protector 0.2.3 → 0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Appraisals +2 -2
- data/README.md +2 -3
- data/gemfiles/AR_4.gemfile +1 -1
- data/gemfiles/AR_4.gemfile.lock +18 -33
- data/lib/protector/adapters/active_record/base.rb +1 -1
- data/lib/protector/adapters/active_record/relation.rb +21 -1
- data/lib/protector/dsl.rb +12 -4
- data/lib/protector/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 68d28de469f168b9678e739b5a6193292163b33c
|
4
|
+
data.tar.gz: 059591c46f57f4331ba39df89bd75ed79e10df46
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 20e28e28708bcf3dca908672c2783b5c8e19bb40230c85bdb041fbc0e70392e363a68438a39bcdd98c3e40634d6240318d30bbb93c3c09559e191b5f86d99cf0
|
7
|
+
data.tar.gz: 6319e7cec8f0ead0ef55d4bdec193df10a59c153081cbe36c1174eb3914a7df31016369a48835610ccdc7a3c6dd6c742d6e283acc59f38423ef1daffaaacc008
|
data/Appraisals
CHANGED
@@ -4,7 +4,7 @@ appraise "AR_3.2" do
|
|
4
4
|
end
|
5
5
|
|
6
6
|
appraise "AR_4" do
|
7
|
-
gem "activerecord", "4.0.0
|
7
|
+
gem "activerecord", "4.0.0", require: "active_record"
|
8
8
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
|
9
9
|
end
|
10
10
|
|
@@ -14,4 +14,4 @@ end
|
|
14
14
|
|
15
15
|
# appraise "Mongoid" do
|
16
16
|
# gem "mongoid", ">= 3.1.4"
|
17
|
-
# end
|
17
|
+
# end
|
data/README.md
CHANGED
@@ -3,7 +3,6 @@
|
|
3
3
|
[![Gem Version](https://badge.fury.io/rb/protector.png)](http://badge.fury.io/rb/protector)
|
4
4
|
[![Build Status](https://travis-ci.org/inossidabile/protector.png?branch=master)](https://travis-ci.org/inossidabile/protector)
|
5
5
|
[![Code Climate](https://codeclimate.com/github/inossidabile/protector.png)](https://codeclimate.com/github/inossidabile/protector)
|
6
|
-
<!-- [![Coverage Status](https://coveralls.io/repos/inossidabile/protector/badge.png?branch=master)](https://coveralls.io/r/inossidabile/protector?branch=master) -->
|
7
6
|
|
8
7
|
Protector is a Ruby ORM extension for managing security restrictions on a field level. The gem favors white-listing over black-listing (everything is disallowed by default), convention over configuration and is duck-type compatible with most of existing code.
|
9
8
|
|
@@ -39,7 +38,7 @@ class Article < ActiveRecord::Base # Fields: title, text, user_id, hidd
|
|
39
38
|
end
|
40
39
|
|
41
40
|
can :create, %w(title text) # Non-admins can't set `hidden` flag
|
42
|
-
can :create, user_id:
|
41
|
+
can :create, user_id: labmda{|x| # ... and should correctly fill
|
43
42
|
x == user.id # ... the `user_id` association
|
44
43
|
}
|
45
44
|
|
@@ -132,7 +131,7 @@ Each restricted model responds to the following methods:
|
|
132
131
|
|
133
132
|
* `visible?` – determines if the model is visible through restriction scope
|
134
133
|
* `creatable?` – determines if you pass validation on creation with the fields you set
|
135
|
-
* `
|
134
|
+
* `updatable?` – determines if you pass validation on update with the fields you changed
|
136
135
|
* `destroyable?` – determines if you can destroy the model
|
137
136
|
|
138
137
|
In fact Protector does not limit you to `:view`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
|
data/gemfiles/AR_4.gemfile
CHANGED
@@ -13,7 +13,7 @@ gem "sqlite3", :platform=>:ruby
|
|
13
13
|
gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
|
14
14
|
gem "coveralls", :require=>false
|
15
15
|
gem "ruby-prof", :platform=>:ruby
|
16
|
-
gem "activerecord", "4.0.0
|
16
|
+
gem "activerecord", "4.0.0", :require=>"active_record"
|
17
17
|
gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
|
18
18
|
|
19
19
|
gemspec :path=>"../"
|
data/gemfiles/AR_4.gemfile.lock
CHANGED
@@ -1,10 +1,7 @@
|
|
1
1
|
GIT
|
2
2
|
remote: git://github.com/jruby/activerecord-jdbc-adapter.git
|
3
|
-
revision:
|
3
|
+
revision: 178d6177ae874a00e07f514e293eaa58d26dca5d
|
4
4
|
specs:
|
5
|
-
activerecord-jdbcsqlite3-adapter (1.3.0.DEV)
|
6
|
-
activerecord-jdbc-adapter (~> 1.3.0.DEV)
|
7
|
-
jdbc-sqlite3 (~> 3.7.2)
|
8
5
|
|
9
6
|
PATH
|
10
7
|
remote: /Users/inossidabile/Repos/protector
|
@@ -16,17 +13,16 @@ PATH
|
|
16
13
|
GEM
|
17
14
|
remote: https://rubygems.org/
|
18
15
|
specs:
|
19
|
-
activemodel (4.0.0
|
20
|
-
activesupport (= 4.0.0
|
16
|
+
activemodel (4.0.0)
|
17
|
+
activesupport (= 4.0.0)
|
21
18
|
builder (~> 3.1.0)
|
22
|
-
activerecord (4.0.0
|
23
|
-
activemodel (= 4.0.0
|
19
|
+
activerecord (4.0.0)
|
20
|
+
activemodel (= 4.0.0)
|
24
21
|
activerecord-deprecated_finders (~> 1.0.2)
|
25
|
-
activesupport (= 4.0.0
|
22
|
+
activesupport (= 4.0.0)
|
26
23
|
arel (~> 4.0.0)
|
27
|
-
activerecord-deprecated_finders (1.0.
|
28
|
-
|
29
|
-
activesupport (4.0.0.rc1)
|
24
|
+
activerecord-deprecated_finders (1.0.3)
|
25
|
+
activesupport (4.0.0)
|
30
26
|
i18n (~> 0.6, >= 0.6.4)
|
31
27
|
minitest (~> 4.2)
|
32
28
|
multi_json (~> 1.3)
|
@@ -36,8 +32,7 @@ GEM
|
|
36
32
|
bundler
|
37
33
|
rake
|
38
34
|
arel (4.0.0)
|
39
|
-
atomic (1.1.
|
40
|
-
atomic (1.1.9-java)
|
35
|
+
atomic (1.1.10)
|
41
36
|
builder (3.1.4)
|
42
37
|
coderay (1.0.9)
|
43
38
|
colored (1.2)
|
@@ -49,39 +44,32 @@ GEM
|
|
49
44
|
simplecov (>= 0.7)
|
50
45
|
thor
|
51
46
|
diff-lcs (1.2.4)
|
52
|
-
ffi (1.
|
53
|
-
ffi (1.8.1-java)
|
47
|
+
ffi (1.9.0)
|
54
48
|
formatador (0.2.4)
|
55
|
-
guard (1.8.
|
49
|
+
guard (1.8.1)
|
56
50
|
formatador (>= 0.2.4)
|
57
51
|
listen (>= 1.0.0)
|
58
52
|
lumberjack (>= 1.0.2)
|
59
53
|
pry (>= 0.9.10)
|
60
54
|
thor (>= 0.14.6)
|
61
|
-
guard-rspec (3.0.
|
55
|
+
guard-rspec (3.0.2)
|
62
56
|
guard (>= 1.8)
|
63
57
|
rspec (~> 2.13)
|
64
58
|
i18n (0.6.4)
|
65
|
-
|
66
|
-
listen (1.1.3)
|
59
|
+
listen (1.2.2)
|
67
60
|
rb-fsevent (>= 0.9.3)
|
68
61
|
rb-inotify (>= 0.9)
|
69
62
|
rb-kqueue (>= 0.2)
|
70
|
-
lumberjack (1.0.
|
63
|
+
lumberjack (1.0.4)
|
71
64
|
method_source (0.8.1)
|
72
65
|
mime-types (1.23)
|
73
|
-
minitest (4.7.
|
74
|
-
multi_json (1.7.
|
66
|
+
minitest (4.7.5)
|
67
|
+
multi_json (1.7.7)
|
75
68
|
pry (0.9.12.2)
|
76
69
|
coderay (~> 1.0.5)
|
77
70
|
method_source (~> 0.8)
|
78
71
|
slop (~> 3.4)
|
79
|
-
|
80
|
-
coderay (~> 1.0.5)
|
81
|
-
method_source (~> 0.8)
|
82
|
-
slop (~> 3.4)
|
83
|
-
spoon (~> 0.0)
|
84
|
-
rake (10.0.4)
|
72
|
+
rake (10.1.0)
|
85
73
|
rb-fsevent (0.9.3)
|
86
74
|
rb-inotify (0.9.0)
|
87
75
|
ffi (>= 0.5.0)
|
@@ -103,8 +91,6 @@ GEM
|
|
103
91
|
simplecov-html (~> 0.7.1)
|
104
92
|
simplecov-html (0.7.1)
|
105
93
|
slop (3.4.5)
|
106
|
-
spoon (0.0.4)
|
107
|
-
ffi
|
108
94
|
sqlite3 (1.3.7)
|
109
95
|
thor (0.18.1)
|
110
96
|
thread_safe (0.1.0)
|
@@ -112,11 +98,10 @@ GEM
|
|
112
98
|
tzinfo (0.3.37)
|
113
99
|
|
114
100
|
PLATFORMS
|
115
|
-
java
|
116
101
|
ruby
|
117
102
|
|
118
103
|
DEPENDENCIES
|
119
|
-
activerecord (= 4.0.0
|
104
|
+
activerecord (= 4.0.0)
|
120
105
|
activerecord-jdbcsqlite3-adapter!
|
121
106
|
appraisal
|
122
107
|
colored
|
@@ -31,7 +31,7 @@ module Protector
|
|
31
31
|
super
|
32
32
|
end
|
33
33
|
|
34
|
-
if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0
|
34
|
+
if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0')
|
35
35
|
def self.restrict!(subject)
|
36
36
|
scoped.restrict!(subject)
|
37
37
|
end
|
@@ -96,7 +96,27 @@ module Protector
|
|
96
96
|
|
97
97
|
if eager_loading?
|
98
98
|
protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
|
99
|
-
|
99
|
+
# AR drops default_scope for eagerly loadable associations
|
100
|
+
# https://github.com/inossidabile/protector/issues/3
|
101
|
+
# and so should we
|
102
|
+
meta = klass.protector_meta.evaluate(klass, subject)
|
103
|
+
|
104
|
+
if meta.scoped?
|
105
|
+
unscoped = klass.unscoped
|
106
|
+
|
107
|
+
# AR 4 has awfull inconsistency when it comes to method `all`
|
108
|
+
# We have to mimic base class behaviour for relation we get from `unscoped`
|
109
|
+
if Gem::Version.new(::ActiveRecord::VERSION::STRING) >= Gem::Version.new('4.0.0')
|
110
|
+
class <<unscoped
|
111
|
+
def all
|
112
|
+
self
|
113
|
+
end
|
114
|
+
end
|
115
|
+
end
|
116
|
+
|
117
|
+
# Finally we merge unscoped basic relation extended with protection scope
|
118
|
+
relation = relation.merge unscoped.instance_eval(&meta.scope_proc)
|
119
|
+
end
|
100
120
|
end
|
101
121
|
else
|
102
122
|
relation.preload_values += includes_values
|
data/lib/protector/dsl.rb
CHANGED
@@ -5,7 +5,7 @@ module Protector
|
|
5
5
|
|
6
6
|
# Single DSL evaluation result
|
7
7
|
class Box
|
8
|
-
attr_accessor :access, :scope_proc, :
|
8
|
+
attr_accessor :access, :scope_proc, :destroyable
|
9
9
|
|
10
10
|
# @param model [Class] The class of protected entity
|
11
11
|
# @param fields [Array<String>] All the fields the model has
|
@@ -16,7 +16,7 @@ module Protector
|
|
16
16
|
@model = model
|
17
17
|
@fields = fields
|
18
18
|
@access = {update: {}, view: {}, create: {}}
|
19
|
-
@
|
19
|
+
@scope_proc = false
|
20
20
|
@destroyable = false
|
21
21
|
|
22
22
|
blocks.each do |b|
|
@@ -34,7 +34,7 @@ module Protector
|
|
34
34
|
# Checks whether protection with given subject
|
35
35
|
# has the selection scope defined
|
36
36
|
def scoped?
|
37
|
-
!!@
|
37
|
+
!!@scope_proc
|
38
38
|
end
|
39
39
|
|
40
40
|
# @group Protection DSL
|
@@ -51,7 +51,15 @@ module Protector
|
|
51
51
|
# end
|
52
52
|
def scope(&block)
|
53
53
|
@scope_proc = block
|
54
|
-
|
54
|
+
|
55
|
+
@relation = false
|
56
|
+
@unscoped_relation = false
|
57
|
+
end
|
58
|
+
|
59
|
+
def relation
|
60
|
+
return false unless scoped?
|
61
|
+
|
62
|
+
@relation ||= @model.instance_eval(&@scope_proc)
|
55
63
|
end
|
56
64
|
|
57
65
|
# Enables action for given fields.
|
data/lib/protector/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: protector
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Boris Staal
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-
|
11
|
+
date: 2013-07-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -109,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
109
109
|
version: '0'
|
110
110
|
requirements: []
|
111
111
|
rubyforge_project:
|
112
|
-
rubygems_version: 2.0.
|
112
|
+
rubygems_version: 2.0.2
|
113
113
|
signing_key:
|
114
114
|
specification_version: 4
|
115
115
|
summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping
|