protector 0.2.4 → 0.3.0.beta.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 68d28de469f168b9678e739b5a6193292163b33c
-  data.tar.gz: 059591c46f57f4331ba39df89bd75ed79e10df46
+  metadata.gz: 2b37c2f2aabf355a3953ac75518bdb389317c460
+  data.tar.gz: 2a4e9e21d922f263c4518aafd19ea95f043239bb
 SHA512:
-  metadata.gz: 20e28e28708bcf3dca908672c2783b5c8e19bb40230c85bdb041fbc0e70392e363a68438a39bcdd98c3e40634d6240318d30bbb93c3c09559e191b5f86d99cf0
-  data.tar.gz: 6319e7cec8f0ead0ef55d4bdec193df10a59c153081cbe36c1174eb3914a7df31016369a48835610ccdc7a3c6dd6c742d6e283acc59f38423ef1daffaaacc008
+  metadata.gz: ce3cf9b5c16c4a1ac0c6126049eb645cc4fea48e8b264a6d833b97a9100e63d2f0dff4924073e4482e6819d695edd90a36ae864ae94b6874489c3c0bba2219e4
+  data.tar.gz: 9a97ac4a1ecee65b4b796ef2ca3ec9d58df8c1b9d92b9eaffb1211f3cec3c59476012361eefa2d43de996f67bc26c54f99c044ee8d51adee524b7a4022b942aa

data/gemfiles/AR_3.2.gemfile.lock

@@ -10,7 +10,7 @@ GIT
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.3)
+    protector (0.3.0.beta.1)
       activesupport
       i18n
 

data/gemfiles/AR_4.gemfile.lock

@@ -6,7 +6,7 @@ GIT
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.3)
+    protector (0.3.0.beta.1)
       activesupport
       i18n
 

data/gemfiles/Sequel.gemfile.lock

@@ -1,19 +1,23 @@
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.2.3)
+    protector (0.3.0.beta.1)
       activesupport
       i18n
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (3.2.12)
-      i18n (~> 0.6)
-      multi_json (~> 1.0)
+    activesupport (4.0.0)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
     appraisal (0.5.2)
       bundler
       rake
+    atomic (1.1.10)
     coderay (1.0.9)
     colored (1.2)
     colorize (0.5.8)
@@ -45,6 +49,7 @@ GEM
     lumberjack (1.0.3)
     method_source (0.8.1)
     mime-types (1.23)
+    minitest (4.7.5)
     multi_json (1.7.5)
     pry (0.9.12.2)
       coderay (~> 1.0.5)
@@ -82,6 +87,9 @@ GEM
       ffi
     sqlite3 (1.3.7)
     thor (0.18.1)
+    thread_safe (0.1.0)
+      atomic
+    tzinfo (0.3.37)
 
 PLATFORMS
   java

data/lib/protector/adapters/active_record/association.rb

@@ -17,7 +17,9 @@ module Protector
 
         # Wraps every association with current subject
         def scope_with_protector(*args)
-          scope_without_protector(*args).restrict!(owner.protector_subject)
+          scope = scope_without_protector(*args)
+          scope = scope.restrict!(owner.protector_subject) if owner.protector_subject?
+          scope
         end
       end
     end

data/lib/protector/adapters/active_record/base.rb

@@ -14,14 +14,14 @@ module Protector
           end
 
           validate do
-            return unless @protector_subject
+            return unless protector_subject?
             if (new_record? && !creatable?) || (!new_record? && !updatable?)
               errors[:base] << I18n.t('protector.invalid')
             end
           end
 
           before_destroy do
-            return true unless @protector_subject
+            return true unless protector_subject?
             destroyable?
           end
 
@@ -43,7 +43,7 @@ module Protector
 
           def [](name)
             if (
-              !@protector_subject || 
+              !protector_subject? || 
               name == self.class.primary_key ||
               (self.class.primary_key.is_a?(Array) && self.class.primary_key.include?(name)) ||
               protector_meta.readable?(name)
@@ -66,7 +66,7 @@ module Protector
                 alias_method #{"#{name}_unprotected".inspect}, #{name.inspect}
 
                 def #{name}
-                  if !@protector_subject || protector_meta.readable?(#{name.inspect})
+                  if !protector_subject? || protector_meta.readable?(#{name.inspect})
                     #{name}_unprotected
                   else
                     nil
@@ -81,7 +81,7 @@ module Protector
         def protector_meta
           @protector_meta ||= self.class.protector_meta.evaluate(
             self.class,
-            @protector_subject,
+            protector_subject,
             self.class.column_names,
             self
           )

data/lib/protector/adapters/active_record/preloader.rb

@@ -23,9 +23,13 @@ module Protector
             owners.first.protector_subject
           end
 
+          def protector_subject?
+            owners.first.protector_subject?
+          end
+
           # Restricts preloading association scope with subject of the owner
           def scope_with_protector(*args)
-            return scope_without_protector unless protector_subject
+            return scope_without_protector unless protector_subject?
 
             @meta ||= klass.protector_meta.evaluate(klass, protector_subject)
             scope_without_protector.merge(@meta.relation)

data/lib/protector/adapters/active_record/relation.rb

@@ -28,13 +28,13 @@ module Protector
         # Gets {Protector::DSL::Meta::Box} of this relation
         def protector_meta
           # We don't seem to require columns here as well
-          # @klass.protector_meta.evaluate(@klass, @protector_subject, @klass.column_names)
-          @klass.protector_meta.evaluate(@klass, @protector_subject)
+          @klass.protector_meta.evaluate(@klass, protector_subject)
         end
 
         # @note Unscoped relation drops properties and therefore should be re-restricted
         def unscoped
-          super.restrict!(@protector_subject)
+          return super unless protector_subject?
+          super.restrict!(protector_subject)
         end
 
         # @note This is here cause `NullRelation` can return `nil` from `count`
@@ -49,13 +49,13 @@ module Protector
 
         # Merges current relation with restriction and calls real `calculate`
         def calculate(*args)
-          return super unless @protector_subject
+          return super unless protector_subject?
           merge(protector_meta.relation).unrestrict!.calculate *args
         end
 
         # Merges current relation with restriction and calls real `exists?`
         def exists?(*args)
-          return super unless @protector_subject
+          return super unless protector_subject?
           merge(protector_meta.relation).unrestrict!.exists? *args
         end
 
@@ -68,11 +68,11 @@ module Protector
         # * merging current relation with restriction (of self and every eager association)
         def exec_queries_with_protector(*args)
           return @records if loaded?
-          return exec_queries_without_protector unless @protector_subject
+          return exec_queries_without_protector unless protector_subject?
 
-          subject  = @protector_subject
+          subject  = protector_subject
           relation = merge(protector_meta.relation).unrestrict!
-          relation = protector_substitute_includes(relation)
+          relation = protector_substitute_includes(subject, relation)
 
           # Preserve associations from internal loading. We are going to handle that
           # ourselves respecting security scopes FTW!
@@ -91,9 +91,7 @@ module Protector
 
         # Swaps `includes` with `preload` whether it's not referenced or merges
         # security scope of proper class otherwise
-        def protector_substitute_includes(relation)
-          subject = @protector_subject
-
+        def protector_substitute_includes(subject, relation)
           if eager_loading?
             protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
               # AR drops default_scope for eagerly loadable associations

data/lib/protector/adapters/sequel/dataset.rb

@@ -32,17 +32,17 @@ module Protector
 
         # Gets {Protector::DSL::Meta::Box} of this dataset
         def protector_meta
-          model.protector_meta.evaluate(model, @protector_subject)
+          model.protector_meta.evaluate(model, protector_subject)
         end
 
         # Substitutes `row_proc` with {Protector} and injects protection scope
         def each_with_protector(*args, &block)
-          return each_without_protector(*args, &block) if !@protector_subject
+          return each_without_protector(*args, &block) unless protector_subject?
 
-          relation = protector_defend_graph(clone, @protector_subject)
+          relation = protector_defend_graph(clone, protector_subject)
           relation = relation.instance_eval(&protector_meta.scope_proc) if protector_meta.scoped?
 
-          relation.row_proc = Restrictor.new(@protector_subject, relation.row_proc)
+          relation.row_proc = Restrictor.new(protector_subject, relation.row_proc)
           relation.each_without_protector(*args, &block)
         end
 

data/lib/protector/adapters/sequel/eager_graph_loader.rb

@@ -11,7 +11,7 @@ module Protector
         def initialize_with_protector(dataset)
           initialize_without_protector(dataset)
 
-          if dataset.protector_subject
+          if dataset.protector_subject?
             @row_procs.each do |k,v|
               @row_procs[k] = Dataset::Restrictor.new(dataset.protector_subject, v)
               @ta_map[k][1] = @row_procs[k] if @ta_map.has_key?(k)

data/lib/protector/adapters/sequel/model.rb

@@ -26,7 +26,7 @@ module Protector
         def protector_meta
           @protector_meta ||= self.class.protector_meta.evaluate(
             self.class,
-            @protector_subject,
+            protector_subject,
             self.class.columns,
             self
           )
@@ -62,14 +62,14 @@ module Protector
         # Basic security validations
         def validate
           super
-          return unless @protector_subject
+          return unless protector_subject?
           method = new? ? :creatable? : :updatable?
           errors.add(:base, I18n.t('protector.invalid')) unless __send__(method)
         end
 
         # Destroy availability check
         def before_destroy
-          return false if @protector_subject && !destroyable?
+          return false if protector_subject? && !destroyable?
           super
         end
 
@@ -78,7 +78,7 @@ module Protector
         # @param name [Symbol]          Name of attribute to read
         def [](name)
           if (
-            !@protector_subject || 
+            !protector_subject? || 
             name == self.class.primary_key ||
             (self.class.primary_key.is_a?(Array) && self.class.primary_key.include?(name)) ||
             protector_meta.readable?(name.to_s)
@@ -91,12 +91,12 @@ module Protector
 
         # This is used whenever we fetch data
         def _associated_dataset(*args)
-          super.restrict!(@protector_subject)
+          super.restrict!(protector_subject)
         end
 
         # This is used whenever we call counters and existance checkers
         def _dataset(*args)
-          super.restrict!(@protector_subject)
+          super.restrict!(protector_subject)
         end
       end
     end

data/lib/protector/dsl.rb

@@ -207,8 +207,6 @@ module Protector
       # @param fields [Array<String>]     All the fields the model has
       # @param entry [Object]             An instance of the model
       def evaluate(model, subject, fields=[], entry=nil)
-        raise "Unprotected entity detected: use `restrict` method to protect it." unless subject
-
         Box.new(model, fields, subject, entry, blocks)
       end
     end
@@ -216,8 +214,14 @@ module Protector
     module Base
       extend ActiveSupport::Concern
 
-      included do
-        attr_reader :protector_subject
+      # Property accessor that makes sure you don't use
+      # subject on a non-protected model
+      def protector_subject
+        unless protector_subject?
+          raise "Unprotected entity detected: use `restrict` method to protect it."
+        end
+
+        @protector_subject
       end
 
       # Assigns restriction subject
@@ -225,14 +229,21 @@ module Protector
       # @param [Object] subject         Subject to restrict against
       def restrict!(subject)
         @protector_subject = subject
+        @protector_subject_set = true
         self
       end
 
       # Clears restriction subject
       def unrestrict!
         @protector_subject = nil
+        @protector_subject_set = false
         self
       end
+
+      # Checks if model was restricted
+      def protector_subject?
+        @protector_subject_set == true
+      end
     end
 
     module Entry

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.2.4"
+  VERSION = "0.3.0.beta.2"
 end

data/spec/lib/dsl_spec.rb

@@ -11,6 +11,16 @@ describe Protector::DSL do
       @base.instance_methods.should include(:protector_subject)
     end
 
+    it "throws error for empty subect" do
+      base = @base.new
+      expect { base.protector_subject }.to raise_error
+    end
+
+    it "accepts nil as a subject" do
+      base = @base.new.restrict!(nil)
+      expect { base.protector_subject }.to_not raise_error
+    end
+
     it "remembers protection subject" do
       base = @base.new
       base.restrict!("universe")
@@ -22,7 +32,7 @@ describe Protector::DSL do
       base.restrict!("universe")
       base.protector_subject.should == "universe"
       base.unrestrict!
-      base.protector_subject.should == nil
+      expect { base.protector_subject }.to raise_error
     end
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.2.4
+  version: 0.3.0.beta.2
 platform: ruby
 authors:
 - Boris Staal
@@ -104,9 +104,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.2