protector 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/Appraisals +2 -2
  3. data/README.md +2 -3
  4. data/gemfiles/AR_4.gemfile +1 -1
  5. data/gemfiles/AR_4.gemfile.lock +18 -33
  6. data/lib/protector/adapters/active_record/base.rb +1 -1
  7. data/lib/protector/adapters/active_record/relation.rb +21 -1
  8. data/lib/protector/dsl.rb +12 -4
  9. data/lib/protector/version.rb +1 -1
  10. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 480667a8c7e66f9afb9fa1e5de46a99edc0d0325
4
- data.tar.gz: 39e9914aa30962eb6792a429b10fbde0fa08b141
3
+ metadata.gz: 68d28de469f168b9678e739b5a6193292163b33c
4
+ data.tar.gz: 059591c46f57f4331ba39df89bd75ed79e10df46
5
5
  SHA512:
6
- metadata.gz: 36003bdd3337ee49372bc4cbb4e220e149ba902b47f0b5b987f31823d458cb114494f7b0b537358997fd1f73d8c1ca49fc7cfb074407f1f65e86e7f1589fa46c
7
- data.tar.gz: 6874b536a5333f1e4fb4f45b08aced3c41fcd4618d7dc319ce6dcc103fd41396a8ff244d6ab34a57a9234100ee630a4dddc722fc79b48c3b92b3fec33d3c74bc
6
+ metadata.gz: 20e28e28708bcf3dca908672c2783b5c8e19bb40230c85bdb041fbc0e70392e363a68438a39bcdd98c3e40634d6240318d30bbb93c3c09559e191b5f86d99cf0
7
+ data.tar.gz: 6319e7cec8f0ead0ef55d4bdec193df10a59c153081cbe36c1174eb3914a7df31016369a48835610ccdc7a3c6dd6c742d6e283acc59f38423ef1daffaaacc008
data/Appraisals CHANGED
@@ -4,7 +4,7 @@ appraise "AR_3.2" do
4
4
  end
5
5
 
6
6
  appraise "AR_4" do
7
- gem "activerecord", "4.0.0.rc1", require: "active_record"
7
+ gem "activerecord", "4.0.0", require: "active_record"
8
8
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
9
9
  end
10
10
 
@@ -14,4 +14,4 @@ end
14
14
 
15
15
  # appraise "Mongoid" do
16
16
  # gem "mongoid", ">= 3.1.4"
17
- # end
17
+ # end
data/README.md CHANGED
@@ -3,7 +3,6 @@
3
3
  [![Gem Version](https://badge.fury.io/rb/protector.png)](http://badge.fury.io/rb/protector)
4
4
  [![Build Status](https://travis-ci.org/inossidabile/protector.png?branch=master)](https://travis-ci.org/inossidabile/protector)
5
5
  [![Code Climate](https://codeclimate.com/github/inossidabile/protector.png)](https://codeclimate.com/github/inossidabile/protector)
6
- <!-- [![Coverage Status](https://coveralls.io/repos/inossidabile/protector/badge.png?branch=master)](https://coveralls.io/r/inossidabile/protector?branch=master) -->
7
6
 
8
7
  Protector is a Ruby ORM extension for managing security restrictions on a field level. The gem favors white-listing over black-listing (everything is disallowed by default), convention over configuration and is duck-type compatible with most of existing code.
9
8
 
@@ -39,7 +38,7 @@ class Article < ActiveRecord::Base # Fields: title, text, user_id, hidd
39
38
  end
40
39
 
41
40
  can :create, %w(title text) # Non-admins can't set `hidden` flag
42
- can :create, user_id: lamda{|x| # ... and should correctly fill
41
+ can :create, user_id: labmda{|x| # ... and should correctly fill
43
42
  x == user.id # ... the `user_id` association
44
43
  }
45
44
 
@@ -132,7 +131,7 @@ Each restricted model responds to the following methods:
132
131
 
133
132
  * `visible?` – determines if the model is visible through restriction scope
134
133
  * `creatable?` – determines if you pass validation on creation with the fields you set
135
- * `updateable?` – determines if you pass validation on update with the fields you changed
134
+ * `updatable?` – determines if you pass validation on update with the fields you changed
136
135
  * `destroyable?` – determines if you can destroy the model
137
136
 
138
137
  In fact Protector does not limit you to `:view`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
data/gemfiles/AR_4.gemfile CHANGED
@@ -13,7 +13,7 @@ gem "sqlite3", :platform=>:ruby
13
13
  gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
14
14
  gem "coveralls", :require=>false
15
15
  gem "ruby-prof", :platform=>:ruby
16
- gem "activerecord", "4.0.0.rc1", :require=>"active_record"
16
+ gem "activerecord", "4.0.0", :require=>"active_record"
17
17
  gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
18
18
 
19
19
  gemspec :path=>"../"
data/gemfiles/AR_4.gemfile.lock CHANGED
@@ -1,10 +1,7 @@
1
1
  GIT
2
2
  remote: git://github.com/jruby/activerecord-jdbc-adapter.git
3
- revision: b1cb2cb59496a7c3ae22799f88c8c4789e6a8cce
3
+ revision: 178d6177ae874a00e07f514e293eaa58d26dca5d
4
4
  specs:
5
- activerecord-jdbcsqlite3-adapter (1.3.0.DEV)
6
- activerecord-jdbc-adapter (~> 1.3.0.DEV)
7
- jdbc-sqlite3 (~> 3.7.2)
8
5
 
9
6
  PATH
10
7
  remote: /Users/inossidabile/Repos/protector
@@ -16,17 +13,16 @@ PATH
16
13
  GEM
17
14
  remote: https://rubygems.org/
18
15
  specs:
19
- activemodel (4.0.0.rc1)
20
- activesupport (= 4.0.0.rc1)
16
+ activemodel (4.0.0)
17
+ activesupport (= 4.0.0)
21
18
  builder (~> 3.1.0)
22
- activerecord (4.0.0.rc1)
23
- activemodel (= 4.0.0.rc1)
19
+ activerecord (4.0.0)
20
+ activemodel (= 4.0.0)
24
21
  activerecord-deprecated_finders (~> 1.0.2)
25
- activesupport (= 4.0.0.rc1)
22
+ activesupport (= 4.0.0)
26
23
  arel (~> 4.0.0)
27
- activerecord-deprecated_finders (1.0.2)
28
- activerecord-jdbc-adapter (1.3.0.beta1)
29
- activesupport (4.0.0.rc1)
24
+ activerecord-deprecated_finders (1.0.3)
25
+ activesupport (4.0.0)
30
26
  i18n (~> 0.6, >= 0.6.4)
31
27
  minitest (~> 4.2)
32
28
  multi_json (~> 1.3)
@@ -36,8 +32,7 @@ GEM
36
32
  bundler
37
33
  rake
38
34
  arel (4.0.0)
39
- atomic (1.1.9)
40
- atomic (1.1.9-java)
35
+ atomic (1.1.10)
41
36
  builder (3.1.4)
42
37
  coderay (1.0.9)
43
38
  colored (1.2)
@@ -49,39 +44,32 @@ GEM
49
44
  simplecov (>= 0.7)
50
45
  thor
51
46
  diff-lcs (1.2.4)
52
- ffi (1.8.1)
53
- ffi (1.8.1-java)
47
+ ffi (1.9.0)
54
48
  formatador (0.2.4)
55
- guard (1.8.0)
49
+ guard (1.8.1)
56
50
  formatador (>= 0.2.4)
57
51
  listen (>= 1.0.0)
58
52
  lumberjack (>= 1.0.2)
59
53
  pry (>= 0.9.10)
60
54
  thor (>= 0.14.6)
61
- guard-rspec (3.0.0)
55
+ guard-rspec (3.0.2)
62
56
  guard (>= 1.8)
63
57
  rspec (~> 2.13)
64
58
  i18n (0.6.4)
65
- jdbc-sqlite3 (3.7.2)
66
- listen (1.1.3)
59
+ listen (1.2.2)
67
60
  rb-fsevent (>= 0.9.3)
68
61
  rb-inotify (>= 0.9)
69
62
  rb-kqueue (>= 0.2)
70
- lumberjack (1.0.3)
63
+ lumberjack (1.0.4)
71
64
  method_source (0.8.1)
72
65
  mime-types (1.23)
73
- minitest (4.7.4)
74
- multi_json (1.7.3)
66
+ minitest (4.7.5)
67
+ multi_json (1.7.7)
75
68
  pry (0.9.12.2)
76
69
  coderay (~> 1.0.5)
77
70
  method_source (~> 0.8)
78
71
  slop (~> 3.4)
79
- pry (0.9.12.2-java)
80
- coderay (~> 1.0.5)
81
- method_source (~> 0.8)
82
- slop (~> 3.4)
83
- spoon (~> 0.0)
84
- rake (10.0.4)
72
+ rake (10.1.0)
85
73
  rb-fsevent (0.9.3)
86
74
  rb-inotify (0.9.0)
87
75
  ffi (>= 0.5.0)
@@ -103,8 +91,6 @@ GEM
103
91
  simplecov-html (~> 0.7.1)
104
92
  simplecov-html (0.7.1)
105
93
  slop (3.4.5)
106
- spoon (0.0.4)
107
- ffi
108
94
  sqlite3 (1.3.7)
109
95
  thor (0.18.1)
110
96
  thread_safe (0.1.0)
@@ -112,11 +98,10 @@ GEM
112
98
  tzinfo (0.3.37)
113
99
 
114
100
  PLATFORMS
115
- java
116
101
  ruby
117
102
 
118
103
  DEPENDENCIES
119
- activerecord (= 4.0.0.rc1)
104
+ activerecord (= 4.0.0)
120
105
  activerecord-jdbcsqlite3-adapter!
121
106
  appraisal
122
107
  colored
data/lib/protector/adapters/active_record/base.rb CHANGED
@@ -31,7 +31,7 @@ module Protector
31
31
  super
32
32
  end
33
33
 
34
- if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0.rc1')
34
+ if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0')
35
35
  def self.restrict!(subject)
36
36
  scoped.restrict!(subject)
37
37
  end
data/lib/protector/adapters/active_record/relation.rb CHANGED
@@ -96,7 +96,27 @@ module Protector
96
96
 
97
97
  if eager_loading?
98
98
  protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
99
- relation = relation.merge(klass.protector_meta.evaluate(klass, subject).relation)
99
+ # AR drops default_scope for eagerly loadable associations
100
+ # https://github.com/inossidabile/protector/issues/3
101
+ # and so should we
102
+ meta = klass.protector_meta.evaluate(klass, subject)
103
+
104
+ if meta.scoped?
105
+ unscoped = klass.unscoped
106
+
107
+ # AR 4 has awfull inconsistency when it comes to method `all`
108
+ # We have to mimic base class behaviour for relation we get from `unscoped`
109
+ if Gem::Version.new(::ActiveRecord::VERSION::STRING) >= Gem::Version.new('4.0.0')
110
+ class <<unscoped
111
+ def all
112
+ self
113
+ end
114
+ end
115
+ end
116
+
117
+ # Finally we merge unscoped basic relation extended with protection scope
118
+ relation = relation.merge unscoped.instance_eval(&meta.scope_proc)
119
+ end
100
120
  end
101
121
  else
102
122
  relation.preload_values += includes_values
data/lib/protector/dsl.rb CHANGED
@@ -5,7 +5,7 @@ module Protector
5
5
 
6
6
  # Single DSL evaluation result
7
7
  class Box
8
- attr_accessor :access, :scope_proc, :relation, :destroyable
8
+ attr_accessor :access, :scope_proc, :destroyable
9
9
 
10
10
  # @param model [Class] The class of protected entity
11
11
  # @param fields [Array<String>] All the fields the model has
@@ -16,7 +16,7 @@ module Protector
16
16
  @model = model
17
17
  @fields = fields
18
18
  @access = {update: {}, view: {}, create: {}}
19
- @relation = false
19
+ @scope_proc = false
20
20
  @destroyable = false
21
21
 
22
22
  blocks.each do |b|
@@ -34,7 +34,7 @@ module Protector
34
34
  # Checks whether protection with given subject
35
35
  # has the selection scope defined
36
36
  def scoped?
37
- !!@relation
37
+ !!@scope_proc
38
38
  end
39
39
 
40
40
  # @group Protection DSL
@@ -51,7 +51,15 @@ module Protector
51
51
  # end
52
52
  def scope(&block)
53
53
  @scope_proc = block
54
- @relation = @model.instance_eval(&block)
54
+
55
+ @relation = false
56
+ @unscoped_relation = false
57
+ end
58
+
59
+ def relation
60
+ return false unless scoped?
61
+
62
+ @relation ||= @model.instance_eval(&@scope_proc)
55
63
  end
56
64
 
57
65
  # Enables action for given fields.
data/lib/protector/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module Protector
2
2
  # Gem version
3
- VERSION = "0.2.3"
3
+ VERSION = "0.2.4"
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: protector
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Boris Staal
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-06-04 00:00:00.000000000 Z
11
+ date: 2013-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -109,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.0.3
112
+ rubygems_version: 2.0.2
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping