protector 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b0adb740ad6dcc0053fd159bf424ce0dac2092cf
|
|
4
|
+
data.tar.gz: 07969057659e1baa91b16806d25efc324389e7c8
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5d40755015122eef231bbe2b755db8440e6e6a38fdf51c82fc1a5d81e629012ff876c3e921b90d4c4a13b6667ad95050b63d3b79cf5207bb1e6767f24f4ef87c
|
|
7
|
+
data.tar.gz: abef904c2b38cbc1a40b5de0c6bb28e56c14db83cd3fd8e631b9a94d0ececa78356abd93f3e1e4b2651cb019a6f8bac1257e5415324a118d97dd8c323a122b2e
|
|
@@ -10,6 +10,8 @@ module Protector
|
|
|
10
10
|
|
|
11
11
|
alias_method_chain :exec_queries, :protector
|
|
12
12
|
alias_method_chain :new, :protector
|
|
13
|
+
alias_method_chain :create, :protector
|
|
14
|
+
alias_method_chain :create!, :protector
|
|
13
15
|
|
|
14
16
|
# AR 3.2 workaround. Come on, guys... SQL parsing :(
|
|
15
17
|
unless method_defined?(:references_values)
|
|
@@ -81,6 +83,24 @@ module Protector
|
|
|
81
83
|
new_without_protector(*args, &block).restrict!(protector_subject)
|
|
82
84
|
end
|
|
83
85
|
|
|
86
|
+
def create_with_protector(*args, &block)
|
|
87
|
+
return create_without_protector(*args, &block) unless protector_subject?
|
|
88
|
+
|
|
89
|
+
create_without_protector(*args) do |instance|
|
|
90
|
+
instance.restrict!(protector_subject)
|
|
91
|
+
block.call(instance) if block
|
|
92
|
+
end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def create_with_protector!(*args, &block)
|
|
96
|
+
return create_without_protector!(*args, &block) unless protector_subject?
|
|
97
|
+
|
|
98
|
+
create_without_protector!(*args) do |instance|
|
|
99
|
+
instance.restrict!(protector_subject)
|
|
100
|
+
block.call(instance) if block
|
|
101
|
+
end
|
|
102
|
+
end
|
|
103
|
+
|
|
84
104
|
# Patches current relation to fulfill restriction and call real `exec_queries`
|
|
85
105
|
#
|
|
86
106
|
# Patching includes:
|
|
@@ -114,8 +134,8 @@ module Protector
|
|
|
114
134
|
# Swaps `includes` with `preload` if it's not referenced or merges
|
|
115
135
|
# security scope of proper class otherwise
|
|
116
136
|
def protector_substitute_includes(subject, relation)
|
|
117
|
-
if eager_loading?
|
|
118
|
-
protector_expand_inclusion(includes_values + eager_load_values).each do |klass, path|
|
|
137
|
+
if relation.eager_loading?
|
|
138
|
+
protector_expand_inclusion(relation.includes_values + relation.eager_load_values).each do |klass, path|
|
|
119
139
|
# AR drops default_scope for eagerly loadable associations
|
|
120
140
|
# https://github.com/inossidabile/protector/issues/3
|
|
121
141
|
# and so should we
|
data/lib/protector/version.rb
CHANGED
|
@@ -76,6 +76,24 @@ if defined?(ActiveRecord)
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
it_behaves_like "a model"
|
|
79
|
+
|
|
80
|
+
it "validates on create" do
|
|
81
|
+
dummy.instance_eval do
|
|
82
|
+
protect do; end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
instance = dummy.restrict!('!').create(string: 'test')
|
|
86
|
+
instance.errors[:base].should == ["Access denied to 'string'"]
|
|
87
|
+
instance.delete
|
|
88
|
+
end
|
|
89
|
+
|
|
90
|
+
it "validates on create!" do
|
|
91
|
+
dummy.instance_eval do
|
|
92
|
+
protect do; end
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
expect { dummy.restrict!('!').create!(string: 'test').delete }.to raise_error
|
|
96
|
+
end
|
|
79
97
|
end
|
|
80
98
|
|
|
81
99
|
#
|
|
@@ -229,6 +247,25 @@ if defined?(ActiveRecord)
|
|
|
229
247
|
end
|
|
230
248
|
end
|
|
231
249
|
end
|
|
250
|
+
|
|
251
|
+
context "complicated features" do
|
|
252
|
+
# https://github.com/inossidabile/protector/commit/7ce072aa2074e0f3b48e293b952810f720bc143d
|
|
253
|
+
it "handles scopes with includes" do
|
|
254
|
+
fluffy = Class.new(ActiveRecord::Base) do
|
|
255
|
+
def self.name; 'Fluffy'; end
|
|
256
|
+
def self.model_name; ActiveModel::Name.new(self, nil, "fluffy"); end
|
|
257
|
+
self.table_name = "fluffies"
|
|
258
|
+
scope :none, where('1 = 0') unless respond_to?(:none)
|
|
259
|
+
belongs_to :dummy, class_name: 'Dummy'
|
|
260
|
+
|
|
261
|
+
protect do
|
|
262
|
+
scope { includes(:dummy).where(dummies: {id: 1}) }
|
|
263
|
+
end
|
|
264
|
+
end
|
|
265
|
+
|
|
266
|
+
expect { fluffy.restrict!('!').to_a }.to_not raise_error
|
|
267
|
+
end
|
|
268
|
+
end
|
|
232
269
|
end
|
|
233
270
|
end
|
|
234
271
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: protector
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Boris Staal
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-08-
|
|
11
|
+
date: 2013-08-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|