protector 0.7.4 → 0.7.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Appraisals +5 -0
- data/README.md +13 -2
- data/gemfiles/AR_4.1.gemfile +18 -0
- data/lib/protector/adapters/active_record/relation.rb +12 -8
- data/lib/protector/adapters/sequel/model.rb +1 -1
- data/lib/protector/dsl.rb +1 -1
- data/lib/protector/version.rb +1 -1
- data/spec/lib/protector/adapters/active_record_spec.rb +40 -9
- data/spec/lib/protector/engine_spec.rb +1 -0
- data/spec/spec_helpers/examples/model.rb +14 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8d6e09054172469d5a87d231ad7f173504cb370d
|
|
4
|
+
data.tar.gz: 6711053459b16743c42b18192406bbda09a1bd45
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 73b84873fae0417524c733ccf96216e311923fc80fe69bf3bf690c26624a237297dd9c4166171830c2ed3e7978ce9dd5d28daf05e3e910f30e4b42ae48c12536
|
|
7
|
+
data.tar.gz: d7390a28c52aa295aa46fa295a8cd250e5548c5e8916b71c39db6e077fd1cccfbe345710bcf3292249672a5925f8948f5889d56b95b6af82654a99ba62547da7
|
data/Appraisals
CHANGED
|
@@ -8,6 +8,11 @@ appraise "AR_4" do
|
|
|
8
8
|
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
|
|
9
9
|
end
|
|
10
10
|
|
|
11
|
+
appraise "AR_4.1" do
|
|
12
|
+
gem "activerecord", "4.1.0.rc1", require: "active_record"
|
|
13
|
+
gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
|
|
14
|
+
end
|
|
15
|
+
|
|
11
16
|
appraise "AR_edge" do
|
|
12
17
|
gem "activerecord", require: "active_record", github: "rails/rails"
|
|
13
18
|
gem "activemodel", github: "rails/rails"
|
data/README.md
CHANGED
|
@@ -99,10 +99,21 @@ Article.restrict!(current_user).where(...)
|
|
|
99
99
|
Article.where(...).restrict!(current_user)
|
|
100
100
|
```
|
|
101
101
|
|
|
102
|
-
|
|
102
|
+
Be aware that if you already made the database query the scope has no effect on the already fatched data. This is because Protector is working on two levels: first during retrieval (scops are applied here) and after that on the level of fields. So for example `find` and `restrict!` calls are not commutative:
|
|
103
|
+
```ruby
|
|
104
|
+
# Should be used if you are using scops for visibility restriction
|
|
105
|
+
Article.restrict!(current_user).find(3)
|
|
106
|
+
|
|
107
|
+
# not equal!
|
|
108
|
+
# Will select the record with id: 3 regardless of any scops and only restrict on the field level
|
|
109
|
+
Article.find(3).restrict!(current_user)
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
Note also that you don't need to explicitly restrict models you get from a restricted scope – they born restricted.
|
|
103
113
|
|
|
104
114
|
**Important**: unlike fields, scopes follow black-list approach by default. It means that you will NOT restrict selection in any way if no scope was set within protection block! This arguably is the best default strategy. But it's not the only one – see `paranoid` at the [list of available options](https://github.com/inossidabile/protector#options) for details.
|
|
105
115
|
|
|
116
|
+
|
|
106
117
|
## Self-aware conditions
|
|
107
118
|
|
|
108
119
|
Sometimes an access decision depends on the object we restrict. `protect` block accepts second argument to fulfill these cases. Keep in mind however that it's not always accessible: we don't have any instance for the restriction of relation and therefore `nil` is passed.
|
|
@@ -232,4 +243,4 @@ Protector features basic Rails integration so you can assign options using `conf
|
|
|
232
243
|
|
|
233
244
|
It is free software, and may be redistributed under the terms of MIT license.
|
|
234
245
|
|
|
235
|
-
[](https://bitdeli.com/free "Bitdeli Badge")
|
|
246
|
+
[](https://bitdeli.com/free "Bitdeli Badge")
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# This file was generated by Appraisal
|
|
2
|
+
|
|
3
|
+
source "https://rubygems.org"
|
|
4
|
+
|
|
5
|
+
gem "rake"
|
|
6
|
+
gem "colored"
|
|
7
|
+
gem "pry"
|
|
8
|
+
gem "rspec"
|
|
9
|
+
gem "simplecov", :require=>false
|
|
10
|
+
gem "simplecov-summary"
|
|
11
|
+
gem "appraisal", :github=>"thoughtbot/appraisal"
|
|
12
|
+
gem "sqlite3", :platform=>:ruby
|
|
13
|
+
gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
|
|
14
|
+
gem "ruby-prof", :platform=>:ruby
|
|
15
|
+
gem "activerecord", "4.1.0.rc1", :require=>"active_record"
|
|
16
|
+
gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
|
|
17
|
+
|
|
18
|
+
gemspec :path=>".././"
|
|
@@ -89,10 +89,7 @@ module Protector
|
|
|
89
89
|
def new_with_protector(*args, &block)
|
|
90
90
|
return new_without_protector(*args, &block) unless protector_subject?
|
|
91
91
|
|
|
92
|
-
|
|
93
|
-
if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
|
|
94
|
-
Protector::ActiveRecord::Adapters::StrongParameters.sanitize! args, true, protector_meta
|
|
95
|
-
end
|
|
92
|
+
protector_permit_strong_params(args)
|
|
96
93
|
|
|
97
94
|
unless block_given?
|
|
98
95
|
new_without_protector(*args).restrict!(protector_subject)
|
|
@@ -106,10 +103,7 @@ module Protector
|
|
|
106
103
|
def create_with_protector(*args, &block)
|
|
107
104
|
return create_without_protector(*args, &block) unless protector_subject?
|
|
108
105
|
|
|
109
|
-
|
|
110
|
-
if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
|
|
111
|
-
Protector::ActiveRecord::Adapters::StrongParameters.sanitize! args, true, protector_meta
|
|
112
|
-
end
|
|
106
|
+
protector_permit_strong_params(args)
|
|
113
107
|
|
|
114
108
|
create_without_protector(*args) do |instance|
|
|
115
109
|
instance.restrict!(protector_subject)
|
|
@@ -120,6 +114,8 @@ module Protector
|
|
|
120
114
|
def create_with_protector!(*args, &block)
|
|
121
115
|
return create_without_protector!(*args, &block) unless protector_subject?
|
|
122
116
|
|
|
117
|
+
protector_permit_strong_params(args)
|
|
118
|
+
|
|
123
119
|
create_without_protector!(*args) do |instance|
|
|
124
120
|
instance.restrict!(protector_subject)
|
|
125
121
|
block.call(instance) if block
|
|
@@ -233,6 +229,14 @@ module Protector
|
|
|
233
229
|
|
|
234
230
|
private
|
|
235
231
|
|
|
232
|
+
def protector_permit_strong_params(args)
|
|
233
|
+
# strong_parameters integration
|
|
234
|
+
if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
|
|
235
|
+
Protector::ActiveRecord::Adapters::StrongParameters.sanitize! args, true, protector_meta
|
|
236
|
+
end
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
|
|
236
240
|
def protector_expand_inclusion_hash(inclusion, results=[], base=[], klass=@klass)
|
|
237
241
|
inclusion.each do |key, value|
|
|
238
242
|
model = klass.reflect_on_association(key.to_sym).klass
|
data/lib/protector/dsl.rb
CHANGED
|
@@ -159,7 +159,7 @@ module Protector
|
|
|
159
159
|
|
|
160
160
|
# Checks whether given field of a model is readable in context of current subject
|
|
161
161
|
def readable?(field)
|
|
162
|
-
@access[:read] && @access[:read].key?(field)
|
|
162
|
+
@access[:read] && @access[:read].key?(field.to_s)
|
|
163
163
|
end
|
|
164
164
|
|
|
165
165
|
# Checks whether you can create a model with given field in context of current subject
|
data/lib/protector/version.rb
CHANGED
|
@@ -40,6 +40,15 @@ if defined?(ActiveRecord)
|
|
|
40
40
|
Fluffy.all.each{|f| Loony.create! fluffy_id: f.id, string: 'zomgstring' }
|
|
41
41
|
end
|
|
42
42
|
|
|
43
|
+
let(:dummy) do
|
|
44
|
+
Class.new(ActiveRecord::Base) do
|
|
45
|
+
def self.name; 'Dummy'; end
|
|
46
|
+
def self.model_name; ActiveModel::Name.new(self, nil, "dummy"); end
|
|
47
|
+
self.table_name = "dummies"
|
|
48
|
+
scope :none, where('1 = 0') unless respond_to?(:none)
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
|
|
43
52
|
describe Protector::Adapters::ActiveRecord do
|
|
44
53
|
it "finds out whether object is AR relation" do
|
|
45
54
|
Protector::Adapters::ActiveRecord.is?(Dummy).should == true
|
|
@@ -55,15 +64,6 @@ if defined?(ActiveRecord)
|
|
|
55
64
|
# Model instance
|
|
56
65
|
#
|
|
57
66
|
describe Protector::Adapters::ActiveRecord::Base do
|
|
58
|
-
let(:dummy) do
|
|
59
|
-
Class.new(ActiveRecord::Base) do
|
|
60
|
-
def self.name; 'Dummy'; end
|
|
61
|
-
def self.model_name; ActiveModel::Name.new(self, nil, "dummy"); end
|
|
62
|
-
self.table_name = "dummies"
|
|
63
|
-
scope :none, where('1 = 0') unless respond_to?(:none)
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
|
|
67
67
|
it "includes" do
|
|
68
68
|
Dummy.ancestors.should include(Protector::Adapters::ActiveRecord::Base)
|
|
69
69
|
end
|
|
@@ -457,6 +457,37 @@ if defined?(ActiveRecord)
|
|
|
457
457
|
|
|
458
458
|
expect { fluffy.restrict!('!').to_a }.to_not raise_error
|
|
459
459
|
end
|
|
460
|
+
|
|
461
|
+
# https://github.com/inossidabile/protector/issues/42
|
|
462
|
+
if ActiveRecord::Base.respond_to?(:enum)
|
|
463
|
+
context "enums" do
|
|
464
|
+
before(:each) do
|
|
465
|
+
dummy.instance_eval do
|
|
466
|
+
enum number: [ :active, :archived ]
|
|
467
|
+
end
|
|
468
|
+
end
|
|
469
|
+
|
|
470
|
+
it "can be read" do
|
|
471
|
+
dummy.instance_eval do
|
|
472
|
+
protect do
|
|
473
|
+
can :read, :number
|
|
474
|
+
can :create, :number
|
|
475
|
+
can :update, :number
|
|
476
|
+
end
|
|
477
|
+
end
|
|
478
|
+
|
|
479
|
+
d = dummy.new.restrict!('!')
|
|
480
|
+
|
|
481
|
+
expect { d.active! }.to_not raise_error
|
|
482
|
+
|
|
483
|
+
d.number.should == 'active'
|
|
484
|
+
d.active?.should == true
|
|
485
|
+
d.archived?.should == false
|
|
486
|
+
|
|
487
|
+
d.delete
|
|
488
|
+
end
|
|
489
|
+
end
|
|
490
|
+
end
|
|
460
491
|
end
|
|
461
492
|
end
|
|
462
493
|
end
|
|
@@ -49,6 +49,7 @@ if defined?(Rails)
|
|
|
49
49
|
it "creates" do
|
|
50
50
|
expect{ dummy.restrict!.new params(string: 'test') }.to_not raise_error
|
|
51
51
|
expect{ dummy.restrict!.create(params(string: 'test')).delete }.to_not raise_error
|
|
52
|
+
expect{ dummy.restrict!.create!(params(string: 'test')).delete }.to_not raise_error
|
|
52
53
|
expect{ dummy.restrict!.new params(number: 1) }.to raise_error
|
|
53
54
|
end
|
|
54
55
|
|
|
@@ -74,6 +74,20 @@ shared_examples_for "a model" do
|
|
|
74
74
|
read_attribute(d, :number).should_not == nil
|
|
75
75
|
d.string.should == 'zomgstring'
|
|
76
76
|
end
|
|
77
|
+
|
|
78
|
+
it "shows fields" do
|
|
79
|
+
dummy.instance_eval do
|
|
80
|
+
protect do
|
|
81
|
+
can :read, :number
|
|
82
|
+
end
|
|
83
|
+
end
|
|
84
|
+
|
|
85
|
+
d = dummy.first.restrict!('!')
|
|
86
|
+
d.number.should_not == nil
|
|
87
|
+
d[:number].should_not == nil
|
|
88
|
+
d['number'].should_not == nil
|
|
89
|
+
read_attribute(d, :number).should_not == nil
|
|
90
|
+
end
|
|
77
91
|
end
|
|
78
92
|
|
|
79
93
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: protector
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Boris Staal
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2014-
|
|
11
|
+
date: 2014-03-06 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -57,6 +57,7 @@ files:
|
|
|
57
57
|
- README.md
|
|
58
58
|
- Rakefile
|
|
59
59
|
- gemfiles/AR_3.2.gemfile
|
|
60
|
+
- gemfiles/AR_4.1.gemfile
|
|
60
61
|
- gemfiles/AR_4.gemfile
|
|
61
62
|
- gemfiles/AR_edge.gemfile
|
|
62
63
|
- gemfiles/Rails_3.2.gemfile
|