a model"
+
+      describe "eager loading" do
+        # around(:each) do |e|
+        #   ActiveRecord::Base.logger = Logger.new(STDOUT)
+        #   e.run
+        #   ActiveRecord::Base.logger = nil
+        # end
+
+        it "scopes" do
+          dummy = Dummy.restrict!('+').includes(:fluffies).first
+          dummy.fluffies.length.should == 1
+        end
       end
     end
 
-    context "with active relation" do
-      before(:each) do
+    describe Protector::Adapters::ActiveRecord::Relation do
+      before(:all) do
+        @dummy = Class.new(ActiveRecord::Base) do
+          self.table_name = "dummies"
+          scope :none, where('1 = 0') unless respond_to?(:none)
+        end
+      end
+
+      it "includes" do
+        @dummy.none.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
+      end
+
+      it "saves subject" do
+        @dummy.restrict!('!').where(number: 999).protector_subject.should == '!'
+      end
+
+      it "forwards subject" do
         @dummy.instance_eval do
-          protect do; scope{ where(number: 999) }; end
+          protect do; end
         end
+
+        @dummy.restrict!('!').where(number: 999).first.protector_subject.should == '!'
+        @dummy.restrict!('!').where(number: 999).to_a.first.protector_subject.should == '!'
       end
 
-      it "counts" do
-        @dummy.all.count.should == 2
-        @dummy.all.restrict('!').count.should == 1
+      context "with null relation" do
+        before(:each) do
+          @dummy.instance_eval do
+            protect do; scope{ none }; end
+          end
+        end
+
+        it "checks existence" do
+          @dummy.any?.should == true
+          @dummy.restrict!('!').any?.should == false
+        end
+
+        it "counts" do
+          @dummy.count.should == 2
+          @dummy.restrict!('!').count.should == 0
+        end
+
+        it "fetches" do
+          fetched = @dummy.restrict!('!').to_a
+
+          @dummy.all.length.should == 2
+          fetched.length.should == 0
+        end
+
+        it "keeps security scope when unscoped" do
+          @dummy.unscoped.restrict!('!').count.should == 0
+          @dummy.restrict!('!').unscoped.count.should == 0
+        end
       end
 
-      it "fetches" do
-        fetched = @dummy.all.restrict('!').to_a
+      context "with active relation" do
+        before(:each) do
+          @dummy.instance_eval do
+            protect do; scope{ where(number: 999) }; end
+          end
+        end
+
+        it "checks existence" do
+          @dummy.any?.should == true
+          @dummy.restrict!('!').any?.should == true
+        end
+
+        it "counts" do
+          @dummy.count.should == 2
+          @dummy.restrict!('!').count.should == 1
+        end
+
+        it "fetches" do
+          fetched = @dummy.restrict!('!').to_a
 
-        @dummy.all.to_a.length.should == 2
-        fetched.length.should == 1
+          @dummy.all.length.should == 2
+          fetched.length.should == 1
+        end
+
+        it "keeps security scope when unscoped" do
+          @dummy.unscoped.restrict!('!').count.should == 1
+          @dummy.restrict!('!').unscoped.count.should == 1
+        end
       end
     end
   end
+
 end

data/spec/lib/dsl_spec.rb

@@ -7,21 +7,21 @@ describe Protector::DSL do
     end
 
     it "defines proper methods" do
-      @base.instance_methods.should include(:restrict)
+      @base.instance_methods.should include(:restrict!)
       @base.instance_methods.should include(:protector_subject)
     end
 
     it "remembers protection subject" do
       base = @base.new
-      base.restrict("universe")
+      base.restrict!("universe")
       base.protector_subject.should == "universe"
     end
 
     it "forgets protection subject" do
       base = @base.new
-      base.restrict("universe")
+      base.restrict!("universe")
       base.protector_subject.should == "universe"
-      base.unrestrict
+      base.unrestrict!
       base.protector_subject.should == nil
     end
   end
@@ -41,24 +41,23 @@ describe Protector::DSL do
   end
 
   describe Protector::DSL::Meta do
-    l = -> (x) { x > 4 }
+    l = lambda {|x| x > 4 }
 
     before :each do
       @meta = Protector::DSL::Meta.new
 
-      # << -> FTW!
-      @meta << -> {
+      @meta << lambda {
         scope { 'relation' }
       }
 
-      @meta << -> (user) {
+      @meta << lambda {|user|
         user.should  == 'user'
 
         can    :view
         cannot :view, %w(field5), :field4
       }
 
-      @meta << -> (user, entry) {
+      @meta << lambda {|user, entry|
         user.should  == 'user'
         entry.should == 'entry'
 

data/spec/spec_helpers/boot.rb

@@ -1,7 +1,6 @@
-require 'pry'
 require 'protector'
 
-require 'active_record'
+Bundler.require
 
 require_relative 'model'