protector 0.2.3 → 0.2.4

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 480667a8c7e66f9afb9fa1e5de46a99edc0d0325
4
- data.tar.gz: 39e9914aa30962eb6792a429b10fbde0fa08b141
3
+ metadata.gz: 68d28de469f168b9678e739b5a6193292163b33c
4
+ data.tar.gz: 059591c46f57f4331ba39df89bd75ed79e10df46
5
5
  SHA512:
6
- metadata.gz: 36003bdd3337ee49372bc4cbb4e220e149ba902b47f0b5b987f31823d458cb114494f7b0b537358997fd1f73d8c1ca49fc7cfb074407f1f65e86e7f1589fa46c
7
- data.tar.gz: 6874b536a5333f1e4fb4f45b08aced3c41fcd4618d7dc319ce6dcc103fd41396a8ff244d6ab34a57a9234100ee630a4dddc722fc79b48c3b92b3fec33d3c74bc
6
+ metadata.gz: 20e28e28708bcf3dca908672c2783b5c8e19bb40230c85bdb041fbc0e70392e363a68438a39bcdd98c3e40634d6240318d30bbb93c3c09559e191b5f86d99cf0
7
+ data.tar.gz: 6319e7cec8f0ead0ef55d4bdec193df10a59c153081cbe36c1174eb3914a7df31016369a48835610ccdc7a3c6dd6c742d6e283acc59f38423ef1daffaaacc008
data/Appraisals CHANGED
@@ -4,7 +4,7 @@ appraise "AR_3.2" do
4
4
  end
5
5
 
6
6
  appraise "AR_4" do
7
- gem "activerecord", "4.0.0.rc1", require: "active_record"
7
+ gem "activerecord", "4.0.0", require: "active_record"
8
8
  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
9
9
  end
10
10
 
@@ -14,4 +14,4 @@ end
14
14
 
15
15
  # appraise "Mongoid" do
16
16
  # gem "mongoid", ">= 3.1.4"
17
- # end
17
+ # end
data/README.md CHANGED
@@ -3,7 +3,6 @@
3
3
  [![Gem Version](https://badge.fury.io/rb/protector.png)](http://badge.fury.io/rb/protector)
4
4
  [![Build Status](https://travis-ci.org/inossidabile/protector.png?branch=master)](https://travis-ci.org/inossidabile/protector)
5
5
  [![Code Climate](https://codeclimate.com/github/inossidabile/protector.png)](https://codeclimate.com/github/inossidabile/protector)
6
- <!-- [![Coverage Status](https://coveralls.io/repos/inossidabile/protector/badge.png?branch=master)](https://coveralls.io/r/inossidabile/protector?branch=master) -->
7
6
 
8
7
  Protector is a Ruby ORM extension for managing security restrictions on a field level. The gem favors white-listing over black-listing (everything is disallowed by default), convention over configuration and is duck-type compatible with most of existing code.
9
8
 
@@ -39,7 +38,7 @@ class Article < ActiveRecord::Base # Fields: title, text, user_id, hidd
39
38
  end
40
39
 
41
40
  can :create, %w(title text) # Non-admins can't set `hidden` flag
42
- can :create, user_id: lamda{|x| # ... and should correctly fill
41
+ can :create, user_id: labmda{|x| # ... and should correctly fill
43
42
  x == user.id # ... the `user_id` association
44
43
  }
45
44
 
@@ -132,7 +131,7 @@ Each restricted model responds to the following methods:
132
131
 
133
132
  * `visible?` – determines if the model is visible through restriction scope
134
133
  * `creatable?` – determines if you pass validation on creation with the fields you set
135
- * `updateable?` – determines if you pass validation on update with the fields you changed
134
+ * `updatable?` – determines if you pass validation on update with the fields you changed
136
135
  * `destroyable?` – determines if you can destroy the model
137
136
 
138
137
  In fact Protector does not limit you to `:view`, `:update` and `:create` actions. They are just used internally. You however can define any other to make custom roles and restrictions. All of them are able to work on a field level.
@@ -13,7 +13,7 @@ gem "sqlite3", :platform=>:ruby
13
13
  gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
14
14
  gem "coveralls", :require=>false
15
15
  gem "ruby-prof", :platform=>:ruby
16
- gem "activerecord", "4.0.0.rc1", :require=>"active_record"
16
+ gem "activerecord", "4.0.0", :require=>"active_record"
17
17
  gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
18
18
 
19
19
  gemspec :path=>"../"
@@ -1,10 +1,7 @@
1
1
  GIT
2
2
  remote: git://github.com/jruby/activerecord-jdbc-adapter.git
3
- revision: b1cb2cb59496a7c3ae22799f88c8c4789e6a8cce
3
+ revision: 178d6177ae874a00e07f514e293eaa58d26dca5d
4
4
  specs:
5
- activerecord-jdbcsqlite3-adapter (1.3.0.DEV)
6
- activerecord-jdbc-adapter (~> 1.3.0.DEV)
7
- jdbc-sqlite3 (~> 3.7.2)
8
5
 
9
6
  PATH
10
7
  remote: /Users/inossidabile/Repos/protector
@@ -16,17 +13,16 @@ PATH
16
13
  GEM
17
14
  remote: https://rubygems.org/
18
15
  specs:
19
- activemodel (4.0.0.rc1)
20
- activesupport (= 4.0.0.rc1)
16
+ activemodel (4.0.0)
17
+ activesupport (= 4.0.0)
21
18
  builder (~> 3.1.0)
22
- activerecord (4.0.0.rc1)
23
- activemodel (= 4.0.0.rc1)
19
+ activerecord (4.0.0)
20
+ activemodel (= 4.0.0)
24
21
  activerecord-deprecated_finders (~> 1.0.2)
25
- activesupport (= 4.0.0.rc1)
22
+ activesupport (= 4.0.0)
26
23
  arel (~> 4.0.0)
27
- activerecord-deprecated_finders (1.0.2)
28
- activerecord-jdbc-adapter (1.3.0.beta1)
29
- activesupport (4.0.0.rc1)
24
+ activerecord-deprecated_finders (1.0.3)
25
+ activesupport (4.0.0)
30
26
  i18n (~> 0.6, >= 0.6.4)
31
27
  minitest (~> 4.2)
32
28
  multi_json (~> 1.3)
@@ -36,8 +32,7 @@ GEM
36
32
  bundler
37
33
  rake
38
34
  arel (4.0.0)
39
- atomic (1.1.9)
40
- atomic (1.1.9-java)
35
+ atomic (1.1.10)
41
36
  builder (3.1.4)
42
37
  coderay (1.0.9)
43
38
  colored (1.2)
@@ -49,39 +44,32 @@ GEM
49
44
  simplecov (>= 0.7)
50
45
  thor
51
46
  diff-lcs (1.2.4)
52
- ffi (1.8.1)
53
- ffi (1.8.1-java)
47
+ ffi (1.9.0)
54
48
  formatador (0.2.4)
55
- guard (1.8.0)
49
+ guard (1.8.1)
56
50
  formatador (>= 0.2.4)
57
51
  listen (>= 1.0.0)
58
52
  lumberjack (>= 1.0.2)
59
53
  pry (>= 0.9.10)
60
54
  thor (>= 0.14.6)
61
- guard-rspec (3.0.0)
55
+ guard-rspec (3.0.2)
62
56
  guard (>= 1.8)
63
57
  rspec (~> 2.13)
64
58
  i18n (0.6.4)
65
- jdbc-sqlite3 (3.7.2)
66
- listen (1.1.3)
59
+ listen (1.2.2)
67
60
  rb-fsevent (>= 0.9.3)
68
61
  rb-inotify (>= 0.9)
69
62
  rb-kqueue (>= 0.2)
70
- lumberjack (1.0.3)
63
+ lumberjack (1.0.4)
71
64
  method_source (0.8.1)
72
65
  mime-types (1.23)
73
- minitest (4.7.4)
74
- multi_json (1.7.3)
66
+ minitest (4.7.5)
67
+ multi_json (1.7.7)
75
68
  pry (0.9.12.2)
76
69
  coderay (~> 1.0.5)
77
70
  method_source (~> 0.8)
78
71
  slop (~> 3.4)
79
- pry (0.9.12.2-java)
80
- coderay (~> 1.0.5)
81
- method_source (~> 0.8)
82
- slop (~> 3.4)
83
- spoon (~> 0.0)
84
- rake (10.0.4)
72
+ rake (10.1.0)
85
73
  rb-fsevent (0.9.3)
86
74
  rb-inotify (0.9.0)
87
75
  ffi (>= 0.5.0)
@@ -103,8 +91,6 @@ GEM
103
91
  simplecov-html (~> 0.7.1)
104
92
  simplecov-html (0.7.1)
105
93
  slop (3.4.5)
106
- spoon (0.0.4)
107
- ffi
108
94
  sqlite3 (1.3.7)
109
95
  thor (0.18.1)
110
96
  thread_safe (0.1.0)
@@ -112,11 +98,10 @@ GEM
112
98
  tzinfo (0.3.37)
113
99
 
114
100
  PLATFORMS
115
- java
116
101
  ruby
117
102
 
118
103
  DEPENDENCIES
119
- activerecord (= 4.0.0.rc1)
104
+ activerecord (= 4.0.0)
120
105
  activerecord-jdbcsqlite3-adapter!
121
106
  appraisal
122
107
  colored
@@ -31,7 +31,7 @@ module Protector
31
31
  super
32
32
  end
33
33
 
34
- if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0.rc1')
34
+ if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0')
35
35
  def self.restrict!(subject)
36
36
  scoped.restrict!(subject)
37
37
  end
@@ -96,7 +96,27 @@ module Protector
96
96
 
97
97
  if eager_loading?
98
98
  protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
99
- relation = relation.merge(klass.protector_meta.evaluate(klass, subject).relation)
99
+ # AR drops default_scope for eagerly loadable associations
100
+ # https://github.com/inossidabile/protector/issues/3
101
+ # and so should we
102
+ meta = klass.protector_meta.evaluate(klass, subject)
103
+
104
+ if meta.scoped?
105
+ unscoped = klass.unscoped
106
+
107
+ # AR 4 has awfull inconsistency when it comes to method `all`
108
+ # We have to mimic base class behaviour for relation we get from `unscoped`
109
+ if Gem::Version.new(::ActiveRecord::VERSION::STRING) >= Gem::Version.new('4.0.0')
110
+ class <<unscoped
111
+ def all
112
+ self
113
+ end
114
+ end
115
+ end
116
+
117
+ # Finally we merge unscoped basic relation extended with protection scope
118
+ relation = relation.merge unscoped.instance_eval(&meta.scope_proc)
119
+ end
100
120
  end
101
121
  else
102
122
  relation.preload_values += includes_values
@@ -5,7 +5,7 @@ module Protector
5
5
 
6
6
  # Single DSL evaluation result
7
7
  class Box
8
- attr_accessor :access, :scope_proc, :relation, :destroyable
8
+ attr_accessor :access, :scope_proc, :destroyable
9
9
 
10
10
  # @param model [Class] The class of protected entity
11
11
  # @param fields [Array<String>] All the fields the model has
@@ -16,7 +16,7 @@ module Protector
16
16
  @model = model
17
17
  @fields = fields
18
18
  @access = {update: {}, view: {}, create: {}}
19
- @relation = false
19
+ @scope_proc = false
20
20
  @destroyable = false
21
21
 
22
22
  blocks.each do |b|
@@ -34,7 +34,7 @@ module Protector
34
34
  # Checks whether protection with given subject
35
35
  # has the selection scope defined
36
36
  def scoped?
37
- !!@relation
37
+ !!@scope_proc
38
38
  end
39
39
 
40
40
  # @group Protection DSL
@@ -51,7 +51,15 @@ module Protector
51
51
  # end
52
52
  def scope(&block)
53
53
  @scope_proc = block
54
- @relation = @model.instance_eval(&block)
54
+
55
+ @relation = false
56
+ @unscoped_relation = false
57
+ end
58
+
59
+ def relation
60
+ return false unless scoped?
61
+
62
+ @relation ||= @model.instance_eval(&@scope_proc)
55
63
  end
56
64
 
57
65
  # Enables action for given fields.
@@ -1,4 +1,4 @@
1
1
  module Protector
2
2
  # Gem version
3
- VERSION = "0.2.3"
3
+ VERSION = "0.2.4"
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: protector
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.3
4
+ version: 0.2.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - Boris Staal
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-06-04 00:00:00.000000000 Z
11
+ date: 2013-07-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -109,7 +109,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  requirements: []
111
111
  rubyforge_project:
112
- rubygems_version: 2.0.3
112
+ rubygems_version: 2.0.2
113
113
  signing_key:
114
114
  specification_version: 4
115
115
  summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping