protector 0.5.3 → 0.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 823427ab7061d2b26ab6835d3c4bbfd17abe6430
-  data.tar.gz: dfa3edc7c59fca658f81ef6f1d377890a6ac9c1a
+  metadata.gz: 4f2e7f8f389acbad91383ebfd69716fb4f47f9ff
+  data.tar.gz: c0afd232c22534c7e98b5147c460d84497d2079d
 SHA512:
-  metadata.gz: 4897c4ccea8d4b074158ba15b33395ec04522c067dc3a4c065366a6c8ceb81a1b9133c3862ed1625818c2f4d260107483f078277403b5375f09456d02f8e24d1
-  data.tar.gz: c9229df3995d7d6f71e0d71d638e6d1273ca165977badcdec63f643074a4598dbd370ae446c58cfa9f4df6bd418f7959c577cf19d1b1c7cd611764d062043557
+  metadata.gz: 513dc71a0f5555eacd2b6a70d03df9952803a6a2284cd7e3798d372550c3074169fb1bf8a4421944e97f791afa9454022c6bc0d7331e5fe56066959704dd8f9d
+  data.tar.gz: d7116a42ed32d2af53a90ed1e8a5db2c42a4431d9379875af5a58f4aa63aaaa90888f124553668f3223779d0fbe6b8d504c5b5081f4c05783c5e2daf5cad1f0b

data/.gitignore

@@ -4,6 +4,7 @@
 .config
 .yardoc
 Gemfile.lock
+gemfiles/
 InstalledFiles
 _yardoc
 coverage
@@ -15,4 +16,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
-spec/internal/log
+spec/internal/log

data/.travis.yml

@@ -1,6 +1,4 @@
-before_install:
-  - gem install bundler
 rvm:
   - 1.9.3
   - jruby-19mode
-  - 2.0.0
+  - 2.0.0

data/Gemfile

@@ -5,12 +5,12 @@ gem 'rake'
 gem 'colored'
 gem 'pry'
 gem 'rspec'
+gem 'simplecov', require: false
+gem 'simplecov-summary'
 
 gem 'appraisal'
 
 gem 'sqlite3', platform: :ruby
 gem 'jdbc-sqlite3', platform: :jruby, require: 'jdbc/sqlite3'
 
-gem 'coveralls', require: false
-
 gem 'ruby-prof', platform: :ruby

data/README.md

@@ -21,6 +21,7 @@ We are working hard to extend the list with:
 Protector is an extension and therefore hides deeply inside your ORM library making itself compatible to the most gems you use. Sometimes however, you might need additional integration to take the best from it:
 
   * [Protector and Strong Parameters](https://github.com/inossidabile/protector/wiki/Protector-and-Strong-Parameters)
+  * [Protector and CanCan](https://github.com/inossidabile/protector/wiki/Protector-and-CanCan)
   * [Protector and SimpleForm](https://github.com/inossidabile/protector/wiki/Protector-and-SimpleForm)
 
 ## Basics

data/lib/protector/adapters/active_record/base.rb

@@ -9,15 +9,20 @@ module Protector
           include Protector::DSL::Base
           include Protector::DSL::Entry
 
+          # We need this to make sure no ActiveRecord classes managed
+          # to cache db scheme and create corresponding methods since
+          # we want to modify the way they get created
           ObjectSpace.each_object(Class).each do |klass|
             klass.undefine_attribute_methods if klass < self
           end
 
           validate do
             return unless protector_subject?
-            if (new_record? && !creatable?) || (!new_record? && !updatable?)
-              errors[:base] << I18n.t('protector.invalid')
-            end
+
+            method = new_record? ? :first_uncreatable_field : :first_unupdatable_field
+            field  = protector_meta.send(method, protector_changed)
+
+            errors[:base] << I18n.t('protector.invalid', field: field) if field
           end
 
           before_destroy do
@@ -86,6 +91,11 @@ module Protector
           end
         end
 
+        # Gathers real changed values bypassing restrictions
+        def protector_changed
+          HashWithIndifferentAccess[changed.map{|field| [field, read_attribute(field)]}]
+        end
+
         # Storage for {Protector::DSL::Meta::Box}
         def protector_meta(subject=protector_subject)
           @protector_meta ||= self.class.protector_meta.evaluate(subject, self)
@@ -102,14 +112,12 @@ module Protector
 
         # Checks if current model can be created in the context of current subject
         def creatable?
-          fields = HashWithIndifferentAccess[changed.map{|field| [field, read_attribute(field)]}]
-          protector_meta.creatable?(fields)
+          protector_meta.creatable? protector_changed
         end
 
         # Checks if current model can be updated in the context of current subject
         def updatable?
-          fields = HashWithIndifferentAccess[changed.map{|field| [field, read_attribute(field)]}]
-          protector_meta.updatable?(fields)
+          protector_meta.updatable? protector_changed
         end
 
         # Checks if current model can be destroyed in the context of current subject

data/lib/protector/adapters/active_record/relation.rb

@@ -111,7 +111,7 @@ module Protector
           @records
         end
 
-        # Swaps `includes` with `preload` whether it's not referenced or merges
+        # Swaps `includes` with `preload` if it's not referenced or merges
         # security scope of proper class otherwise
         def protector_substitute_includes(subject, relation)
           if eager_loading?
@@ -124,15 +124,10 @@ module Protector
               if meta.scoped?
                 unscoped = klass.unscoped
 
-                # AR 4 has awfull inconsistency when it comes to method `all`
-                # We have to mimic base class behaviour for relation we get from `unscoped`
-                if Protector::Adapters::ActiveRecord.modern?
-                  class <<unscoped
-                    def all
-                      self
-                    end
-                  end
-                end
+                # `unscoped` gets us a relation but Protector scope is supposed
+                # to work with AR::Base. Some versions of AR have those uncompatible
+                # so we have to workaround it :(
+                unscoped.protector_mimic_base!
 
                 # Finally we merge unscoped basic relation extended with protection scope
                 relation = relation.merge unscoped.instance_eval(&meta.scope_proc)
@@ -146,6 +141,20 @@ module Protector
           relation
         end
 
+        # Makes instance of Relation duck-type compatible to AR::Base to allow proper
+        # protection block execution with itself
+        def protector_mimic_base!
+          return unless Protector::Adapters::ActiveRecord.modern?
+
+          class <<self
+            # AR 4 has awfull inconsistency when it comes to method `all`
+            # We have to mimic base class behaviour for relation we get from `unscoped`
+            def all
+              self
+            end
+          end
+        end
+
         # Indexes `includes` format by actual entity class
         #
         # Turns `{foo: :bar}` into `[[Foo, :foo], [Bar, {foo: :bar}]`

data/lib/protector/adapters/sequel/model.rb

@@ -31,6 +31,11 @@ module Protector
           end
         end
 
+        # Gathers real values of given fields bypassing restrictions
+        def protector_changed(fields)
+          HashWithIndifferentAccess[fields.map{|x| [x.to_s, @values[x]]}]
+        end
+
         # Storage for {Protector::DSL::Meta::Box}
         def protector_meta(subject=protector_subject)
           @protector_meta ||= self.class.protector_meta.evaluate(subject, self)
@@ -45,13 +50,12 @@ module Protector
         # Checks if current model can be created in the context of current subject
         def creatable?
           fields = HashWithIndifferentAccess[keys.map{|x| [x.to_s, @values[x]]}]
-          protector_meta.creatable?(fields)
+          protector_meta.creatable? protector_changed(keys)
         end
 
         # Checks if current model can be updated in the context of current subject
         def updatable?
-          fields = HashWithIndifferentAccess[changed_columns.map{|x| [x.to_s, @values[x]]}]
-          protector_meta.updatable?(fields)
+          protector_meta.updatable? protector_changed(changed_columns)
         end
 
         # Checks if current model can be destroyed in the context of current subject
@@ -65,10 +69,15 @@ module Protector
 
         # Basic security validations
         def validate
-          super
-          return unless protector_subject?
-          method = new? ? :creatable? : :updatable?
-          errors.add(:base, I18n.t('protector.invalid')) unless __send__(method)
+          super; return unless protector_subject?
+
+          field = if new?
+            protector_meta.first_uncreatable_field protector_changed(keys)
+          else
+            protector_meta.first_unupdatable_field protector_changed(changed_columns)
+          end
+
+          errors.add :base, I18n.t('protector.invalid', field: field) if field
         end
 
         # Destroy availability check

data/lib/protector/dsl.rb

@@ -159,11 +159,19 @@ module Protector
           modifiable? :create, fields
         end
 
+        def first_uncreatable_field(fields)
+          first_unmodifiable_field :create, fields
+        end
+
         # Checks whether you can update a model with given field in context of current subject
         def updatable?(fields=false)
           modifiable? :update, fields
         end
 
+        def first_unupdatable_field(fields)
+          first_unmodifiable_field :update, fields
+        end
+
         # Checks whether you can destroy a model in context of current subject
         def destroyable?
           @destroyable
@@ -181,23 +189,27 @@ module Protector
 
         private
 
-        def modifiable?(part, fields)
-          keys = @access[part].keys
-          return false unless keys.length > 0
-
-          if fields
-            return false if (fields.keys - keys).length > 0
-
-            fields.each do |k,v|
-              case x = @access[part][k]
-              when Range
-                return false unless x.include?(v)
-              when Proc
-                return false unless x.call(v)
-              end
+        def first_unmodifiable_field(part, fields)
+          diff = fields.keys - @access[part].keys
+          return diff.first if diff.length > 0
+
+          fields.each do |k,v|
+            case x = @access[part][k]
+            when Range
+              return k unless x.include?(v)
+            when Proc
+              return k unless x.call(v)
+            else
+              return k if x != nil && x != v
             end
           end
 
+          false
+        end
+
+        def modifiable?(part, fields)
+          return false unless @access[part].keys.length > 0
+          return false if fields && first_unmodifiable_field(part, fields)
           true
         end
       end

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.5.3"
+  VERSION = "0.5.4"
 end

data/locales/en.yml

@@ -1,3 +1,3 @@
 en:
   protector:
-    invalid: "Access denied"
+    invalid: "Access denied to '%{field}'"

data/spec/lib/adapters/active_record_spec.rb

@@ -12,8 +12,13 @@ if defined?(ActiveRecord)
 
         included do |klass|
           protect do |x|
-            scope{ where('1=0') } if x == '-'
-            scope{ where(klass.table_name => {number: 999}) } if x == '+' 
+            if x == '-'
+              scope{ where('1=0') } 
+            elsif x == '+'
+              scope{ where(klass.table_name => {number: 999}) }
+            elsif !Protector.config.paranoid && Protector::Adapters::ActiveRecord.modern?
+              scope { all }
+            end
 
             can :view, :dummy_id unless x == '-'
           end
@@ -54,6 +59,7 @@ if defined?(ActiveRecord)
     describe Protector::Adapters::ActiveRecord::Base do
       let(:dummy) do
         Class.new(ActiveRecord::Base) do
+          def self.model_name; ActiveModel::Name.new(self, nil, "dummy"); end
           self.table_name = "dummies"
           scope :none, where('1 = 0') unless respond_to?(:none)
         end

data/spec/lib/dsl_spec.rb

@@ -80,7 +80,8 @@ describe Protector::DSL do
           user.should  == 'user' if user
           entry.should == 'entry' if user
 
-          can :update, %w(field1 field2 field3),
+          can :update, %w(field1 field2),
+            field3: 1,
             field4: 0..5,
             field5: l
 
@@ -117,7 +118,7 @@ describe Protector::DSL do
           update: {
             "field1" => nil,
             "field2" => nil,
-            "field3" => nil,
+            "field3" => 1,
             "field4" => 0..5,
             "field5" => l
           },
@@ -140,10 +141,20 @@ describe Protector::DSL do
         data.updatable?.should == true
       end
 
+      it "gets first unupdatable field" do
+        data = @meta.evaluate('user', 'entry')
+        data.first_unupdatable_field('field1' => 1, 'field6' => 2, 'field7' => 3).should == 'field6'
+      end
+
       it "marks creatable" do
         data = @meta.evaluate('user', 'entry')
         data.creatable?.should == false
       end
+
+      it "gets first uncreatable field" do
+        data = @meta.evaluate('user', 'entry')
+        data.first_uncreatable_field('field1' => 1, 'field6' => 2).should == 'field1'
+      end
     end
 
     context "custom methods" do

data/spec/spec_helpers/adapters/active_record.rb

@@ -1,7 +1,7 @@
 RSpec::Matchers.define :invalidate do
   match do |actual|
     actual.save.should == false
-    actual.errors[:base].should == ["Access denied"]
+    actual.errors[:base][0].starts_with?("Access denied to").should == true
   end
 end
 

data/spec/spec_helpers/adapters/sequel.rb

@@ -2,7 +2,7 @@ RSpec::Matchers.define :invalidate do
   match do |actual|
     DB.transaction do
       expect{ actual.save }.to raise_error
-      actual.errors.on(:base).should == ["Access denied"]
+      actual.errors.on(:base)[0].starts_with?("Access denied to").should == true
       raise Sequel::Rollback
     end
 

data/spec/spec_helpers/boot.rb

@@ -1,9 +1,21 @@
-Bundler.require
+require 'simplecov'
+require 'simplecov-summary'
+
+SimpleCov.start do
+  command_name File.basename(ENV['BUNDLE_GEMFILE'], '.gemfile')
+
+  add_filter '/spec/'
+
+  add_group 'DSL',          'lib/protector/dsl.rb'
+  add_group 'Railtie',      'lib/protector/engine.rb'
+  add_group 'ActiveRecord', 'lib/protector/adapters/active_record'
+  add_group 'Sequel',       'lib/protector/adapters/sequel'
 
-require 'coveralls'
-Coveralls.wear! if Coveralls.should_run?
+  at_exit do; end
+end
+
+Bundler.require
 
-require 'protector'
 require_relative 'contexts/paranoid'
 require_relative 'examples/model'
 
@@ -12,6 +24,16 @@ RSpec.configure do |config|
   config.run_all_when_everything_filtered = true
   config.filter_run :focus
 
+  config.after(:suite) do
+    if SimpleCov.running
+      silence_stream(STDOUT) do
+        SimpleCov::Formatter::HTMLFormatter.new.format(SimpleCov.result)
+      end
+
+      SimpleCov::Formatter::SummaryFormatter.new.format(SimpleCov.result)
+    end
+  end
+
   # Run specs in random order to surface order dependencies. If you find an
   # order dependency and want to debug it, you can fix the order by providing
   # the seed, which is printed after each run.

data/spec/spec_helpers/examples/model.rb

@@ -101,13 +101,14 @@ shared_examples_for "a model" do
       end
 
       it "marks blocked" do
-        d = dummy.new(string: 'bam', number: 1)
-        d.restrict!('!').creatable?.should == false
+        d = dummy.new(string: 'bam', number: 1).restrict!('!')
+        d.creatable?.should == false
       end
 
       it "marks allowed" do
-        d = dummy.new(string: 'bam')
-        d.restrict!('!').creatable?.should == true
+        d = dummy.new(string: 'bam').restrict!('!')
+        $debug = true
+        d.creatable?.should == true
       end
 
       it "invalidates" do
@@ -180,6 +181,36 @@ shared_examples_for "a model" do
         d.should validate
       end
     end
+
+    context "by direct values" do
+      before(:each) do
+        dummy.instance_eval do
+          protect do
+            can :create, number: 5
+          end
+        end
+      end
+
+      it "marks blocked" do
+        d = dummy.new(number: 500)
+        d.restrict!('!').creatable?.should == false
+      end
+
+      it "marks allowed" do
+        d = dummy.new(number: 5)
+        d.restrict!('!').creatable?.should == true
+      end
+
+      it "invalidates" do
+        d = dummy.new(number: 500).restrict!('!')
+        d.should invalidate
+      end
+
+      it "validates" do
+        d = dummy.new(number: 5).restrict!('!')
+        d.should validate
+      end
+    end
   end
 
   #
@@ -307,6 +338,40 @@ shared_examples_for "a model" do
         d.should validate
       end
     end
+
+    context "by direct values" do
+      before(:each) do
+        dummy.instance_eval do
+          protect do
+            can :update, number: 5
+          end
+        end
+      end
+
+      it "marks blocked" do
+        d = dummy.first
+        assign!(d, number: 500)
+        d.restrict!('!').updatable?.should == false
+      end
+
+      it "marks allowed" do
+        d = dummy.first
+        assign!(d, number: 5)
+        d.restrict!('!').updatable?.should == true
+      end
+
+      it "invalidates" do
+        d = dummy.first.restrict!('!')
+        assign!(d, number: 500)
+        d.should invalidate
+      end
+
+      it "validates" do
+        d = dummy.first.restrict!('!')
+        assign!(d, number: 5)
+        d.should validate
+      end
+    end
   end
 
   #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.5.3
+  version: 0.5.4
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-14 00:00:00.000000000 Z
+date: 2013-07-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -55,18 +55,6 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- gemfiles/AR_3.2.gemfile
-- gemfiles/AR_3.2.gemfile.lock
-- gemfiles/AR_4.gemfile
-- gemfiles/AR_4.gemfile.lock
-- gemfiles/Mongoid.gemfile
-- gemfiles/Mongoid.gemfile.lock
-- gemfiles/Rails_3.2.gemfile
-- gemfiles/Rails_3.2.gemfile.lock
-- gemfiles/Rails_4.gemfile
-- gemfiles/Rails_4.gemfile.lock
-- gemfiles/Sequel.gemfile
-- gemfiles/Sequel.gemfile.lock
 - lib/protector.rb
 - lib/protector/adapters/active_record.rb
 - lib/protector/adapters/active_record/association.rb
@@ -119,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.2
+rubygems_version: 2.0.6
 signing_key: 
 specification_version: 4
 summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping

data/gemfiles/AR_3.2.gemfile

@@ -1,19 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rake"
-gem "colored"
-gem "pry"
-gem "rspec"
-gem "guard"
-gem "guard-rspec"
-gem "appraisal"
-gem "sqlite3", :platform=>:ruby
-gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
-gem "coveralls", :require=>false
-gem "ruby-prof", :platform=>:ruby
-gem "activerecord", "3.2.9", :require=>"active_record"
-gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
-
-gemspec :path=>"../"