protector 0.6.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d63379ae173d9c7829a3e9548f3485eb3e3368f2
4
- data.tar.gz: 200d5b81d2798dd500daec9437ebb552485f9d2d
3
+ metadata.gz: b0adb740ad6dcc0053fd159bf424ce0dac2092cf
4
+ data.tar.gz: 07969057659e1baa91b16806d25efc324389e7c8
5
5
  SHA512:
6
- metadata.gz: eea5ac34d35862cd89bf724bea5824c4ad17cf45e70fee381f0d156fc1319caf1d9853541ea912395f5b4801f73bd72c41864f3e806a3a1aaae65d1a7a6f88ea
7
- data.tar.gz: 6c889caf27a3cb6a22a4685bf9db971fdb9eab8d191580dca569112fec48627c38e53511d32448d990cb021b18a276cddb61968dac795a21552e03904afe494b
6
+ metadata.gz: 5d40755015122eef231bbe2b755db8440e6e6a38fdf51c82fc1a5d81e629012ff876c3e921b90d4c4a13b6667ad95050b63d3b79cf5207bb1e6767f24f4ef87c
7
+ data.tar.gz: abef904c2b38cbc1a40b5de0c6bb28e56c14db83cd3fd8e631b9a94d0ececa78356abd93f3e1e4b2651cb019a6f8bac1257e5415324a118d97dd8c323a122b2e
@@ -10,6 +10,8 @@ module Protector
10
10
 
11
11
  alias_method_chain :exec_queries, :protector
12
12
  alias_method_chain :new, :protector
13
+ alias_method_chain :create, :protector
14
+ alias_method_chain :create!, :protector
13
15
 
14
16
  # AR 3.2 workaround. Come on, guys... SQL parsing :(
15
17
  unless method_defined?(:references_values)
@@ -81,6 +83,24 @@ module Protector
81
83
  new_without_protector(*args, &block).restrict!(protector_subject)
82
84
  end
83
85
 
86
+ def create_with_protector(*args, &block)
87
+ return create_without_protector(*args, &block) unless protector_subject?
88
+
89
+ create_without_protector(*args) do |instance|
90
+ instance.restrict!(protector_subject)
91
+ block.call(instance) if block
92
+ end
93
+ end
94
+
95
+ def create_with_protector!(*args, &block)
96
+ return create_without_protector!(*args, &block) unless protector_subject?
97
+
98
+ create_without_protector!(*args) do |instance|
99
+ instance.restrict!(protector_subject)
100
+ block.call(instance) if block
101
+ end
102
+ end
103
+
84
104
  # Patches current relation to fulfill restriction and call real `exec_queries`
85
105
  #
86
106
  # Patching includes:
@@ -114,8 +134,8 @@ module Protector
114
134
  # Swaps `includes` with `preload` if it's not referenced or merges
115
135
  # security scope of proper class otherwise
116
136
  def protector_substitute_includes(subject, relation)
117
- if eager_loading?
118
- protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
137
+ if relation.eager_loading?
138
+ protector_expand_inclusion(relation.includes_values + relation.eager_load_values).each do |klass, path|
119
139
  # AR drops default_scope for eagerly loadable associations
120
140
  # https://github.com/inossidabile/protector/issues/3
121
141
  # and so should we
@@ -1,4 +1,4 @@
1
1
  module Protector
2
2
  # Gem version
3
- VERSION = "0.6.0"
3
+ VERSION = "0.6.1"
4
4
  end
@@ -76,6 +76,24 @@ if defined?(ActiveRecord)
76
76
  end
77
77
 
78
78
  it_behaves_like "a model"
79
+
80
+ it "validates on create" do
81
+ dummy.instance_eval do
82
+ protect do; end
83
+ end
84
+
85
+ instance = dummy.restrict!('!').create(string: 'test')
86
+ instance.errors[:base].should == ["Access denied to 'string'"]
87
+ instance.delete
88
+ end
89
+
90
+ it "validates on create!" do
91
+ dummy.instance_eval do
92
+ protect do; end
93
+ end
94
+
95
+ expect { dummy.restrict!('!').create!(string: 'test').delete }.to raise_error
96
+ end
79
97
  end
80
98
 
81
99
  #
@@ -229,6 +247,25 @@ if defined?(ActiveRecord)
229
247
  end
230
248
  end
231
249
  end
250
+
251
+ context "complicated features" do
252
+ # https://github.com/inossidabile/protector/commit/7ce072aa2074e0f3b48e293b952810f720bc143d
253
+ it "handles scopes with includes" do
254
+ fluffy = Class.new(ActiveRecord::Base) do
255
+ def self.name; 'Fluffy'; end
256
+ def self.model_name; ActiveModel::Name.new(self, nil, "fluffy"); end
257
+ self.table_name = "fluffies"
258
+ scope :none, where('1 = 0') unless respond_to?(:none)
259
+ belongs_to :dummy, class_name: 'Dummy'
260
+
261
+ protect do
262
+ scope { includes(:dummy).where(dummies: {id: 1}) }
263
+ end
264
+ end
265
+
266
+ expect { fluffy.restrict!('!').to_a }.to_not raise_error
267
+ end
268
+ end
232
269
  end
233
270
  end
234
271
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: protector
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Boris Staal
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2013-08-26 00:00:00.000000000 Z
11
+ date: 2013-08-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport