protector 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 70b9f27e548ca491e3d9e72033d82ccc6c1ef9a6
-  data.tar.gz: 174de9ede88655d225d7281e2d633cfd9c113cd4
+  metadata.gz: 4d35910dd47bbaec6c4fa77c49edb1643b7ab614
+  data.tar.gz: 6d7e0b11f3c750004281dc432372d8e6e9b01cad
 SHA512:
-  metadata.gz: 7f86cb799de05ecb102b5c413492024be29a3d5b27a40e479c7e94e9afcfc7d47f8203e4e62d99f9ed406fa2943880acca7f79449341f3a6fc8ac480b8e59b59
-  data.tar.gz: 4864da9f17564ee319ed2faa7891a7a5e30f336bd7a9966ffda20aeae96337e02148ebf196bd0f504ad14f4487ff84b3ede8e7580a8e6f1ac045779ba33176c8
+  metadata.gz: 41f684019bb41d363579165474abfc9b280bd9bbaad66bd034b4735fe1a1acb8404941dd9d3f269969e44945fa42b612bb393b508f3be2ed147b8a9878830e58
+  data.tar.gz: 2cbf62c1a0da1f6ae6e15d97677cd5594641bcda24987460648625fdad83a163fdf5f0c6e7c35b2041bbdef65ea3ec040a49fd01f4cc4ddfc1b9e7acd56e24c9

data/.yardopts

@@ -0,0 +1 @@
+--markup=markdown

data/Gemfile

@@ -2,6 +2,7 @@ source 'https://rubygems.org'
 gemspec
 
 gem 'rake'
+gem 'colored'
 gem 'pry'
 gem 'rspec'
 gem 'guard'

data/README.md

@@ -111,6 +111,8 @@ Protector is aware of associations. All the associations retrieved from restrict
 
 The access to `belongs_to` kind of association depends on corresponding foreign key readability.
 
+Remember however that auto-restriction is only enabled for reading. Passing a model (or an array of those) to an association will not auto-restrict it. You should handle it manually.
+
 ## Eager Loading
 
 To take a long story short: it works and you are very likely to never notice changes it introduces to the process.

data/Rakefile

@@ -11,3 +11,16 @@ desc 'Test the plugin under all supported Rails versions.'
 task :all => ["appraisal:install"] do |t|
   exec('rake appraisal spec')
 end
+
+task :perf do
+  require 'protector'
+
+  Bundler.require
+
+  %w(ActiveRecord DataMapper Mongoid Sequel).each do |a|
+    if (a.constantize rescue nil)
+      load "perf/perf_helpers/boot.rb"
+      Perf.load a.underscore
+    end
+  end
+end

data/gemfiles/AR_3.2.gemfile

@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "rake"
+gem "colored"
 gem "pry"
 gem "rspec"
 gem "guard"

data/gemfiles/AR_3.2.gemfile.lock

@@ -30,6 +30,7 @@ GEM
     arel (3.0.2)
     builder (3.0.4)
     coderay (1.0.9)
+    colored (1.2)
     diff-lcs (1.2.4)
     ffi (1.8.1)
     formatador (0.2.4)
@@ -80,6 +81,7 @@ DEPENDENCIES
   activerecord (= 3.2.9)
   activerecord-jdbcsqlite3-adapter!
   appraisal
+  colored
   guard
   guard-rspec
   jdbc-sqlite3

data/gemfiles/AR_4.gemfile

@@ -3,6 +3,7 @@
 source "https://rubygems.org"
 
 gem "rake"
+gem "colored"
 gem "pry"
 gem "rspec"
 gem "guard"

data/gemfiles/AR_4.gemfile.lock

@@ -40,6 +40,7 @@ GEM
     atomic (1.1.9-java)
     builder (3.1.4)
     coderay (1.0.9)
+    colored (1.2)
     diff-lcs (1.2.4)
     ffi (1.8.1)
     ffi (1.8.1-java)
@@ -103,6 +104,7 @@ DEPENDENCIES
   activerecord (= 4.0.0.rc1)
   activerecord-jdbcsqlite3-adapter!
   appraisal
+  colored
   guard
   guard-rspec
   jdbc-sqlite3

data/lib/protector/adapters/active_record.rb

@@ -5,7 +5,9 @@ require 'protector/adapters/active_record/preloader'
 
 module Protector
   module Adapters
+    # ActiveRecord adapter
     module ActiveRecord
+      # YIP YIP! Monkey-Patch the ActiveRecord.
       def self.activate!
         ::ActiveRecord::Base.send :include, Protector::Adapters::ActiveRecord::Base
         ::ActiveRecord::Relation.send :include, Protector::Adapters::ActiveRecord::Relation

data/lib/protector/adapters/active_record/association.rb

@@ -1,10 +1,12 @@
 module Protector
   module Adapters
     module ActiveRecord
+      # Patches `ActiveRecord::Associations::SingularAssociation` and `ActiveRecord::Associations::CollectionAssociation`
       module Association
         extend ActiveSupport::Concern
 
         included do
+          # AR 4 has renamed `scoped` to `scope`
           if method_defined?(:scope)
             alias_method_chain :scope, :protector
           else
@@ -13,6 +15,7 @@ module Protector
           end
         end
 
+        # Wraps every association with current subject
         def scope_with_protector(*args)
           scope_without_protector(*args).restrict!(owner.protector_subject)
         end

data/lib/protector/adapters/active_record/base.rb

@@ -1,6 +1,7 @@
 module Protector
   module Adapters
     module ActiveRecord
+      # Pathces `ActiveRecord::Base`
       module Base
         extend ActiveSupport::Concern
 
@@ -8,6 +9,10 @@ module Protector
           include Protector::DSL::Base
           include Protector::DSL::Entry
 
+          ObjectSpace.each_object(Class).each do |c|
+            c.undefine_attribute_methods if c < self
+          end
+
           validate(on: :create) do
             return unless @protector_subject
             errors[:base] << I18n.t('protector.invalid') unless creatable?
@@ -23,6 +28,12 @@ module Protector
             destroyable?
           end
 
+          # Drops {Protector::DSL::Meta::Box} cache when subject changes
+          def restrict!(*args)
+            @protector_meta = nil
+            super
+          end
+
           if Gem::Version.new(::ActiveRecord::VERSION::STRING) < Gem::Version.new('4.0.0.rc1')
             def self.restrict!(subject)
               scoped.restrict!(subject)
@@ -43,6 +54,7 @@ module Protector
         end
 
         module ClassMethods
+          # Wraps every `.field` method with a check against {Protector::DSL::Meta::Box#readable?}
           def define_method_attribute(name)
             super
 
@@ -63,12 +75,13 @@ module Protector
           end
         end
 
+        # Storage for {Protector::DSL::Meta::Box}
         def protector_meta
           unless @protector_subject
             raise "Unprotected entity detected: use `restrict` method to protect it."
           end
 
-          self.class.protector_meta.evaluate(
+          @protector_meta ||= self.class.protector_meta.evaluate(
             self.class,
             @protector_subject,
             self.class.column_names,
@@ -76,22 +89,26 @@ module Protector
           )
         end
 
+        # Checks if current model can be selected in the context of current subject
         def visible?
           protector_meta.relation.where(
             self.class.primary_key => id
           ).any?
         end
 
+        # Checks if current model can be created in the context of current subject
         def creatable?
           fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
           protector_meta.creatable?(fields)
         end
 
+        # Checks if current model can be updated in the context of current subject
         def updatable?
           fields = HashWithIndifferentAccess[changed.map{|x| [x, read_attribute(x)]}]
           protector_meta.updatable?(fields)
         end
 
+        # Checks if current model can be destroyed in the context of current subject
         def destroyable?
           protector_meta.destroyable?
         end

data/lib/protector/adapters/active_record/preloader.rb

@@ -1,10 +1,13 @@
 module Protector
   module Adapters
     module ActiveRecord
+      # Patches `ActiveRecord::Associations::Preloader`
       module Preloader extend ActiveSupport::Concern
 
+        # Patches `ActiveRecord::Associations::Preloader::Association`
         module Association extend ActiveSupport::Concern
           included do
+            # AR 4 has renamed `scoped` to `scope`
             if method_defined?(:scope)
               alias_method_chain :scope, :protector
             else
@@ -13,12 +16,14 @@ module Protector
             end
           end
 
+          # Gets current subject of preloading association
           def protector_subject
             # Owners are always loaded from the single source
             # having same protector_subject
             owners.first.protector_subject
           end
 
+          # Restricts preloading association scope with subject of the owner
           def scope_with_protector(*args)
             return scope_without_protector unless protector_subject
 

data/lib/protector/adapters/active_record/relation.rb

@@ -1,6 +1,8 @@
 module Protector
   module Adapters
     module ActiveRecord
+      
+      # Pathces `ActiveRecord::Relation`
       module Relation
         extend ActiveSupport::Concern
 
@@ -27,34 +29,47 @@ module Protector
           end
         end
 
+        # Gets {Protector::DSL::Meta::Box} of this relation
         def protector_meta
           # We don't seem to require columns here as well
           # @klass.protector_meta.evaluate(@klass, @protector_subject, @klass.column_names)
           @klass.protector_meta.evaluate(@klass, @protector_subject)
         end
 
+        # @note Unscoped relation drops properties and therefore should be re-restricted
         def unscoped
           super.restrict!(@protector_subject)
         end
 
+        # @note This is here cause `NullRelation` can return `nil` from `count`
         def count(*args)
           super || 0
         end
 
+        # @note This is here cause `NullRelation` can return `nil` from `sum`
         def sum(*args)
           super || 0
         end
 
+        # Merges current relation with restriction and calls real `calculate`
         def calculate(*args)
           return super unless @protector_subject
           merge(protector_meta.relation).unrestrict!.calculate *args
         end
 
+        # Merges current relation with restriction and calls real `exists?`
         def exists?(*args)
           return super unless @protector_subject
           merge(protector_meta.relation).unrestrict!.exists? *args
         end
 
+        # Patches current relation to fulfill restriction and call real `exec_queries`
+        #
+        # Patching includes:
+        #
+        # * turning `includes` into `preload`
+        # * delaying built-in preloading to the stage where selection is restricted
+        # * merging current relation with restriction
         def exec_queries_with_protector(*args)
           return exec_queries_without_protector unless @protector_subject
 
@@ -82,20 +97,18 @@ module Protector
           @records
         end
 
-        #
-        # This method swaps `includes` with `preload` and adds JOINs
-        # to any table referenced from `where` (or manually with `reference`)
-        #
+        # Swaps `includes` with `preload` and adds JOINs to any table referenced
+        # from `where` (or manually with `reference`)
         def protector_substitute_includes(relation)
           subject = @protector_subject
+
+          # Note that `includes_values` shares reference across relation diffs so
+          # it can not be modified safely and should be copied instead
           includes, relation.includes_values = relation.includes_values, []
 
           # We can not allow join-based eager loading for scoped associations
           # since actual filtering can differ for host model and joined relation.
           # Therefore we turn all `includes` into `preloads`.
-          # 
-          # Note that `includes_values` shares reference across relation diffs so
-          # it has to be COPIED not modified
           includes.each do |iv|
             protector_expand_include(iv).each do |ive|
               # First-level associations can stay JOINed if restriction scope
@@ -126,10 +139,22 @@ module Protector
           relation
         end
 
-        #
+        # Checks whether current object can be eager loaded respecting
+        # protector flags
+        def eager_loading_with_protector?
+          flag = eager_loading_without_protector?
+          flag &&= !!@eager_loadable_when_protected unless @eager_loadable_when_protected.nil?
+          flag
+        end
+
         # Indexes `includes` format by actual entity class
-        # Turns {foo: :bar} into [[Foo, :foo], [Bar, {foo: :bar}]
         #
+        # Turns `{foo: :bar}` into `[[Foo, :foo], [Bar, {foo: :bar}]`
+        #
+        # @param [Symbol, Array, Hash] inclusion        Inclusion description in the AR format
+        # @param [Array] results                        Resulting set
+        # @param [Array] base                           Association path ([:foo, :bar])
+        # @param [Class] klass                          Base class
         def protector_expand_include(inclusion, results=[], base=[], klass=@klass)
           if inclusion.is_a?(Hash)
             protector_expand_include_hash(inclusion, results, base, klass)
@@ -149,18 +174,21 @@ module Protector
           results
         end
 
+      private
+
         def protector_expand_include_hash(inclusion, results=[], base=[], klass=@klass)
           inclusion.each do |key, value|
             model = klass.reflect_on_association(key.to_sym).klass
             value = [value] unless value.is_a?(Array)
+            nest  = [key]+base
 
             value.each do |v|
               if v.is_a?(Hash)
-                protector_expand_include_hash(v, results, [key]+base)
+                protector_expand_include_hash(v, results, nest)
               else
                 results << [
                   model.reflect_on_association(v.to_sym).klass,
-                  ([key]+base).inject(v){|a, n| { n => a } }
+                  nest.inject(v){|a, n| { n => a } }
                 ]
               end
             end
@@ -168,12 +196,6 @@ module Protector
             results << [model, base.inject(key){|a, n| { n => a } }]
           end
         end
-
-        def eager_loading_with_protector?
-          flag = eager_loading_without_protector?
-          flag &&= !!@eager_loadable_when_protected unless @eager_loadable_when_protected.nil?
-          flag
-        end
       end
     end
   end

data/lib/protector/dsl.rb

@@ -3,16 +3,19 @@ module Protector
     # DSL meta storage and evaluator
     class Meta
 
-      # Evaluation result moved out of Meta to make it thread-safe
-      # and incapsulate better
+      # Single DSL evaluation result
       class Box
         attr_accessor :access, :relation, :destroyable
 
+        # @param model [Class]              The class of protected entity
+        # @param fields [Array<String>]     All the fields the model has
+        # @param subject [Object]           Restriction subject
+        # @param entry [Object]             An instance of the model
+        # @param blocks [Array<Proc>]       An array of `protect` blocks
         def initialize(model, fields, subject, entry, blocks)
           @model       = model
           @fields      = fields
-          @access      = {update: {}, view: {}, create: {}}.with_indifferent_access
-          @access_keys = {}.with_indifferent_access
+          @access      = {update: {}, view: {}, create: {}}
           @relation    = false
           @destroyable = false
 
@@ -26,37 +29,86 @@ module Protector
               instance_exec &b
             end
           end
-
-          @access.each{|k,v| @access_keys[k] = v.keys}
         end
 
+        # Checks whether protection with given subject
+        # has the selection scope defined
         def scoped?
           !!@relation
         end
 
+        # @group Protection DSL
+
+        # Activates the scope that selections will
+        # be filtered with
+        #
+        # @yield Calls given model methods before the selection
+        #
+        # @example
+        #   protect do
+        #     # You can select nothing!
+        #     scope { none }
+        #   end
         def scope(&block)
           @relation = @model.instance_eval(&block)
         end
 
+        # Enables action for given fields.
+        #
+        # Built-in possible actions are: `:view`, `:update`, `:create`.
+        # You can pass any other actions you want to use with {#can?} afterwards.
+        #
+        # **The method enables action for every field if `fields` splat is empty.**
+        # Use {#cannot} to exclude some of them afterwards.
+        #
+        # The list of fields can be given as a Hash. In this form you can pass `Range`
+        # or `Proc` as a value. First will make Protector check against value inclusion.
+        # The latter will make it evaluate given lambda (which is supposed to return true or false
+        # determining if the value should validate or not).
+        #
+        # @param action [Symbol]                Action to allow
+        # @param fields [String, Hash, Array]   Splat of fields to allow action with
+        #
+        # @see #can?
+        #
+        # @example
+        #   protect do
+        #     can :view               # Can view any field
+        #     can :view, 'f1'         # Can view `f1` field
+        #     can :view, %w(f2 f3)    # Can view `f2`, `f3` fields
+        #     can :update, f1: 1..2   # Can update f1 field with values between 1 and 2
+        #
+        #     # Can create f1 field with value equal to 'olo'
+        #     can :create, f1: lambda{|x| x == 'olo'}
+        #   end
         def can(action, *fields)
           return @destroyable = true if action == :destroy
-          return unless @access[action]
+          @access[action] = {} unless @access[action]
 
           if fields.size == 0
-            @fields.each{|f| @access[action][f] = nil}
+            @fields.each{|f| @access[action][f.to_s] = nil}
           else
             fields.each do |a|
               if a.is_a?(Array)
-                a.each{|f| @access[action][f] = nil}
+                a.each{|f| @access[action][f.to_s] = nil}
               elsif a.is_a?(Hash)
-                @access[action].merge!(a)
+                @access[action].merge!(a.stringify_keys)
               else
-                @access[action][a] = nil
+                @access[action][a.to_s] = nil
               end
             end
           end
         end
 
+        # Disables action for given fields.
+        #
+        # Works similar (but oppositely) to {#can}.
+        #
+        # @param action [Symbol]                Action to disallow
+        # @param fields [String, Hash, Array]   Splat of fields to disallow action with
+        #
+        # @see #can
+        # @see #can?
         def cannot(action, *fields)
           return @destroyable = false if action == :destroy
           return unless @access[action]
@@ -66,37 +118,54 @@ module Protector
           else
             fields.each do |a|
               if a.is_a?(Array)
-                a.each{|f| @access[action].delete(f)}
+                a.each{|f| @access[action].delete(f.to_s)}
               else
-                @access[action].delete(a)
+                @access[action].delete(a.to_s)
               end
             end
           end
         end
 
+        # @endgroup
+
+        # Checks whether given field of a model is readable in context of current subject
         def readable?(field)
-          @access_keys[:view].include?(field.to_s)
+          @access[:view].has_key?(field)
         end
 
+        # Checks whether you can create a model with given field in context of current subject
         def creatable?(fields=false)
           modifiable? :create, fields
         end
 
+        # Checks whether you can update a model with given field in context of current subject
         def updatable?(fields=false)
           modifiable? :update, fields
         end
 
+        # Checks whether you can destroy a model in context of current subject
         def destroyable?
           @destroyable
         end
 
+        # Check whether you can perform custom action for given fields (or generally if no `field` given)
+        #
+        # @param [Symbol] action        Action to check against
+        # @param [String] field         Field to check against
+        def can?(action, field=false)
+          return false unless @access[action]
+          return !@access[action].empty? if field === false
+          @access[action].has_key?(field)
+        end
+
         private
 
         def modifiable?(part, fields)
-          return false unless @access_keys[part].length > 0
+          keys = @access[part].keys
+          return false unless keys.length > 0
 
           if fields
-            return false if (fields.keys - @access_keys[part]).length > 0
+            return false if (fields.keys - keys).length > 0
 
             fields.each do |k,v|
               case x = @access[part][k]
@@ -112,12 +181,24 @@ module Protector
         end
       end
 
+      # Storage for `protect` blocks
+      def blocks
+        @blocks ||= []
+      end
+
+      # Register another protection block
       def <<(block)
-        (@blocks ||= []) << block
+        blocks << block
       end
 
+      # Calculate protection at the context of subject
+      #
+      # @param model [Class]              The class of protected entity
+      # @param subject [Object]           Restriction subject
+      # @param fields [Array<String>]     All the fields the model has
+      # @param entry [Object]             An instance of the model
       def evaluate(model, subject, fields=[], entry=nil)
-        Box.new(model, fields, subject, entry, @blocks)
+        Box.new(model, fields, subject, entry, blocks)
       end
     end
 
@@ -128,11 +209,15 @@ module Protector
         attr_reader :protector_subject
       end
 
+      # Assigns restriction subject
+      #
+      # @param [Object] subject         Subject to restrict against
       def restrict!(subject)
         @protector_subject = subject
         self
       end
 
+      # Clears restriction subject
       def unrestrict!
         @protector_subject = nil
         self
@@ -142,15 +227,18 @@ module Protector
     module Entry
       extend ActiveSupport::Concern
 
-      included do
-        class <<self
-          attr_reader :protector_meta
-        end
-      end
-
       module ClassMethods
+        # Registers protection DSL block
+        # @yield [subject, instance]        Evaluates conditions described in terms of {Protector::DSL::Meta::Box}.
+        # @yieldparam subject [Object]      Subject that object was restricted with
+        # @yieldparam instance [Object]     Reference to the object being restricted (can be nil)
         def protect(&block)
-          (@protector_meta ||= Meta.new) << block
+          protector_meta << block
+        end
+
+        # Storage of {Protector::DSL::Meta}
+        def protector_meta
+          @protector_meta ||= Meta.new
         end
       end
     end

data/lib/protector/version.rb

@@ -1,3 +1,4 @@
 module Protector
-  VERSION = "0.1.0"
+  # Gem version
+  VERSION = "0.1.1"
 end

data/migrations/active_record.rb

@@ -0,0 +1,48 @@
+### Connection
+
+ActiveRecord::Schema.verbose = false
+ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
+
+ActiveRecord::Base.instance_eval do
+  unless method_defined?(:none)
+    def none
+      where('1 = 0')
+    end
+  end
+
+  def every
+    where(nil)
+  end
+end
+
+### Tables
+
+[:dummies, :fluffies, :bobbies].each do |m|
+  ActiveRecord::Migration.create_table m do |t|
+    t.string      :string
+    t.integer     :number
+    t.text        :text
+    t.belongs_to  :dummy
+    t.timestamps
+  end
+end
+
+ActiveRecord::Migration.create_table(:loonies){|t| t.belongs_to :fluffy; t.string :string }
+
+### Classes
+
+class Dummy < ActiveRecord::Base
+  has_many :fluffies
+  has_many :bobbies
+end
+
+class Fluffy < ActiveRecord::Base
+  belongs_to :dummy
+  has_one :loony
+end
+
+class Bobby < ActiveRecord::Base
+end
+
+class Loony < ActiveRecord::Base
+end

data/perf/active_record.rb

@@ -0,0 +1,90 @@
+migrate
+
+seed do
+  500.times do
+    d = Dummy.create! string: 'zomgstring', number: [999,777].sample, text: 'zomgtext'
+
+    2.times do
+      f = Fluffy.create! string: 'zomgstring', number: [999,777].sample, text: 'zomgtext', dummy_id: d.id
+      b = Bobby.create! string: 'zomgstring', number: [999,777].sample, text: 'zomgtext', dummy_id: d.id
+      l = Loony.create! string: 'zomgstring', fluffy_id: f.id
+    end
+  end
+end
+
+activate do
+  Dummy.instance_eval do
+    protect do
+      scope { every }
+      can :view, :string
+    end
+  end
+
+  Fluffy.instance_eval do
+    protect do
+      scope { every }
+      can :view
+    end
+  end
+
+  # Define attributes methods
+  Dummy.first
+end
+
+benchmark 'Read from unprotected model (100k)' do
+  d = Dummy.first
+  100_000.times { d.string }
+end
+
+benchmark 'Read open field (100k)' do
+  d = Dummy.first
+  d = d.restrict!('!') if activated?
+  100_000.times { d.string }
+end
+
+benchmark 'Read nil field (100k)' do
+  d = Dummy.first
+  d = d.restrict!('!') if activated?
+  100_000.times { d.text }
+end
+
+benchmark 'Check existance' do
+  scope = activated? ? Dummy.restrict!('!') : Dummy.every
+  1000.times { scope.exists? }
+end
+
+benchmark 'Count' do
+  scope = Dummy.limit(1)
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.count }
+end
+
+benchmark 'Select one' do
+  scope = Dummy.limit(1)
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.to_a }
+end
+
+benchmark 'Select many' do
+  scope = Dummy.every
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.to_a }
+end
+
+benchmark 'Select with eager loading' do
+  scope = Dummy.includes(:fluffies)
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.to_a }
+end
+
+benchmark 'Select with filtered eager loading' do
+  scope = Dummy.includes(:fluffies).where(fluffies: {number: 999})
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.to_a }
+end
+
+benchmark 'Select with mixed eager loading' do
+  scope = Dummy.includes(:fluffies, :bobbies).where(fluffies: {number: 999})
+  scope = scope.restrict!('!') if activated?
+  1000.times { scope.to_a }
+end

data/perf/perf_helpers/boot.rb

@@ -0,0 +1,95 @@
+class Perf
+  def self.load(adapter)
+    perf = Perf.new(adapter.camelize)
+    base = Pathname.new(File.expand_path '../..', __FILE__)
+    file = base.join(adapter+'.rb').to_s
+    perf.instance_eval File.read(file), file
+    perf.run!
+  end
+
+  def initialize(adapter)
+    @blocks = {}
+    @adapter = adapter
+    @activated = false
+  end
+
+  def migrate
+    puts
+    print "Running with #{@adapter}: migrating... ".yellow
+
+    load "migrations/#{@adapter.underscore}.rb"
+
+    puts "Done.".yellow
+  end
+
+  def seed
+    print "Seeding... ".yellow
+    yield if block_given?
+    puts "Done".yellow
+  end
+
+  def activate(&block)
+    @activation = block
+  end
+
+  def benchmark(subject, &block)
+    @blocks[subject] = block
+  end
+
+  def activated?
+    @activated
+  end
+
+  def run!
+    results = {}
+
+    results[:off] = run_state('disabled', :red)
+
+    Protector::Adapters.const_get(@adapter).activate!
+    @activation.call
+    @activated = true
+
+    results[:on] = run_state('enabled', :green)
+
+    print_block "Total".blue do
+      results[:off].keys.each do |k|
+        off = results[:off][k]
+        on  = results[:on][k]
+
+        print_result k, sprintf("%8s / %8s (%s)", off, on, (on / off).round(2))
+      end
+    end
+  end
+
+  private
+
+  def run_state(state, color)
+    data = {}
+
+    print_block "Protector #{state.send color}" do
+      @blocks.each do |s, b|
+        data[s] = Benchmark.realtime(&b)
+        print_result s, data[s].to_s
+      end
+    end
+
+    data
+  end
+
+  def print_result(title, time)
+    print title.yellow
+    print "..."
+    puts sprintf("%#{100-title.length-3}s", time)
+  end
+
+  def print_block(title)
+    puts
+    puts title
+    puts "-"*100
+
+    yield
+
+    puts "-"*100
+    puts
+  end
+end

data/spec/lib/adapters/active_record_spec.rb

@@ -1,84 +1,13 @@
 require 'spec_helpers/boot'
 
 if defined?(ActiveRecord)
-
-  RSpec::Matchers.define :invalidate do
-    match do |actual|
-      actual.save.should == false
-      actual.errors[:base].should == ["Access denied"]
-    end
-  end
-
-  RSpec::Matchers.define :validate do
-    match do |actual|
-      actual.class.transaction do
-        actual.save.should == true
-        raise ActiveRecord::Rollback
-      end
-
-      true
-    end
-  end
-
-  def log!
-    around(:each) do |e|
-      ActiveRecord::Base.logger = Logger.new(STDOUT)
-      e.run
-      ActiveRecord::Base.logger = nil
-    end
-  end
+  load 'spec_helpers/adapters/active_record.rb'
 
   describe Protector::Adapters::ActiveRecord do
     before(:all) do
-      ActiveRecord::Schema.verbose = false
-      ActiveRecord::Base.establish_connection adapter: "sqlite3", database: ":memory:"
-
-      [:dummies, :fluffies, :bobbies].each do |m|
-        ActiveRecord::Migration.create_table m do |t|
-          t.string      :string
-          t.integer     :number
-          t.text        :text
-          t.belongs_to  :dummy
-          t.timestamps
-        end
-      end
-
-      ActiveRecord::Migration.create_table(:loonies){|t| t.belongs_to :fluffy; t.string :string }
-
-      Protector::Adapters::ActiveRecord.activate!
-
-      module Tester extend ActiveSupport::Concern
-        included do
-          protect do |x|
-            scope{ where('1=0') } if x == '-'
-            scope{ where(number: 999) } if x == '+' 
-
-            can :view, :dummy_id unless x == '-'
-          end
-
-          scope :none, where('1 = 0') unless respond_to?(:none)
-        end
-      end
-
-      class Dummy < ActiveRecord::Base
-        include Tester
-        has_many :fluffies
-        has_many :bobbies
-      end
-
-      class Fluffy < ActiveRecord::Base
-        include Tester
-        belongs_to :dummy
-        has_one :loony
-      end
-
-      class Bobby < ActiveRecord::Base
-        protect do; end
-      end
+      load 'migrations/active_record.rb'
 
-      class Loony < ActiveRecord::Base
-        protect do; end
-      end
+      [Dummy, Fluffy].each{|c| c.send :include, ProtectionCase}
 
       Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
       Dummy.create! string: 'zomgstring', number: 999, text: 'zomgtext'
@@ -95,6 +24,9 @@ if defined?(ActiveRecord)
       Fluffy.all.each{|f| Loony.create! fluffy_id: f.id, string: 'zomgstring' }
     end
 
+    #
+    # Model instance
+    #
     describe Protector::Adapters::ActiveRecord::Base do
       let(:dummy) do
         Class.new(ActiveRecord::Base) do
@@ -114,47 +46,11 @@ if defined?(ActiveRecord)
       end
 
       it_behaves_like "a model"
-
-      describe "eager loading" do
-        it "scopes" do
-          d = Dummy.restrict!('+').includes(:fluffies)
-          d.length.should == 2
-          d.first.fluffies.length.should == 1
-        end
-
-        context "joined to filtered association" do
-          it "scopes" do
-            d = Dummy.restrict!('+').includes(:fluffies).where(fluffies: {number: 777})
-            d.length.should == 2
-            d.first.fluffies.length.should == 1
-          end
-        end
-
-        context "joined to plain association" do
-          it "scopes" do
-            d = Dummy.restrict!('+').includes(:bobbies, :fluffies).where(
-              bobbies: {number: 777}, fluffies: {number: 777}
-            )
-            d.length.should == 2
-            d.first.fluffies.length.should == 1
-            d.first.bobbies.length.should == 1
-          end
-        end
-
-        context "with complex include" do
-          it "scopes" do
-            d = Dummy.restrict!('+').includes(fluffies: :loony).where(
-              fluffies: {number: 777},
-              loonies: {string: 'zomgstring'}
-            )
-            d.length.should == 2
-            d.first.fluffies.length.should == 1
-            d.first.fluffies.first.loony.should be_a_kind_of(Loony)
-          end
-        end
-      end
     end
 
+    #
+    # Model scope
+    #
     describe Protector::Adapters::ActiveRecord::Relation do
       it "includes" do
         Dummy.none.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
@@ -217,6 +113,50 @@ if defined?(ActiveRecord)
         end
       end
     end
+
+    #
+    # Eager loading
+    #
+    describe Protector::Adapters::ActiveRecord::Preloader do
+      describe "eager loading" do
+        it "scopes" do
+          d = Dummy.restrict!('+').includes(:fluffies)
+          d.length.should == 2
+          d.first.fluffies.length.should == 1
+        end
+
+        context "joined to filtered association" do
+          it "scopes" do
+            d = Dummy.restrict!('+').includes(:fluffies).where(fluffies: {number: 777})
+            d.length.should == 2
+            d.first.fluffies.length.should == 1
+          end
+        end
+
+        context "joined to plain association" do
+          it "scopes" do
+            d = Dummy.restrict!('+').includes(:bobbies, :fluffies).where(
+              bobbies: {number: 777}, fluffies: {number: 777}
+            )
+            d.length.should == 2
+            d.first.fluffies.length.should == 1
+            d.first.bobbies.length.should == 1
+          end
+        end
+
+        context "with complex include" do
+          it "scopes" do
+            d = Dummy.restrict!('+').includes(fluffies: :loony).where(
+              fluffies: {number: 777},
+              loonies: {string: 'zomgstring'}
+            )
+            d.length.should == 2
+            d.first.fluffies.length.should == 1
+            d.first.fluffies.first.loony.should be_a_kind_of(Loony)
+          end
+        end
+      end
+    end
   end
 
 end

data/spec/lib/dsl_spec.rb

@@ -81,19 +81,19 @@ describe Protector::DSL do
     it "sets access" do
       data = @meta.evaluate(nil, 'user', %w(field1 field2 field3 field4 field5), 'entry')
       data.access.should == {
-        "update" => {
+        update: {
           "field1" => nil,
           "field2" => nil,
           "field3" => nil,
           "field4" => 0..5,
           "field5" => l
         },
-        "view" => {
+        view: {
           "field1" => nil,
           "field2" => nil,
           "field3" => nil
         },
-        "create" => {}
+        create: {}
       }
     end
 

data/spec/spec_helpers/adapters/active_record.rb

@@ -0,0 +1,25 @@
+RSpec::Matchers.define :invalidate do
+  match do |actual|
+    actual.save.should == false
+    actual.errors[:base].should == ["Access denied"]
+  end
+end
+
+RSpec::Matchers.define :validate do
+  match do |actual|
+    actual.class.transaction do
+      actual.save.should == true
+      raise ActiveRecord::Rollback
+    end
+
+    true
+  end
+end
+
+def log!
+  around(:each) do |e|
+    ActiveRecord::Base.logger = Logger.new(STDOUT)
+    e.run
+    ActiveRecord::Base.logger = nil
+  end
+end

data/spec/spec_helpers/boot.rb

@@ -1,8 +1,20 @@
+Bundler.require
+
 require 'protector'
+require_relative 'examples/model'
 
-Bundler.require
+module ProtectionCase
+  extend ActiveSupport::Concern
+
+  included do
+    protect do |x|
+      scope{ where('1=0') } if x == '-'
+      scope{ where(number: 999) } if x == '+' 
 
-require_relative 'model'
+      can :view, :dummy_id unless x == '-'
+    end
+  end
+end
 
 RSpec.configure do |config|
   config.treat_symbols_as_metadata_keys_with_true_values = true

data/spec/spec_helpers/{model.rb → examples/model.rb}

@@ -20,25 +20,13 @@ shared_examples_for "a model" do
     meta.access[:update].should == fields
   end
 
-  describe "association" do
-    context "(has_many)" do
-      it "loads" do
-        Dummy.first.restrict!('!').fluffies.length.should == 2
-        Dummy.first.restrict!('+').fluffies.length.should == 1
-        Dummy.first.restrict!('-').fluffies.empty?.should == true
-      end
-    end
-
-    context "(belongs_to)" do
-      it "passes subject" do
-        Fluffy.first.restrict!('!').dummy.protector_subject.should == '!'
-      end
+  it "drops meta on restrict" do
+    d = Dummy.first
 
-      it "loads" do
-        Fluffy.first.restrict!('!').dummy.should be_a_kind_of(Dummy)
-        Fluffy.first.restrict!('-').dummy.should == nil
-      end
-    end
+    d.restrict!('!').protector_meta
+    d.instance_variable_get('@protector_meta').should_not == nil
+    d.restrict!('!')
+    d.instance_variable_get('@protector_meta').should == nil
   end
 
   describe "visibility" do
@@ -51,6 +39,9 @@ shared_examples_for "a model" do
     end
   end
 
+  #
+  # Reading
+  #
   describe "readability" do
     it "hides fields" do
       dummy.instance_eval do
@@ -67,6 +58,9 @@ shared_examples_for "a model" do
     end
   end
 
+  #
+  # Creating
+  #
   describe "creatability" do
     context "with empty meta" do
       before(:each) do
@@ -177,6 +171,9 @@ shared_examples_for "a model" do
     end
   end
 
+  #
+  # Updating
+  #
   describe "updatability" do
     context "with empty meta" do
       before(:each) do
@@ -301,6 +298,9 @@ shared_examples_for "a model" do
     end
   end
 
+  #
+  # Destroying
+  #
   describe "destroyability" do
     it "marks blocked" do
       dummy.instance_eval do
@@ -336,4 +336,28 @@ shared_examples_for "a model" do
       d.destroyed?.should == true
     end
   end
+
+  #
+  # Associations
+  #
+  describe "association" do
+    context "(has_many)" do
+      it "loads" do
+        Dummy.first.restrict!('!').fluffies.length.should == 2
+        Dummy.first.restrict!('+').fluffies.length.should == 1
+        Dummy.first.restrict!('-').fluffies.empty?.should == true
+      end
+    end
+
+    context "(belongs_to)" do
+      it "passes subject" do
+        Fluffy.first.restrict!('!').dummy.protector_subject.should == '!'
+      end
+
+      it "loads" do
+        Fluffy.first.restrict!('!').dummy.should be_a_kind_of(Dummy)
+        Fluffy.first.restrict!('-').dummy.should == nil
+      end
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-29 00:00:00.000000000 Z
+date: 2013-06-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -49,6 +49,7 @@ files:
 - .gitignore
 - .rspec
 - .travis.yml
+- .yardopts
 - Appraisals
 - Gemfile
 - LICENSE.txt
@@ -67,11 +68,15 @@ files:
 - lib/protector/dsl.rb
 - lib/protector/version.rb
 - locales/en.yml
+- migrations/active_record.rb
+- perf/active_record.rb
+- perf/perf_helpers/boot.rb
 - protector.gemspec
 - spec/lib/adapters/active_record_spec.rb
 - spec/lib/dsl_spec.rb
+- spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/boot.rb
-- spec/spec_helpers/model.rb
+- spec/spec_helpers/examples/model.rb
 homepage: https://github.com/inossidabile/protector
 licenses:
 - MIT
@@ -100,5 +105,6 @@ summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals
 test_files:
 - spec/lib/adapters/active_record_spec.rb
 - spec/lib/dsl_spec.rb
+- spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/boot.rb
-- spec/spec_helpers/model.rb
+- spec/spec_helpers/examples/model.rb