read_only_filter 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 7af0ff983d8e3ddb75eb157e1f385e58fc212b8b
+  data.tar.gz: cc921c61272abb4a06d6ba90c9a59d520b6dca91
+SHA512:
+  metadata.gz: 43394c6948a88c20bf556452d08c0c40f28c52faab160fa4ecebef4f27680af57948fe6cf53e91adfbe4fcbd5f93f18833b4347bea388c8779d9d1427ec0046c
+  data.tar.gz: 8a5eb8c0da8af2f356faadc48657569fcdab937f8f5396caa97ef3a095143982dd8157a2957ff8fab47911639d1e0ab567b9bed1f0d54deee2f4bacfb3069054

data/README.md

@@ -0,0 +1,88 @@
+# ReadOnlyFilter::Rails
+
+Read only support for Rails ActiveController, allows for protection of controller actions from write by preventing access to the `:create :update :destroy` actions.
+
+By default read only filter redirects back with a flash error message. However redirects to 403, 404 or 500 status code error pages are available through custom options.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'read_only_filter', '~> 1.0.0'
+```
+    
+	
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install read_only_filter
+    
+	
+## Using read only filter
+
+Just follow these simple steps to enable read only protection of your `:create :update :destroy` actions in all controllers in your rails project.
+
+1. ####Add support for read only filter to your project:
+
+	In order to add support for read only protected controllers to your project you will
+need to create an initializer file in your projects config initializers directory.
+
+	```ruby
+	# config/initializers/read_only_filter.rb
+	require 'read_only_filter'
+	```
+
+	one liner:
+	
+	```
+	$ echo "require 'read_only_filter'" > config/initializers/read_only_filter.rb 
+	```
+		
+2. ####Enable read only filter in your project:
+
+	Enable should be triggered early in your controllers before_filters, such as
+	your `:signed_in_user` or other authentication filter.
+	
+	```ruby
+	@read_only_enabled = true
+	```
+	
+	It can also be enabled from a user flag to mark specific users as read_only.
+	
+	```ruby
+	@read_only_enabled = current_user.read_only
+	```
+	
+	   
+3. ####Customize the way read only filter works:
+
+	Add additional methods to protect besides the defaults. Optionally exclude a default `:update` action. The following examples can be added to the top of any rails controller.
+
+	```ruby
+	read_only only: [:index, :show], except: [:update]
+    ```
+    Use custom status codes and redirect messages.
+    
+    ```ruby
+    read_only render_error: [:create,:udpate], status_code: 404
+    ```
+	
+
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request
+ 
+
+## Copyright
+
+Copyright (c) 2013 @geothird. See LICENSE.txt for
+further details.

data/lib/read_only_filter.rb

@@ -0,0 +1,100 @@
+module ReadOnlyFilter
+  # By Default read only protects create/update/destroy actions
+  DEF_METHODS = { create: true, update: true, destroy: true }
+
+  # Default RoutingError
+  DEF_CODE = 404
+
+  # Default flash error message
+  DEF_MSG = 'Access Denied.'
+
+  # Override base module to include attributes and process_action
+  # methods to allow for adding a before filter after class
+  # specific before_filters
+  ActionController::Base.module_eval do
+    # Turn read only on or off true/false
+    attr_accessor :read_only_enabled
+
+    class << self
+      # attr for storing methods marked read only
+      attr_accessor :read_only_methods, :status_code_methods,
+        :status_code, :redirect_msg
+
+      # initialize
+      def __init_params
+        @status_code_methods ||= {}
+        @read_only_methods   ||= ReadOnlyFilter::DEF_METHODS.dup
+        @status_code         ||= ReadOnlyFilter::DEF_CODE
+        @redirect_msg        ||= ReadOnlyFilter::DEF_MSG
+      end
+      # Read only sets up additional methods to be filtered
+      # see read_only_method
+      #
+      # Usage: read_only only: [:index, :show], except: [:update]
+      # Usage: read_only render_error: [:create,:udpate], status_code: 404
+      #
+      def read_only(args)
+        __init_params
+        if args
+          # include methods
+          if args[:only]
+            args[:only].each do |one|
+              @read_only_methods[one] = true
+            end
+          end
+          # except methods
+          if args[:except]
+            args[:except].each do |ext|
+              @read_only_methods.delete(ext)
+            end
+          end
+          # raise methods
+          if args[:render_error]
+            args[:render_error].each do |red|
+              @status_code_methods[red] = true
+            end
+          end
+          # status code
+          if args[:status_code]
+            @status_code = args[:status_code]
+          end
+          # redirect message
+          if args[:redirect_msg]
+            @redirect_msg = args[:redirect_msg]
+          end
+        end
+      end
+    end
+    # Override process_action to add before_filter after others
+    def process_action(method_name, *args)
+      ActionController::Base.before_filter :read_only_method
+      super
+    end
+    # Read only method is a before filter that prevents access
+    # to controllers based on if the controller is setup
+    # to be read only `read_only_enabled` and if the method
+    # is marked as read only through the read_only_methods attribute.
+    #
+    # By default read only redirects back with an error message
+    # To include instead render status code error template see usage.
+    #
+    def read_only_method
+      if @read_only_enabled
+        # Setup defaults if not already initialized
+        self.class.__init_params
+
+        # Redirect to :back  or render status_code page
+        if self.class.read_only_methods[params[:action].to_sym]
+          if self.class.status_code_methods[params[:action].to_sym]
+            render(file: File.join(Rails.root, "public/#{self.class.status_code}.html"),
+                   status: self.class.status_code, layout: false) and return
+          else
+            redirect_to :back, flash: { error: self.class.redirect_msg} and return
+          end
+        end
+      end
+    end
+  end
+end
+# Extend action controller base with ReadOnlyFilter module
+ActionController::Base.send(:extend, ReadOnlyFilter)

data/lib/read_only_filter/version.rb

@@ -0,0 +1,5 @@
+module ReadOnlyFilter
+  module Rails
+    VERSION = "1.0.0"
+  end
+end

metadata

@@ -0,0 +1,47 @@
+--- !ruby/object:Gem::Specification
+name: read_only_filter
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Geo
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-08 00:00:00.000000000 Z
+dependencies: []
+description: Read only filter for Rails ActiveController, allows for protection of
+  controller actions from create/update/destroy.
+email:
+- geo.marshall@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/read_only_filter/version.rb
+- lib/read_only_filter.rb
+- README.md
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0
+signing_key: 
+specification_version: 4
+summary: Enable read only protection for rails controller actions.
+test_files: []