redtape 1.0.0 → 1.0.1

data/lib/redtape/attribute_whitelist.rb

@@ -0,0 +1,54 @@
+module Redtape
+  class AttributeWhitelist
+    attr_reader :whitelisted_attrs
+
+    def initialize(whitelisted_attrs)
+      @whitelisted_attrs = whitelisted_attrs
+    end
+
+    def top_level_name
+      whitelisted_attrs.try(:keys).try(:first)
+    end
+
+    def allows?(args = {})
+      allowed_attrs = whitelisted_attrs_for(args[:association_name]) || []
+      allowed_attrs = allowed_attrs.map(&:to_s)
+      allowed_attrs << "id"
+      allowed_attrs.include?(args[:attr].to_s)
+    end
+
+    private
+
+    # Locate whitelisted attributes for the supplied association name
+    def whitelisted_attrs_for(assoc_name, attr_hash = whitelisted_attrs)
+      if assoc_name.to_s == attr_hash.keys.first.to_s
+        return attr_hash.values.first.reject { |v| v.is_a? Hash }
+      end
+
+      scoped_whitelisted_attrs = attr_hash.values.first
+      scoped_whitelisted_attrs.reject { |v|
+        !v.is_a? Hash
+      }.find { |v|
+        whitelisted_attrs_for(assoc_name, v)
+      }.try(:values).try(:first)
+    end
+  end
+
+  class NullAttrWhitelist
+    def top_level_name
+      nil
+    end
+
+    def present?
+      false
+    end
+
+    def nil?
+      true
+    end
+
+    def allows?(args = {})
+      false
+    end
+  end
+end

data/lib/redtape/model_factory.rb

@@ -0,0 +1,189 @@
+module Redtape
+  class ModelFactory
+    attr_reader :top_level_name, :records_to_save, :model, :controller, :attr_whitelist, :attrs
+
+    def initialize(args = {})
+      assert_inputs(args)
+
+      @attrs             = args[:attrs]
+      @attr_whitelist    = NullAttrWhitelist.new
+      @controller        = args[:controller]
+      @records_to_save   = []
+      @top_level_name    =
+        @attr_whitelist.top_level_name ||
+        args[:top_level_name] ||
+        default_top_level_name_from(controller)
+      if args[:whitelisted_attrs]
+        @attr_whitelist  = AttributeWhitelist.new(args[:whitelisted_attrs])
+      end
+    end
+
+    def populate_model
+      @model = find_or_create_root_model
+
+      populators = [ Populator::Root.new(root_populator_args) ]
+      populators.concat(
+        create_populators_for(model, attrs.values.first).flatten
+      )
+
+      populators.each do |p|
+        p.call
+      end
+
+      violations = populators.map(&:whitelist_failures).flatten
+      if violations.present?
+        errors = violations.join(", ")
+        fail WhitelistViolationError, "Form supplied non-whitelisted attrs #{errors}"
+      end
+
+      @model
+    end
+
+    def save!
+      model.save!
+      records_to_save.each(&:save!)
+    end
+
+    private
+
+    def default_top_level_name_from(controller)
+      if controller.class.to_s =~ /(\w+)Controller/
+        $1.singularize.downcase.to_sym
+      end
+    end
+
+    def root_populator_args
+      root_populator_args = {
+        :model            => model,
+        :attrs            => params_for_current_scope(attrs.values.first),
+        :association_name => attrs.keys.first
+      }.tap do |r|
+        if attr_whitelist.present? && controller.respond_to?(:populate_individual_record)
+          fail ArgumentError, "Expected either controller to respond_to #populate_individual_record or :whitelisted_attrs but not both"
+        elsif controller.respond_to?(:populate_individual_record)
+          r[:data_mapper] = controller
+        elsif attr_whitelist
+          r[:attr_whitelist] = attr_whitelist
+        end
+      end
+    end
+
+    def find_associated_model(attrs, args = {})
+      case args[:with_macro]
+      when :has_many
+        args[:on_association].find(attrs[:id])
+      when :has_one
+        args[:on_model].send(args[:for_association_name])
+      end
+    end
+
+    def find_or_create_root_model
+      model_class = top_level_name.to_s.camelize.constantize
+      root_object_id = attrs.values.first[:id]
+      if root_object_id
+        model_class.send(:find, root_object_id)
+      else
+        model_class.new
+      end
+    end
+
+    def create_populators_for(model, attributes)
+      attributes.each_with_object([]) do |key_value, association_populators|
+        next unless key_value[1].is_a?(Hash)
+
+        key, value       = key_value
+        macro            = macro_for_attribute_key(key)
+        associated_attrs =
+          case macro
+          when :has_many
+            value.values
+          when :has_one
+            [value]
+          end
+
+        associated_attrs.inject(association_populators) do |populators, record_attrs|
+          assoc_name = find_association_name_in(key)
+          current_scope_attrs = params_for_current_scope(record_attrs)
+
+          associated_model = find_or_initialize_associated_model(
+            current_scope_attrs,
+            :for_association_name => assoc_name,
+            :on_model             => model,
+            :with_macro           => macro
+          )
+
+          populator_class = "Redtape::Populator::#{macro.to_s.camelize}".constantize
+
+          populator_args = {
+            :model                => associated_model,
+            :association_name     => assoc_name,
+            :attrs                => current_scope_attrs,
+            :parent               => model
+          }
+          if controller.respond_to?(:populate_individual_record) && attr_whitelist.present?
+            fail ArgumentError, "Expected either controller to respond_to #populate_individual_record or :whitelisted_attrs but not both"
+          elsif controller.respond_to?(:populate_individual_record)
+            populator_args[:data_mapper] = controller
+          elsif attr_whitelist
+            populator_args[:attr_whitelist] = attr_whitelist
+          end
+
+          populators << populator_class.new(populator_args)
+          populators.concat(
+            create_populators_for(associated_model, record_attrs)
+          )
+        end
+      end
+    end
+
+    def find_or_initialize_associated_model(attrs, args = {})
+      association_name, macro, model = args.values_at(:for_association_name, :with_macro, :on_model)
+
+      association = model.send(association_name)
+      if attrs[:id]
+        find_associated_model(
+          attrs,
+          :on_model => model,
+          :with_macro => macro,
+          :on_association => association
+        ).tap do |record|
+          records_to_save << record
+        end
+      else
+        case macro
+        when :has_many
+          model.send(association_name).build
+        when :has_one
+          model.send("build_#{association_name}")
+        end
+      end
+    end
+
+    def macro_for_attribute_key(key)
+      association_name = find_association_name_in(key).to_sym
+      association_reflection = model.class.reflect_on_association(association_name)
+      association_reflection.macro
+    end
+
+
+    def params_for_current_scope(attrs)
+      attrs.dup.reject { |_, v| v.is_a? Hash }
+    end
+
+    ATTRIBUTES_KEY_REGEXP = /^(.+)_attributes$/
+
+    def has_many_association_attrs?(key)
+      key =~ ATTRIBUTES_KEY_REGEXP
+    end
+
+    def find_association_name_in(key)
+      ATTRIBUTES_KEY_REGEXP.match(key)[1]
+    end
+
+    def assert_inputs(args)
+      if args[:top_level_name] && args[:whitelisted_attrs].present?
+        fail ArgumentError, ":top_level_name is redundant as it is already present as the key in :whitelisted_attrs"
+      end
+    end
+  end
+end

data/lib/redtape/populator/abstract.rb

@@ -0,0 +1,65 @@
+module Redtape
+  module Populator
+    class Abstract
+      attr_reader :association_name, :model, :pending_attributes, :parent, :data_mapper, :attr_whitelist, :whitelist_failures
+
+      def initialize(args = {})
+        @model              = args[:model]
+        @association_name   = args[:association_name]
+        @pending_attributes = args[:attrs]
+        @parent             = args[:parent]
+        @data_mapper        = args[:data_mapper]
+        @attr_whitelist     = args[:attr_whitelist]
+        @whitelist_failures = []
+      end
+
+      def call
+        populate_model_attributes(model, pending_attributes)
+
+        if model.new_record?
+          assign_to_parent
+        end
+      end
+
+      protected
+
+      def assign_to_parent
+        fail NotImplementedError, "You have to implement this in your subclass"
+      end
+
+      private
+
+      def populate_model_attributes(model, attributes)
+        msg_target =
+          if data_mapper && data_mapper.respond_to?(:populate_individual_record)
+            data_mapper
+          else
+            self
+          end
+        msg_target.send(
+          :populate_individual_record,
+          model,
+          attributes
+        )
+      end
+
+      def populate_individual_record(record, attrs)
+        assert_against_whitelisted(attrs.keys)
+
+        # #merge! didn't work here....
+        record.attributes = record.attributes.merge(attrs)
+      end
+
+      def assert_against_whitelisted(attrs)
+        return unless attr_whitelist.present?
+        return if model.new_record?
+
+        attrs.each do |a|
+          unless attr_whitelist.allows?(:association_name => association_name, :attr => a)
+            whitelist_failures << %{"#{association_name}##{a}"}
+          end
+        end
+      end
+    end
+  end
+end

data/lib/redtape/populator/has_many.rb

@@ -0,0 +1,9 @@
+module Redtape
+  module Populator
+    class HasMany < Abstract
+      def assign_to_parent
+        parent.send(association_name).send("<<", model)
+      end
+    end
+  end
+end

data/lib/redtape/populator/has_one.rb

@@ -0,0 +1,10 @@
+module Redtape
+  module Populator
+    class HasOne < Abstract
+      def assign_to_parent
+        parent.send("#{association_name}=", model)
+      end
+    end
+  end
+end
+

data/lib/redtape/populator/root.rb

@@ -0,0 +1,9 @@
+module Redtape
+  module Populator
+    class Root < Abstract
+      def assign_to_parent
+        # no-op
+      end
+    end
+  end
+end

data/lib/redtape/version.rb

@@ -0,0 +1,3 @@
+module Redtape
+  VERSION = "1.0.1"
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: redtape
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.0.1
   prerelease: 
 platform: ruby
 authors:
@@ -130,6 +130,13 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/redtape/attribute_whitelist.rb
+- lib/redtape/model_factory.rb
+- lib/redtape/populator/abstract.rb
+- lib/redtape/populator/has_many.rb
+- lib/redtape/populator/has_one.rb
+- lib/redtape/populator/root.rb
+- lib/redtape/version.rb
 - lib/redtape.rb
 homepage: http://github.com/ClearFit/redtape
 licenses: []
@@ -145,7 +152,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2628988932070424880
+      hash: 4035707631943862781
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -154,7 +161,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2628988932070424880
+      hash: 4035707631943862781
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24