protector 0.3.3 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 96fab27725783cc22165b845a9c4064f116dbe35
-  data.tar.gz: 7a8dbdbffefcb27380c5c9ff0972a9a2704c1be6
+  metadata.gz: bf6b4587e9147a97a18ad6e3b602ca06bf59a07a
+  data.tar.gz: 94e454726030e22b403c47d0c80869aa73c97281
 SHA512:
-  metadata.gz: 82c3d96e96ad45313add53cb1ef48fb7fa3df78bac3a8566c820a2f3db1a7bbe63fa216685780cf813ad80fd9678d583acd921a8a8a50f56253d2685241ae32c
-  data.tar.gz: df173a15749af23f7be5e38cf163aa613f42e8750ae2e9fe61a423b3deec66676e9c13c42043775c4539e53572f81f9ce0211fd1fcb2a5517179feed6631ec93
+  metadata.gz: 27bdf5f0e506f34c8b779ab62fc9fece5fbb0fb894230b42fc9c2da13d3d874f850ca55a377a28d6a8fec810ee0002525ceed8f3fe2168f71ffb6e807f073d77
+  data.tar.gz: eb29c4f00148b9eea6bb980f2a57edc89acd5a6b30bba1f5ee51d81ac7cfb6fffc151e4270a120b66d6a715ec53a553830cdf95eb3f88ac474805bee68579283

data/README.md

@@ -98,6 +98,8 @@ Article.where(...).restrict!(current_user)
 
 Note that you don't need to explicitly restrict models you get from a restricted scope – they born restricted.
 
+**Important**: unlike fields, scopes follow black-list approach by default. It means that you will NOT restrict selection in any way if no scope was set within protection block! This arguably is the best default strategy. But it's not the only one – see `paranoid` at the [list of available options](https://github.com/inossidabile/protector#options) for details.
+
 ## Self-aware conditions
 
 Sometimes an access decision depends on the object we restrict. `protect` block accepts second argument to fulfill these cases. Keep in mind however that it's not always accessible: we don't have any instance for the restriction of relation and therefore `nil` is passed.
@@ -203,6 +205,14 @@ Protector::Adapters::ActiveRecord.activate!
 
 Where "ActiveRecord" is the adapter you are about to use. It can be "Sequel", "DataMapper", "Mongoid".
 
+## Options
+
+Use `Protector.option = value` to assign an option. Available options are:
+
+  * **paranoid**: makes scope management white-listed. If set to `true` will force Protector to return empty scope when no scope was given within a protection block.
+
+Protector features basic Rails integration so you can assign options using `config.protector.option = value` at your `config/*.rb`.
+
 ## Maintainers
 
 * Boris Staal, [@inossidabile](http://staal.io)

data/lib/protector.rb

@@ -6,6 +6,8 @@ require "protector/dsl"
 require "protector/adapters/active_record"
 require "protector/adapters/sequel"
 
+require "protector/engine" if defined?(Rails)
+
 I18n.load_path += Dir[File.expand_path File.join('..', 'locales', '*.yml'), File.dirname(__FILE__)]
 
 module Protector

data/lib/protector/adapters/active_record.rb

@@ -28,11 +28,11 @@ module Protector
         (instance.is_a?(Class) && instance < ActiveRecord::Base)
       end
 
-      def self.nullify(relation)
-        if modern?
-          relation.none
+      def self.null_proc
+        @null_proc ||= if modern?
+          Proc.new{ none }
         else
-          relation.where("1=0")
+          Proc.new{ where("1=0") }
         end
       end
     end

data/lib/protector/adapters/active_record/base.rb

@@ -80,6 +80,7 @@ module Protector
         # Storage for {Protector::DSL::Meta::Box}
         def protector_meta
           @protector_meta ||= self.class.protector_meta.evaluate(
+            Protector::Adapters::ActiveRecord,
             self.class,
             protector_subject,
             self.class.column_names,

data/lib/protector/adapters/active_record/preloader.rb

@@ -31,7 +31,12 @@ module Protector
           def scope_with_protector(*args)
             return scope_without_protector unless protector_subject?
 
-            @meta ||= klass.protector_meta.evaluate(klass, protector_subject)
+            @meta ||= klass.protector_meta.evaluate(
+              Protector::Adapters::ActiveRecord,
+              klass,
+              protector_subject
+            )
+
             scope_without_protector.merge(@meta.relation)
           end
         end

data/lib/protector/adapters/active_record/relation.rb

@@ -28,7 +28,11 @@ module Protector
         # Gets {Protector::DSL::Meta::Box} of this relation
         def protector_meta
           # We don't seem to require columns here as well
-          @klass.protector_meta.evaluate(@klass, protector_subject)
+          @klass.protector_meta.evaluate(
+            Protector::Adapters::ActiveRecord,
+            @klass,
+            protector_subject
+          )
         end
 
         # @note Unscoped relation drops properties and therefore should be re-restricted
@@ -107,7 +111,11 @@ module Protector
               # AR drops default_scope for eagerly loadable associations
               # https://github.com/inossidabile/protector/issues/3
               # and so should we
-              meta = klass.protector_meta.evaluate(klass, subject)
+              meta = klass.protector_meta.evaluate(
+                Protector::Adapters::ActiveRecord,
+                klass,
+                subject
+              )
 
               if meta.scoped?
                 unscoped = klass.unscoped

data/lib/protector/adapters/sequel.rb

@@ -20,8 +20,8 @@ module Protector
         (instance.kind_of?(Class) && instance < ::Sequel::Model)
       end
 
-      def self.nullify(relation)
-        relation.where("1=0")
+      def self.null_proc
+        @null_proc ||= Proc.new{ where("1=0") }
       end
     end
   end

data/lib/protector/adapters/sequel/dataset.rb

@@ -32,7 +32,11 @@ module Protector
 
         # Gets {Protector::DSL::Meta::Box} of this dataset
         def protector_meta
-          model.protector_meta.evaluate(model, protector_subject)
+          model.protector_meta.evaluate(
+            Protector::Adapters::Sequel,
+            model,
+            protector_subject
+          )
         end
 
         # Substitutes `row_proc` with {Protector} and injects protection scope
@@ -53,7 +57,11 @@ module Protector
           @opts[:eager_graph][:reflections].each do |association, reflection|
             model = reflection[:cache][:class] if reflection[:cache].is_a?(Hash) && reflection[:cache][:class]
             model = reflection[:class_name].constantize unless model
-            meta  = model.protector_meta.evaluate(model, subject)
+            meta  = model.protector_meta.evaluate(
+              Protector::Adapters::Sequel,
+              model,
+              subject
+            )
 
             relation = relation.instance_eval(&meta.scope_proc) if meta.scoped?
           end

data/lib/protector/adapters/sequel/model.rb

@@ -25,6 +25,7 @@ module Protector
         # Storage for {Protector::DSL::Meta::Box}
         def protector_meta
           @protector_meta ||= self.class.protector_meta.evaluate(
+            Protector::Adapters::Sequel,
             self.class,
             protector_subject,
             self.class.columns,

data/lib/protector/dsl.rb

@@ -5,14 +5,15 @@ module Protector
 
       # Single DSL evaluation result
       class Box
-        attr_accessor :access, :scope_proc, :destroyable
+        attr_accessor :adapter, :access, :destroyable
 
         # @param model [Class]              The class of protected entity
         # @param fields [Array<String>]     All the fields the model has
         # @param subject [Object]           Restriction subject
         # @param entry [Object]             An instance of the model
         # @param blocks [Array<Proc>]       An array of `protect` blocks
-        def initialize(model, fields, subject, entry, blocks)
+        def initialize(adapter, model, fields, subject, entry, blocks)
+          @adapter     = adapter
           @model       = model
           @fields      = fields
           @access      = {update: {}, view: {}, create: {}}
@@ -36,7 +37,7 @@ module Protector
         # Checks whether protection with given subject
         # has the selection scope defined
         def scoped?
-          !!@scope_proc
+          Protector.paranoid || !!@scope_proc
         end
 
         # @group Protection DSL
@@ -58,13 +59,18 @@ module Protector
           @unscoped_relation = false
         end
 
+        def scope_proc
+          unless Protector.paranoid
+            @scope_proc
+          else
+            @scope_proc || @adapter.null_proc
+          end
+        end
+
         def relation
           return false unless scoped?
 
-          unless @relation
-            @relation = @model.instance_eval(&@scope_proc)
-          end
-
+          @relation ||= @model.instance_eval(&scope_proc)
           @relation
         end
 
@@ -212,8 +218,8 @@ module Protector
       # @param subject [Object]           Restriction subject
       # @param fields [Array<String>]     All the fields the model has
       # @param entry [Object]             An instance of the model
-      def evaluate(model, subject, fields=[], entry=nil)
-        Box.new(model, fields, subject, entry, blocks)
+      def evaluate(adapter, model, subject, fields=[], entry=nil)
+        Box.new(adapter, model, fields, subject, entry, blocks)
       end
     end
 

data/lib/protector/engine.rb

@@ -0,0 +1,11 @@
+module Protector
+  class Engine < ::Rails::Engine
+    config.protector = ActiveSupport::OrderedOptions.new
+
+    initializer "protector.configuration" do |app|
+      app.config.protector.each do |key, value|
+        Protector.send "#{key}=", value
+      end
+    end
+  end
+end

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.3.3"
+  VERSION = "0.4.0"
 end

data/spec/lib/adapters/active_record_spec.rb

@@ -42,6 +42,10 @@ if defined?(ActiveRecord)
         Protector::Adapters::ActiveRecord.is?(Dummy).should == true
         Protector::Adapters::ActiveRecord.is?(Dummy.every).should == true
       end
+
+      it "sets the adapter" do
+        Dummy.restrict!('!').protector_meta.adapter.should == Protector::Adapters::ActiveRecord
+      end
     end
 
     #
@@ -87,6 +91,46 @@ if defined?(ActiveRecord)
         Dummy.restrict!('!').where(number: 999).to_a.first.protector_subject.should == '!'
       end
 
+      context "with open relation" do
+        context "adequate", paranoid: false do
+          it "checks existence" do
+            Dummy.any?.should == true
+            Dummy.restrict!('!').any?.should == true
+          end
+
+          it "counts" do
+            Dummy.count.should == 4
+            Dummy.restrict!('!').count.should == 4
+          end
+
+          it "fetches" do
+            fetched = Dummy.restrict!('!').to_a
+
+            Dummy.count.should == 4
+            fetched.length.should == 4
+          end
+        end
+
+        context "paranoid", paranoid: true do
+          it "checks existence" do
+            Dummy.any?.should == true
+            Dummy.restrict!('!').any?.should == false
+          end
+
+          it "counts" do
+            Dummy.count.should == 4
+            Dummy.restrict!('!').count.should == 0
+          end
+
+          it "fetches" do
+            fetched = Dummy.restrict!('!').to_a
+
+            Dummy.count.should == 4
+            fetched.length.should == 0
+          end
+        end
+      end
+
       context "with null relation" do
         it "checks existence" do
           Dummy.any?.should == true

data/spec/lib/adapters/sequel_spec.rb

@@ -42,6 +42,10 @@ if defined?(Sequel)
         Protector::Adapters::Sequel.is?(Dummy).should == true
         Protector::Adapters::Sequel.is?(Dummy.where).should == true
       end
+
+      it "sets the adapter" do
+        Dummy.restrict!('!').protector_meta.adapter.should == Protector::Adapters::Sequel
+      end
     end
 
 
@@ -84,6 +88,54 @@ if defined?(Sequel)
         Dummy.restrict!('!').eager_graph(fluffies: :loony).all.first.fluffies.first.loony.protector_subject.should == '!'
       end
 
+      context "with open relation" do
+        context "adequate", paranoid: false do
+          it "checks existence" do
+            Dummy.any?.should == true
+            Dummy.restrict!('!').any?.should == true
+          end
+
+          it "counts" do
+            Dummy.count.should == 4
+            Dummy.restrict!('!').count.should == 4
+          end
+
+          it "fetches first" do
+            Dummy.restrict!('!').first.should be_a_kind_of(Dummy)
+          end
+
+          it "fetches all" do
+            fetched = Dummy.restrict!('!').to_a
+
+            Dummy.count.should == 4
+            fetched.length.should == 4
+          end
+        end
+
+        context "paranoid", paranoid: true do
+          it "checks existence" do
+            Dummy.any?.should == true
+            Dummy.restrict!('!').any?.should == false
+          end
+
+          it "counts" do
+            Dummy.count.should == 4
+            Dummy.restrict!('!').count.should == 0
+          end
+
+          it "fetches first" do
+            Dummy.restrict!('!').first.should == nil
+          end
+
+          it "fetches all" do
+            fetched = Dummy.restrict!('!').to_a
+
+            Dummy.count.should == 4
+            fetched.length.should == 0
+          end
+        end
+      end
+
       context "with null relation" do
         it "checks existence" do
           Dummy.any?.should == true
@@ -95,10 +147,8 @@ if defined?(Sequel)
           Dummy.restrict!('-').count.should == 0
         end
 
-        context do
-          it "fetches first" do
-            Dummy.restrict!('-').first.should == nil
-          end
+        it "fetches first" do
+          Dummy.restrict!('-').first.should == nil
         end
 
         it "fetches all" do

data/spec/lib/dsl_spec.rb

@@ -58,19 +58,22 @@ describe Protector::DSL do
         @meta = Protector::DSL::Meta.new
 
         @meta << lambda {
-          scope { 'relation' }
+          can :view
         }
 
         @meta << lambda {|user|
-          user.should  == 'user'
+          scope { 'relation' } if user
+        }
+
+        @meta << lambda {|user|
+          user.should  == 'user' if user
 
-          can    :view
           cannot :view, %w(field5), :field4
         }
 
         @meta << lambda {|user, entry|
-          user.should  == 'user'
-          entry.should == 'entry'
+          user.should  == 'user' if user
+          entry.should == 'entry' if user
 
           can :update, %w(field1 field2 field3),
             field4: 0..5,
@@ -81,16 +84,30 @@ describe Protector::DSL do
       end
 
       it "evaluates" do
-        @meta.evaluate(nil, 'user', [], 'entry')
+        @meta.evaluate(nil, nil, 'user', [], 'entry')
+      end
+
+      context "adequate", paranoid: false do
+        it "sets scoped?" do
+          data = @meta.evaluate(nil, nil, nil, [], 'entry')
+          data.scoped?.should == false
+        end
+      end
+
+      context "paranoid", paranoid: true do
+        it "sets scoped?" do
+          data = @meta.evaluate(nil, nil, nil, [], 'entry')
+          data.scoped?.should == true
+        end
       end
 
       it "sets relation" do
-        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data = @meta.evaluate(nil, nil, 'user', [], 'entry')
         data.relation.should == 'relation'
       end
 
       it "sets access" do
-        data = @meta.evaluate(nil, 'user', %w(field1 field2 field3 field4 field5), 'entry')
+        data = @meta.evaluate(nil, nil, 'user', %w(field1 field2 field3 field4 field5), 'entry')
         data.access.should == {
           update: {
             "field1" => nil,
@@ -109,17 +126,17 @@ describe Protector::DSL do
       end
 
       it "marks destroyable" do
-        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data = @meta.evaluate(nil, nil, 'user', [], 'entry')
         data.destroyable?.should == true
       end
 
       it "marks updatable" do
-        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data = @meta.evaluate(nil, nil, 'user', [], 'entry')
         data.updatable?.should == true
       end
 
       it "marks creatable" do
-        data = @meta.evaluate(nil, 'user', [], 'entry')
+        data = @meta.evaluate(nil, nil, 'user', [], 'entry')
         data.creatable?.should == false
       end
     end
@@ -136,13 +153,13 @@ describe Protector::DSL do
       end
 
       it "sets field-level restriction" do
-        box = @meta.evaluate(nil, 'user', %w(field1 field2), 'entry')
+        box = @meta.evaluate(nil, nil, 'user', %w(field1 field2), 'entry')
         box.can?(:drink, :field1).should == true
         box.can?(:drink).should == true
       end
 
       it "sets field-level protection" do
-        box = @meta.evaluate(nil, 'user', %w(field1 field2), 'entry')
+        box = @meta.evaluate(nil, nil, 'user', %w(field1 field2), 'entry')
         box.can?(:eat, :field1).should == false
         box.can?(:eat).should == true
       end

data/spec/spec_helpers/boot.rb

@@ -4,6 +4,7 @@ require 'coveralls'
 Coveralls.wear! if Coveralls.should_run?
 
 require 'protector'
+require_relative 'contexts/paranoid'
 require_relative 'examples/model'
 
 RSpec.configure do |config|

data/spec/spec_helpers/contexts/paranoid.rb

@@ -0,0 +1,21 @@
+shared_context "paranoidal", paranoid: true do
+  before(:all) do
+    @paranoid_condition = Protector.paranoid
+    Protector.paranoid = true
+  end
+
+  after(:all) do
+    Protector.paranoid = @paranoid_condition
+  end
+end
+
+shared_context "adequate", paranoid: false do
+  before(:all) do
+    @paranoid_condition = Protector.paranoid
+    Protector.paranoid = false
+  end
+
+  after(:all) do
+    Protector.paranoid = @paranoid_condition
+  end
+end

data/spec/spec_helpers/examples/model.rb

@@ -35,8 +35,18 @@ shared_examples_for "a model" do
       Dummy.first.restrict!('-').visible?.should == false
     end
 
-    it "marks allowed" do
-      Dummy.first.restrict!('+').visible?.should == true
+    context "adequate", paranoid: false do
+      it "marks allowed" do
+        Dummy.first.restrict!('!').visible?.should == true
+        Dummy.first.restrict!('+').visible?.should == true
+      end
+    end
+
+    context "paranoid", paranoid: true do
+      it "marks allowed" do
+        Dummy.first.restrict!('!').visible?.should == false
+        Dummy.first.restrict!('+').visible?.should == true
+      end
     end
   end
 
@@ -343,21 +353,39 @@ shared_examples_for "a model" do
   #
   describe "association" do
     context "(has_many)" do
-      it "loads" do
-        Dummy.first.restrict!('!').fluffies.length.should == 2
-        Dummy.first.restrict!('+').fluffies.length.should == 1
-        Dummy.first.restrict!('-').fluffies.empty?.should == true
+      context "adequate", paranoid: false do
+        it "loads" do
+          Dummy.first.restrict!('!').fluffies.length.should == 2
+          Dummy.first.restrict!('+').fluffies.length.should == 1
+          Dummy.first.restrict!('-').fluffies.empty?.should == true
+        end
+      end
+      context "paranoid", paranoid: true do
+        it "loads" do
+          Dummy.first.restrict!('!').fluffies.empty?.should == true
+          Dummy.first.restrict!('+').fluffies.length.should == 1
+          Dummy.first.restrict!('-').fluffies.empty?.should == true
+        end
       end
     end
 
     context "(belongs_to)" do
-      it "passes subject" do
-        Fluffy.first.restrict!('!').dummy.protector_subject.should == '!'
+      context "adequate", paranoid: false do
+        it "passes subject" do
+          Fluffy.first.restrict!('!').dummy.protector_subject.should == '!'
+        end
+
+        it "loads" do
+          Fluffy.first.restrict!('!').dummy.should be_a_kind_of(Dummy)
+          Fluffy.first.restrict!('-').dummy.should == nil
+        end
       end
 
-      it "loads" do
-        Fluffy.first.restrict!('!').dummy.should be_a_kind_of(Dummy)
-        Fluffy.first.restrict!('-').dummy.should == nil
+      context "paranoid", paranoid: true do
+        it "loads" do
+          Fluffy.first.restrict!('!').dummy.should == nil
+          Fluffy.first.restrict!('-').dummy.should == nil
+        end
       end
     end
   end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.4.0
 platform: ruby
 authors:
 - Boris Staal
@@ -74,6 +74,7 @@ files:
 - lib/protector/adapters/sequel/eager_graph_loader.rb
 - lib/protector/adapters/sequel/model.rb
 - lib/protector/dsl.rb
+- lib/protector/engine.rb
 - lib/protector/version.rb
 - locales/en.yml
 - migrations/active_record.rb
@@ -88,6 +89,7 @@ files:
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb
+- spec/spec_helpers/contexts/paranoid.rb
 - spec/spec_helpers/examples/model.rb
 homepage: https://github.com/inossidabile/protector
 licenses:
@@ -121,4 +123,5 @@ test_files:
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb
+- spec/spec_helpers/contexts/paranoid.rb
 - spec/spec_helpers/examples/model.rb