protector 0.5.4 → 0.5.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +8 -8
- data/lib/protector/adapters/active_record/base.rb +2 -4
- data/lib/protector/adapters/sequel/model.rb +2 -4
- data/lib/protector/dsl.rb +9 -7
- data/lib/protector/version.rb +1 -1
- data/migrations/active_record.rb +3 -0
- data/migrations/sequel.rb +3 -0
- data/spec/lib/dsl_spec.rb +3 -3
- data/spec/spec_helpers/examples/model.rb +8 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ce979a4af923d6268b9a931f6ef02c41a907f482
|
4
|
+
data.tar.gz: 4eeb250b2363f4cb0c00187a4f33bcdc0204c9a1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d790737a8c94f9c562f160b557a9d40b6e2503a9bf37a30b4a904df25cf1600dd4e0fe28b9c6b246a907e6cf495784abed60b4c7b64fb168660b3abaa6d4bbe2
|
7
|
+
data.tar.gz: 92cf86b82aaed28a4a1ea10be9a97c4fdb28b6d142758f4153564ae4e035e4059a99840a3b37477dec0e9a2eaffff1b8fdcc5e1fd2e5b18d22e5d70ad8fb3a25
|
data/README.md
CHANGED
@@ -36,7 +36,14 @@ This example is based on ActiveRecord but the code is mostly identical for any s
|
|
36
36
|
class Article < ActiveRecord::Base # Fields: title, text, user_id, hidden
|
37
37
|
protect do |user| # `user` is a context of security
|
38
38
|
|
39
|
-
|
39
|
+
if user.admin?
|
40
|
+
scope { all } # Admins can retrieve anything
|
41
|
+
|
42
|
+
can :view # ... and view anything
|
43
|
+
can :create # ... and create anything
|
44
|
+
can :update # ... and update anything
|
45
|
+
can :destroy # ... and they can delete
|
46
|
+
else
|
40
47
|
scope { where(hidden: false) } # Non-admins can only read insecure data
|
41
48
|
|
42
49
|
can :view # Allow to read any field
|
@@ -50,13 +57,6 @@ class Article < ActiveRecord::Base # Fields: title, text, user_id, hidd
|
|
50
57
|
}
|
51
58
|
|
52
59
|
# In this setup non-admins can not destroy or update existing records.
|
53
|
-
else
|
54
|
-
scope { all } # Admins can retrieve anything
|
55
|
-
|
56
|
-
can :view # ... and view anything
|
57
|
-
can :create # ... and create anything
|
58
|
-
can :update # ... and update anything
|
59
|
-
can :destroy # ... and they can delete
|
60
60
|
end
|
61
61
|
end
|
62
62
|
end
|
@@ -63,11 +63,9 @@ module Protector
|
|
63
63
|
module ClassMethods
|
64
64
|
# Storage of {Protector::DSL::Meta}
|
65
65
|
def protector_meta
|
66
|
-
@protector_meta ||= Protector::DSL::Meta.new(
|
67
|
-
Protector::Adapters::ActiveRecord,
|
68
|
-
self,
|
66
|
+
@protector_meta ||= Protector::DSL::Meta.new(Protector::Adapters::ActiveRecord, self) do
|
69
67
|
self.column_names
|
70
|
-
|
68
|
+
end
|
71
69
|
end
|
72
70
|
|
73
71
|
# Wraps every `.field` method with a check against {Protector::DSL::Meta::Box#readable?}
|
@@ -18,11 +18,9 @@ module Protector
|
|
18
18
|
module ClassMethods
|
19
19
|
# Storage of {Protector::DSL::Meta}
|
20
20
|
def protector_meta
|
21
|
-
@protector_meta ||= Protector::DSL::Meta.new(
|
22
|
-
Protector::Adapters::Sequel,
|
23
|
-
self,
|
21
|
+
@protector_meta ||= Protector::DSL::Meta.new(Protector::Adapters::Sequel, self) do
|
24
22
|
self.columns
|
25
|
-
|
23
|
+
end
|
26
24
|
end
|
27
25
|
|
28
26
|
# Gets default restricted `Dataset`
|
data/lib/protector/dsl.rb
CHANGED
@@ -214,10 +214,14 @@ module Protector
|
|
214
214
|
end
|
215
215
|
end
|
216
216
|
|
217
|
-
def initialize(adapter, model,
|
218
|
-
@adapter
|
219
|
-
@model
|
220
|
-
@
|
217
|
+
def initialize(adapter, model, &fields_proc)
|
218
|
+
@adapter = adapter
|
219
|
+
@model = model
|
220
|
+
@fields_proc = fields_proc
|
221
|
+
end
|
222
|
+
|
223
|
+
def fields
|
224
|
+
@fields ||= @fields_proc.call
|
221
225
|
end
|
222
226
|
|
223
227
|
# Storage for `protect` blocks
|
@@ -232,12 +236,10 @@ module Protector
|
|
232
236
|
|
233
237
|
# Calculate protection at the context of subject
|
234
238
|
#
|
235
|
-
# @param model [Class] The class of protected entity
|
236
239
|
# @param subject [Object] Restriction subject
|
237
|
-
# @param fields [Array<String>] All the fields the model has
|
238
240
|
# @param entry [Object] An instance of the model
|
239
241
|
def evaluate(subject, entry=nil)
|
240
|
-
Box.new(@adapter, @model,
|
242
|
+
Box.new(@adapter, @model, fields, subject, entry, blocks)
|
241
243
|
end
|
242
244
|
end
|
243
245
|
|
data/lib/protector/version.rb
CHANGED
data/migrations/active_record.rb
CHANGED
data/migrations/sequel.rb
CHANGED
data/spec/lib/dsl_spec.rb
CHANGED
@@ -42,7 +42,7 @@ describe Protector::DSL do
|
|
42
42
|
include Protector::DSL::Entry
|
43
43
|
|
44
44
|
def self.protector_meta
|
45
|
-
@protector_meta ||= Protector::DSL::Meta.new
|
45
|
+
@protector_meta ||= Protector::DSL::Meta.new(nil, nil){[]}
|
46
46
|
end
|
47
47
|
end
|
48
48
|
end
|
@@ -61,7 +61,7 @@ describe Protector::DSL do
|
|
61
61
|
l = lambda {|x| x > 4 }
|
62
62
|
|
63
63
|
before :each do
|
64
|
-
@meta = Protector::DSL::Meta.new
|
64
|
+
@meta = Protector::DSL::Meta.new(nil, nil){%w(field1 field2 field3 field4 field5)}
|
65
65
|
@meta << lambda {
|
66
66
|
can :view
|
67
67
|
}
|
@@ -159,7 +159,7 @@ describe Protector::DSL do
|
|
159
159
|
|
160
160
|
context "custom methods" do
|
161
161
|
before :each do
|
162
|
-
@meta = Protector::DSL::Meta.new
|
162
|
+
@meta = Protector::DSL::Meta.new(nil, nil){%w(field1 field2)}
|
163
163
|
|
164
164
|
@meta << lambda {
|
165
165
|
can :drink, :field1
|
@@ -30,6 +30,14 @@ shared_examples_for "a model" do
|
|
30
30
|
d.instance_variable_get('@protector_meta').should == nil
|
31
31
|
end
|
32
32
|
|
33
|
+
it "doesn't get stuck with non-existing tables" do
|
34
|
+
Rumba.class_eval do
|
35
|
+
protect do
|
36
|
+
can
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
33
41
|
describe "visibility" do
|
34
42
|
it "marks blocked" do
|
35
43
|
Dummy.first.restrict!('-').visible?.should == false
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: protector
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.5.
|
4
|
+
version: 0.5.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Boris Staal
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2013-
|
11
|
+
date: 2013-08-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|