RubyGems - protector - Versions diffs - 0.2.1 → 0.2.2 - Mend

protector 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

checksums.yaml +4 -4
data/README.md +29 -0
data/gemfiles/AR_3.2.gemfile.lock +1 -1
data/gemfiles/AR_4.gemfile.lock +1 -1
data/gemfiles/Sequel.gemfile.lock +1 -1
data/lib/protector/adapters/active_record/base.rb +4 -0
data/lib/protector/adapters/sequel/model.rb +5 -0
data/lib/protector/dsl.rb +1 -1
data/lib/protector/version.rb +1 -1
data/spec/lib/dsl_spec.rb +81 -55
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 75c42dc51baa287fb4d302415f78e383687b88b0
-  data.tar.gz: e11a06fc1a46d40deeb04c36295e5efce4795bbf
+  metadata.gz: 03db84c2cab1a1f3ea79576688e6102d14976aa1
+  data.tar.gz: e89e5f3d0be3758a229e399a7a5696ee71572075
 SHA512:
-  metadata.gz: c5c613251c76af90245f55031a26711a193f84474e86d68f352b2afb1d9afb3fd9c77a92faaa396816f00dcf0a579a548fc242766920e600318dd73a1d0e87f0
-  data.tar.gz: 14f326b243705cdfd75bf132b42c04a8d9e06db85ee6ffa69d9e955251cabe936da2d99a4ecafdd7fe6beb99e01512a84b4e705e7b80e49f1dc242a0017633e8
+  metadata.gz: 1606ca8a4e1eb3683912625aec8a7366177fe377029cd05eb1f2ba4a95eaf123edd75b3ac1763101a8b60778d1c15b8fdac8a0e02c2460d084110dcdad0ca07e
+  data.tar.gz: 0a093f6600af980f34673ea75217897e29e75b5b1eef34814feea309440bb8f8f142948b8b8f1f53d75054a15fac75418eb80e0397092d79468a646601319733

data/README.md CHANGED

@@ -62,6 +62,8 @@ Now that we have ACL described we can enable it as easy as:
 article.restrict!(current_user)    # Assuming article is an instance of Article
 ```
+Now if `current_user` is a guest we will get `nil` from `article.text`. At the same time we will get validation error if we pass any fields but title, text and user_id (equal to our own id) on creation.
 To make model unsafe again call:
 ```ruby
@@ -143,6 +145,33 @@ Foo.restrict!(current_user).preload(:bars).join(:bars).where(bars: {absolute: tr
 Such chain will force the usage of an additional request so the first query will not be scoped with `Bar` restriction.
+## Manual checks and custom actions
+Each restricted model responds to the following methods:
+* `visible?` – determines if the model is visible through restriction scope
+* `creatable?` – determines if you pass validation on creation with the fields you set
+* `updateable?` – determines if you pass validation on update with the fields you changed
+* `destroyable?` – determines if you can destroy the model
+In fact Protector does not limit you to `:view`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
+```ruby
+protect do
+  can :drink, :field1         # Allows `drink` action with field1
+  can :eat                    # Allows `eat` action with any field
+end
+```
+To check against custom actions use `can?` method:
+```ruby
+model.can?(:drink, :field2)   # Checks if model can drink field2
+model.can?(:drink)            # Checks if model can drink any field
+```
+As you can see you don't have to use fields. You can use `can :foo` and `can? :foo`. While they will bound to fields internally it will work like you expect for empty sets.
 ## Ideology
 Protector is a successor to [Heimdallr](https://github.com/inossidabile/heimdallr). The latter being a proof-of-concept appeared to be way too paranoid and incompatible with the rest of the world. Protector re-implements same idea keeping the Ruby way:

data/gemfiles/AR_3.2.gemfile.lock CHANGED

@@ -10,7 +10,7 @@ GIT
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.1)
+    protector (0.2.2)
       activesupport
       i18n

data/gemfiles/AR_4.gemfile.lock CHANGED

@@ -9,7 +9,7 @@ GIT
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.1)
+    protector (0.2.2)
       activesupport
       i18n

data/gemfiles/Sequel.gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.1)
+    protector (0.2.2)
       activesupport
       i18n

data/lib/protector/adapters/active_record/base.rb CHANGED

@@ -110,6 +110,10 @@ module Protector
         def destroyable?
           protector_meta.destroyable?
         end
+        def can?(action, field)
+          protector_meta.can?(action, field)
+        end
       end
     end
   end

data/lib/protector/adapters/sequel/model.rb CHANGED

@@ -34,6 +34,7 @@ module Protector
         # Checks if current model can be selected in the context of current subject
         def visible?
+          return true unless protector_meta.scoped?
           protector_meta.relation.where(pk_hash).any?
         end
@@ -54,6 +55,10 @@ module Protector
           protector_meta.destroyable?
         end
+        def can?(action, field)
+          protector_meta.can?(action, field)
+        end
         # Basic security validations
         def validate
           super

data/lib/protector/dsl.rb CHANGED

@@ -156,7 +156,7 @@ module Protector
         def can?(action, field=false)
           return false unless @access[action]
           return !@access[action].empty? if field === false
-          @access[action].has_key?(field)
+          @access[action].has_key?(field.to_s)
         end
         private

data/lib/protector/version.rb CHANGED

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.2.1"
+  VERSION = "0.2.2"
 end

data/spec/lib/dsl_spec.rb CHANGED

@@ -41,75 +41,101 @@ describe Protector::DSL do
   end
   describe Protector::DSL::Meta do
-    l = lambda {|x| x > 4 }
+    context "basic methods" do
+      l = lambda {|x| x > 4 }
-    before :each do
-      @meta = Protector::DSL::Meta.new
+      before :each do
+        @meta = Protector::DSL::Meta.new
-      @meta << lambda {
-        scope { 'relation' }
-      }
+        @meta << lambda {
+          scope { 'relation' }
+        }
-      @meta << lambda {|user|
-        user.should  == 'user'
+        @meta << lambda {|user|
+          user.should  == 'user'
-        can    :view
-        cannot :view, %w(field5), :field4
-      }
+          can    :view
+          cannot :view, %w(field5), :field4
+        }
-      @meta << lambda {|user, entry|
-        user.should  == 'user'
-        entry.should == 'entry'
+        @meta << lambda {|user, entry|
+          user.should  == 'user'
+          entry.should == 'entry'
-        can :update, %w(field1 field2 field3),
-          field4: 0..5,
-          field5: l
+          can :update, %w(field1 field2 field3),
+            field4: 0..5,
+            field5: l
-        can :destroy
-      }
-    end
+          can :destroy
+        }
+      end
-    it "evaluates" do
-      @meta.evaluate(nil, 'user', [], 'entry')
-    end
+      it "evaluates" do
+        @meta.evaluate(nil, 'user', [], 'entry')
+      end
-    it "sets relation" do
-      data = @meta.evaluate(nil, 'user', [], 'entry')
-      data.relation.should == 'relation'
-    end
+      it "sets relation" do
+        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data.relation.should == 'relation'
+      end
-    it "sets access" do
-      data = @meta.evaluate(nil, 'user', %w(field1 field2 field3 field4 field5), 'entry')
-      data.access.should == {
-        update: {
-          "field1" => nil,
-          "field2" => nil,
-          "field3" => nil,
-          "field4" => 0..5,
-          "field5" => l
-        },
-        view: {
-          "field1" => nil,
-          "field2" => nil,
-          "field3" => nil
-        },
-        create: {}
-      }
-    end
+      it "sets access" do
+        data = @meta.evaluate(nil, 'user', %w(field1 field2 field3 field4 field5), 'entry')
+        data.access.should == {
+          update: {
+            "field1" => nil,
+            "field2" => nil,
+            "field3" => nil,
+            "field4" => 0..5,
+            "field5" => l
+          },
+          view: {
+            "field1" => nil,
+            "field2" => nil,
+            "field3" => nil
+          },
+          create: {}
+        }
+      end
-    it "marks destroyable" do
-      data = @meta.evaluate(nil, 'user', [], 'entry')
-      data.destroyable?.should == true
-    end
+      it "marks destroyable" do
+        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data.destroyable?.should == true
+      end
+      it "marks updatable" do
+        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data.updatable?.should == true
+      end
-    it "marks updatable" do
-      data = @meta.evaluate(nil, 'user', [], 'entry')
-      data.updatable?.should == true
+      it "marks creatable" do
+        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data.creatable?.should == false
+      end
     end
-    it "marks creatable" do
-      data = @meta.evaluate(nil, 'user', [], 'entry')
-      data.creatable?.should == false
+    context "custom methods" do
+      before :each do
+        @meta = Protector::DSL::Meta.new
+        @meta << lambda {
+          can :drink, :field1
+          can :eat
+          cannot :eat, :field1
+        }
+      end
+      it "sets field-level restriction" do
+        box = @meta.evaluate(nil, 'user', %w(field1 field2), 'entry')
+        box.can?(:drink, :field1).should == true
+        box.can?(:drink).should == true
+      end
+      it "sets field-level protection" do
+        box = @meta.evaluate(nil, 'user', %w(field1 field2), 'entry')
+        box.can?(:eat, :field1).should == false
+        box.can?(:eat).should == true
+      end
     end
   end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Boris Staal