protector 0.6.1 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b0adb740ad6dcc0053fd159bf424ce0dac2092cf
-  data.tar.gz: 07969057659e1baa91b16806d25efc324389e7c8
+  metadata.gz: d22e142c0d5654a1287d706ad235b1d921fbf641
+  data.tar.gz: befe5711c88baea2c46f9004aaccfef20541db74
 SHA512:
-  metadata.gz: 5d40755015122eef231bbe2b755db8440e6e6a38fdf51c82fc1a5d81e629012ff876c3e921b90d4c4a13b6667ad95050b63d3b79cf5207bb1e6767f24f4ef87c
-  data.tar.gz: abef904c2b38cbc1a40b5de0c6bb28e56c14db83cd3fd8e631b9a94d0ececa78356abd93f3e1e4b2651cb019a6f8bac1257e5415324a118d97dd8c323a122b2e
+  metadata.gz: 85757bb7c0f7e485d4912877572d0a9bfa7d890988c3c6df50bc40fb208e699f5394b3f014a675c7b24671aaad336b378c2d60197124efa4f0acc15024853fbe
+  data.tar.gz: 2c0c4d49b32b6d958804f1693bc10d018dba0b0566d0c7514fdc9ca974eec3351b89525986eb160f9562e95b1c5bd0bc8984334dde6a30548f05c3fda8d9cefc

data/README.md

@@ -175,6 +175,8 @@ end
 
 No matter what happens inside, all your entities will act unprotected. So use with **EXTREME** caution.
 
+Please note also that we are talking about "unprotected" and "disabled". It does not make `can?` to always return `true`. Instead `can?` would thrown an exception just like it does for any unprotected model. Any other approach makes logic incostitent, unpredictable and just dangerous. There are different possible strategies to isolate business logic from security domain in tests like direct `can?` mocking or forcing admin role to a test user. Use them whenever you want to abstract from security in a whole and `insecurely` when you want to mock a model to the basic security state.
+
 ## Ideology
 
 Protector is a successor to [Heimdallr](https://github.com/inossidabile/heimdallr). The latter being a proof-of-concept appeared to be way too paranoid and incompatible with the rest of the world. Protector re-implements same idea keeping the Ruby way:
@@ -216,6 +218,11 @@ Use `Protector.config.option = value` to assign an option. Available options are
 
 Protector features basic Rails integration so you can assign options using `config.protector.option = value` at your `config/*.rb`.
 
+## Need help?
+
+  * Use [StackOverflow](http://stackoverflow.com/questions/tagged/protector) Luke! Make sure to use tag `protector`.
+  * You can get help at [irc.freenode.net](http://freenode.net) #protector.rb.
+
 ## Maintainers
 
 * Boris Staal, [@inossidabile](http://staal.io)

data/lib/protector/adapters/active_record/relation.rb

@@ -28,6 +28,10 @@ module Protector
           end
         end
 
+        def creatable?
+          new.creatable?
+        end
+
         # Gets {Protector::DSL::Meta::Box} of this relation
         def protector_meta(subject=protector_subject)
           @klass.protector_meta.evaluate(subject)

data/lib/protector/adapters/sequel/dataset.rb

@@ -30,6 +30,10 @@ module Protector
           alias_method_chain :each, :protector
         end
 
+        def creatable?
+          model.new.restrict!(protector_subject).creatable?
+        end
+
         # Gets {Protector::DSL::Meta::Box} of this dataset
         def protector_meta(subject=protector_subject)
           model.protector_meta.evaluate(subject)

data/lib/protector/dsl.rb

@@ -16,7 +16,7 @@ module Protector
           @adapter     = adapter
           @model       = model
           @fields      = fields
-          @access      = {update: {}, view: {}, create: {}}
+          @access      = {}
           @scope_procs = []
           @destroyable = false
 
@@ -104,9 +104,10 @@ module Protector
         #   end
         def can(action, *fields)
           return @destroyable = true if action == :destroy
+
           @access[action] = {} unless @access[action]
 
-          if fields.size == 0
+          if fields.length == 0
             @fields.each{|f| @access[action][f.to_s] = nil}
           else
             fields.each do |a|
@@ -132,10 +133,11 @@ module Protector
         # @see #can?
         def cannot(action, *fields)
           return @destroyable = false if action == :destroy
+
           return unless @access[action]
 
-          if fields.size == 0
-            @access[action].clear
+          if fields.length == 0
+            @access.delete(action)
           else
             fields.each do |a|
               if a.is_a?(Array)
@@ -144,6 +146,8 @@ module Protector
                 @access[action].delete(a.to_s)
               end
             end
+
+            @access.delete(action) if @access[action].empty?
           end
         end
 
@@ -151,7 +155,7 @@ module Protector
 
         # Checks whether given field of a model is readable in context of current subject
         def readable?(field)
-          @access[:view].has_key?(field)
+          @access[:view] && @access[:view].has_key?(field)
         end
 
         # Checks whether you can create a model with given field in context of current subject
@@ -182,14 +186,23 @@ module Protector
         # @param [Symbol] action        Action to check against
         # @param [String] field         Field to check against
         def can?(action, field=false)
+          return destroyable? if action == :destroy
+
           return false unless @access[action]
-          return !@access[action].empty? if field === false
+          return !@access[action].empty? unless field
+
           @access[action].has_key?(field.to_s)
         end
 
+        def cannot?(*args)
+          !can?(*args)
+        end
+
         private
 
         def first_unmodifiable_field(part, fields)
+          return (fields.keys.first || '-') unless @access[part]
+
           diff = fields.keys - @access[part].keys
           return diff.first if diff.length > 0
 
@@ -207,8 +220,8 @@ module Protector
           false
         end
 
-        def modifiable?(part, fields)
-          return false unless @access[part].keys.length > 0
+        def modifiable?(part, fields=false)
+          return false unless @access[part]
           return false if fields && first_unmodifiable_field(part, fields)
           true
         end
@@ -250,7 +263,7 @@ module Protector
       # subject on a non-protected model
       def protector_subject
         unless protector_subject?
-          raise "Unprotected entity detected: use `restrict` method to protect it."
+          raise "Unprotected entity detected for '#{self.class}': use `restrict` method to protect it."
         end
 
         @protector_subject

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.6.1"
+  VERSION = "0.6.2"
 end

data/lib/protector.rb

@@ -25,10 +25,17 @@ module Protector
 
     # Allows executing any code having Protector globally disabled
     def insecurely(&block)
+      Thread.current[:protector_disabled_nesting] ||= 0
+      Thread.current[:protector_disabled_nesting] += 1
+
       Thread.current[:protector_disabled] = true
       yield
     ensure
-      Thread.current[:protector_disabled] = false
+      Thread.current[:protector_disabled_nesting] -= 1
+
+      if Thread.current[:protector_disabled_nesting] == 0
+        Thread.current[:protector_disabled] = false
+      end
     end
 
     def activate!

data/spec/lib/{adapters → protector/adapters}/active_record_spec.rb

@@ -116,6 +116,11 @@ if defined?(ActiveRecord)
         Dummy.restrict!('!').new.protector_subject.should == '!'
       end
 
+      it "checks creatability" do
+        Dummy.restrict!('!').creatable?.should == false
+        Dummy.restrict!('!').where(number: 999).creatable?.should == false
+      end
+
       context "with open relation" do
         context "adequate", paranoid: false do
           it "checks existence" do

data/spec/lib/{adapters → protector/adapters}/sequel_spec.rb

@@ -88,6 +88,11 @@ if defined?(Sequel)
         Dummy.restrict!('!').eager_graph(fluffies: :loony).all.first.fluffies.first.loony.protector_subject.should == '!'
       end
 
+      it "checks creatability" do
+        Dummy.restrict!('!').creatable?.should == false
+        Dummy.restrict!('!').where(number: 999).creatable?.should == false
+      end
+
       context "with open relation" do
         context "adequate", paranoid: false do
           it "checks existence" do

data/spec/lib/{dsl_spec.rb → protector/dsl_spec.rb}

@@ -34,6 +34,28 @@ describe Protector::DSL do
       base.unrestrict!
       expect { base.protector_subject }.to raise_error
     end
+
+    it "respects `insecurely`" do
+      base = @base.new
+      base.restrict!("universe")
+
+      base.protector_subject?.should == true
+      Protector.insecurely do
+        base.protector_subject?.should == false
+      end
+    end
+
+    it "allows nesting of `insecurely`" do
+      base = @base.new
+      base.restrict!("universe")
+
+      base.protector_subject?.should == true
+      Protector.insecurely do
+        Protector.insecurely do
+          base.protector_subject?.should == false
+        end
+      end
+    end
   end
 
   describe Protector::DSL::Entry do
@@ -126,19 +148,20 @@ describe Protector::DSL do
             "field1" => nil,
             "field2" => nil,
             "field3" => nil
-          },
-          create: {}
+          }
         }
       end
 
       it "marks destroyable" do
         data = @meta.evaluate('user', 'entry')
         data.destroyable?.should == true
+        data.can?(:destroy).should == true
       end
 
       it "marks updatable" do
         data = @meta.evaluate('user', 'entry')
         data.updatable?.should == true
+        data.can?(:update).should == true
       end
 
       it "gets first unupdatable field" do
@@ -149,6 +172,7 @@ describe Protector::DSL do
       it "marks creatable" do
         data = @meta.evaluate('user', 'entry')
         data.creatable?.should == false
+        data.can?(:create).should == false
       end
 
       it "gets first uncreatable field" do

data/spec/lib/{engine_spec.rb → protector/engine_spec.rb}

@@ -28,8 +28,13 @@ if defined?(Rails)
     describe "strong_parameters" do
       before(:all) do
         load 'migrations/active_record.rb'
+      end
+
+      let(:dummy) do
+        Class.new(ActiveRecord::Base) do
+          def self.model_name; ActiveModel::Name.new(self, nil, "dummy"); end
+          self.table_name = "dummies"
 
-        Dummy.instance_eval do
           protect do
             can :create, :string
             can :update, :number
@@ -42,15 +47,15 @@ if defined?(Rails)
       end
 
       it "creates" do
-        expect{ Dummy.restrict!.new params(string: 'test') }.to_not raise_error
-        expect{ Dummy.restrict!.new params(number: 1) }.to raise_error
+        expect{ dummy.restrict!.new params(string: 'test') }.to_not raise_error
+        expect{ dummy.restrict!.new params(number: 1) }.to raise_error
       end
 
       it "updates" do
-        dummy = Dummy.create!
+        instance = dummy.create!
 
-        expect{ dummy.restrict!.assign_attributes params(string: 'test') }.to raise_error
-        expect{ dummy.restrict!.assign_attributes params(number: 1) }.to_not raise_error
+        expect{ instance.restrict!.assign_attributes params(string: 'test') }.to raise_error
+        expect{ instance.restrict!.assign_attributes params(number: 1) }.to_not raise_error
       end
     end
   end

data/spec/spec_helpers/examples/model.rb

@@ -33,7 +33,6 @@ shared_examples_for "a model" do
   it "doesn't get stuck with non-existing tables" do
     Rumba.class_eval do
       protect do
-        can
       end
     end
   end
@@ -88,6 +87,13 @@ shared_examples_for "a model" do
         end
       end
 
+      it "handles empty creations" do
+        d = dummy.new.restrict!('!')
+        d.can?(:create).should == false
+        d.creatable?.should == false
+        d.should invalidate
+      end
+
       it "marks blocked" do
         d = dummy.new(string: 'bam', number: 1)
         d.restrict!('!').creatable?.should == false

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.6.1
+  version: 0.6.2
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-08-31 00:00:00.000000000 Z
+date: 2013-09-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -78,10 +78,10 @@ files:
 - protector.gemspec
 - spec/internal/config/database.yml
 - spec/internal/db/schema.rb
-- spec/lib/adapters/active_record_spec.rb
-- spec/lib/adapters/sequel_spec.rb
-- spec/lib/dsl_spec.rb
-- spec/lib/engine_spec.rb
+- spec/lib/protector/adapters/active_record_spec.rb
+- spec/lib/protector/adapters/sequel_spec.rb
+- spec/lib/protector/dsl_spec.rb
+- spec/lib/protector/engine_spec.rb
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb
@@ -107,7 +107,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.6
+rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping
@@ -115,10 +115,10 @@ summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals
 test_files:
 - spec/internal/config/database.yml
 - spec/internal/db/schema.rb
-- spec/lib/adapters/active_record_spec.rb
-- spec/lib/adapters/sequel_spec.rb
-- spec/lib/dsl_spec.rb
-- spec/lib/engine_spec.rb
+- spec/lib/protector/adapters/active_record_spec.rb
+- spec/lib/protector/adapters/sequel_spec.rb
+- spec/lib/protector/dsl_spec.rb
+- spec/lib/protector/engine_spec.rb
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb