resource_allow_header 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 137762279a09a5f2e409e209f7d21a13fc7e6de0a25e0f0eb0ab008990cddfcf
-  data.tar.gz: 8b38a2caac86462ed31294fd4fe5dc6f6196d4da839b158435e76372809b8ffb
+  metadata.gz: a6042652fa336298bc96029b0df1bc7d05d56cec1bf1c8a0e089dc67b421e645
+  data.tar.gz: 91232dafecf7868df240c67d70605473bd7c0d2bb79e76a7999ee2eace780364
 SHA512:
-  metadata.gz: 9249deb003a4b6efd6087b5e1d499a8e3201efa4fbef0d9d4e8b34e3cd47a78d6b4868db4a7da5c38ad014232346260fe86ce77a03f9897d406ba1923b32daeb
-  data.tar.gz: 875e2f1c39afbbe8d7bd424bf36cee6ddf1dbe4c4359a3b2797009855cc9ef685cdfc2a2fd729386eb276d49a9e893b1e17f8fb3016f187617a861688a7e903c
+  metadata.gz: 1f57b4640784af39c27a9472611a64a83ac8eb62c4079d853c19f918146f45212b9c76ce987dc6af9a44e08cb8d8a540836f8ba8fb0cb2121965633965660f91
+  data.tar.gz: 02efeae0231548af6312a12fe46e807e21f2fd556bcc253ef111ed450dc814c2ba90c8cb668f6d62ad9e79a5b70945fa9c046bc0d27850b07acf5ed3b8c2cd2d

data/.idea/.rakeTasks

@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Settings><!--This file was automatically generated by Ruby plugin.
+You are allowed to: 
+1. Remove rake task
+2. Add existing rake tasks
+To add existing rake tasks automatically delete this file and reload the project.
+--><RakeGroup description="" fullCmd="" taksId="rake"><RakeTask description="Build resource_allow_header-0.2.0.gem into the pkg directory" fullCmd="build" taksId="build" /><RakeTask description="Remove any temporary products" fullCmd="clean" taksId="clean" /><RakeTask description="Remove any generated files" fullCmd="clobber" taksId="clobber" /><RakeTask description="Build and install resource_allow_header-0.2.0.gem into system gems" fullCmd="install" taksId="install" /><RakeGroup description="" fullCmd="" taksId="install"><RakeTask description="Build and install resource_allow_header-0.2.0.gem into system gems without network access" fullCmd="install:local" taksId="local" /></RakeGroup><RakeTask description="Create tag v0.2.0 and build and push resource_allow_header-0.2.0.gem to rubygems.org" fullCmd="release[remote]" taksId="release[remote]" /><RakeTask description="Run tests" fullCmd="test" taksId="test" /><RakeTask description="" fullCmd="default" taksId="default" /><RakeTask description="" fullCmd="release" taksId="release" /><RakeGroup description="" fullCmd="" taksId="release"><RakeTask description="" fullCmd="release:guard_clean" taksId="guard_clean" /><RakeTask description="" fullCmd="release:rubygem_push" taksId="rubygem_push" /><RakeTask description="" fullCmd="release:source_control_push" taksId="source_control_push" /></RakeGroup></RakeGroup></Settings>

data/.idea/resource_allow_header.iml

@@ -1,7 +1,26 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <module type="RUBY_MODULE" version="4">
   <component name="ModuleRunConfigurationManager">
-    <shared />
+    <shared>
+      <configuration default="false" name="test" type="RakeRunConfigurationType" factoryName="Rake">
+        <module name="resource_allow_header" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RUBY_ARGS" VALUE="" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="WORK DIR" VALUE="$MODULE_DIR$" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="SHOULD_USE_SDK" VALUE="false" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="ALTERN_SDK_NAME" VALUE="" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="myPassParentEnvs" VALUE="true" />
+        <EXTENSION ID="BundlerRunConfigurationExtension" bundleExecEnabled="true" />
+        <EXTENSION ID="JRubyRunConfigurationExtension" NailgunExecEnabled="false" />
+        <EXTENSION ID="RubyCoverageRunConfigurationExtension" track_test_folders="true" runner="rcov" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_NAME" VALUE="test" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_ARGS" VALUE="" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_ATTACHED_TEST_FRAMEWORKS" VALUE=":test_unit " />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_TRACE" VALUE="false" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_DRYRUN" VALUE="false" />
+        <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_PREREQS" VALUE="false" />
+        <method v="2" />
+      </configuration>
+    </shared>
   </component>
   <component name="NewModuleRootManager">
     <content url="file://$MODULE_DIR$" />
@@ -15,7 +34,6 @@
     <orderEntry type="library" scope="PROVIDED" name="concurrent-ruby (v1.1.4, ruby-2.5.3-p105) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="i18n (v1.5.3, ruby-2.5.3-p105) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="minitest (v5.11.3, ruby-2.5.3-p105) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rack (v2.0.6, ruby-2.5.3-p105) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rake (v10.5.0, ruby-2.5.3-p105) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="thread_safe (v0.3.6, ruby-2.5.3-p105) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="tzinfo (v1.2.5, ruby-2.5.3-p105) [gem]" level="application" />

data/.idea/runConfigurations/test.xml

@@ -0,0 +1,20 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="test" type="RakeRunConfigurationType" factoryName="Rake">
+    <module name="resource_allow_header" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RUBY_ARGS" VALUE="" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="WORK DIR" VALUE="$MODULE_DIR$" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="SHOULD_USE_SDK" VALUE="false" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="ALTERN_SDK_NAME" VALUE="" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="myPassParentEnvs" VALUE="true" />
+    <EXTENSION ID="BundlerRunConfigurationExtension" bundleExecEnabled="true" />
+    <EXTENSION ID="JRubyRunConfigurationExtension" NailgunExecEnabled="false" />
+    <EXTENSION ID="RubyCoverageRunConfigurationExtension" track_test_folders="true" runner="rcov" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_NAME" VALUE="test" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_ARGS" VALUE="" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_ATTACHED_TEST_FRAMEWORKS" VALUE=":test_unit " />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_TRACE" VALUE="false" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_DRYRUN" VALUE="false" />
+    <RAKE_RUN_CONFIG_SETTINGS_ID NAME="RAKE_TASK_OPTION_PREREQS" VALUE="false" />
+    <method v="2" />
+  </configuration>
+</component>

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## 0.3.0
+
+- Add tests
+- Change configuration to return self if not block was given
+- Change configuration to execute in context of self
+- Change `*_proc` to execute in context of self 
+
 ## 0.2.0
 
 - Add configuration via `ResourceAllowHeader.configure`

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    resource_allow_header (0.2.0)
+    resource_allow_header (0.3.0)
       activerecord (>= 4.0.0)
       activesupport (>= 4.0.0)
 

data/README.md

@@ -1,72 +1,106 @@
-# Resource Allow Header
-
-[![Build Status: master](https://travis-ci.com/XPBytes/resource_allow_header.svg)](https://travis-ci.com/XPBytes/resource_allow_header) 
-[![Gem Version](https://badge.fury.io/rb/resource_allow_header.svg)](https://badge.fury.io/rb/resource_allow_header)
-[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT)
-
-CanCan supported Allow Header for Rack responses
-
-## Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'resource_allow_header'
-```
-
-And then execute:
-
-    $ bundle
-
-Or install it yourself as:
-
-    $ gem install resource_allow_header
-
-## Usage
-
-In your controller use the `allow` class method to determine the value of the `Allow` header:
-```ruby
-require 'resource_allow_header'
-
-class BookController < ApiController
-  allow('HEAD', only: %i[show]) { @book }
-  allow('GET', only: %i[show]) { @book }
-  allow('POST', only: %i[create]) { Current.author.books.build }
-end
-```
-
-The allow method expects:
-- `http_method`: One of `HEAD`, `GET`, `POST`, `PUT`, `PATCH`, `DELETE`.
-- `ability_action` (optional): Automatically mapped from HTTP method and passed to `can?`
-- `**options`: passed to `before_action` (so only set these values on show: `only: :show`)
-- `&block`: the block that resolved the resource
-
-If no block has been given, the `@allow_resource` instance variable is used, or the `@resource` variable.
-
-The allow header is set as `after_action` callback, which allows your entire request to determine or set the
-values you'll be returning in the `&block` passed to `allow`. In other words: these blocks are lazy and
-executed in the context of your controller _instance_.
-
-### Configuration
-
-In an initializer you can set procs in order to change the default behaviour:
-
-```ruby
-ResourceAllowHeader.configure do |this|
-  this.implicit_resource_proc = proc { |controller| controller.resource }
-  this.can_proc = proc { |action, resource, controller| action == :whatever || controller.can?(action, resource) }
-end
-```
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can
-also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the
-version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version,
-push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at [XPBytes/resource_allow_header](https://github.com/XPBytes/resource_allow_header).
+# Resource Allow Header
+
+[![Build Status: master](https://travis-ci.com/XPBytes/resource_allow_header.svg)](https://travis-ci.com/XPBytes/resource_allow_header) 
+[![Gem Version](https://badge.fury.io/rb/resource_allow_header.svg)](https://badge.fury.io/rb/resource_allow_header)
+[![MIT license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT)
+
+Allow Header for Rack responses using CanCan(Can) or any other authorization framework
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'resource_allow_header'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install resource_allow_header
+    
+This relies on `before_action` and `after_action` to exist, which is normally the case for any controller using 
+`AbstractController` in their chain. `Metal` controllers might need to include `Metal::Callbacks`. 
+
+## Usage
+
+In your controller use the `allow` class method to determine the value of the `Allow` header:
+```ruby
+require 'resource_allow_header'
+
+class ApiController < ActionController::API
+  include ResourceAllowHeader
+end
+
+class BookController < ApiController
+  allow('HEAD', only: %i[show]) { @book }
+  allow('GET', only: %i[show]) { @book }
+  allow('POST', only: %i[create]) { Current.author.books.build }
+end
+```
+
+The allow method expects:
+- `http_method`: One of `HEAD`, `GET`, `POST`, `PUT`, `PATCH`, `DELETE`.
+- `ability_action` (optional): Automatically mapped from HTTP method and passed to `can?`
+- `**options`: passed to `before_action` (so only set these values on show: `only: :show`)
+- `&block`: the block that resolved the resource
+
+If no block has been given, the `@allow_resource` instance variable is used, or the `@resource` variable.
+
+The allow header is set as `after_action` callback, which allows your entire request to determine or set the
+values you'll be returning in the `&block` passed to `allow`. In other words: these blocks are lazy and
+executed in the context of your controller _instance_.
+
+### Sane defaults
+
+If your API is conforming to REST, you'll usually have the following:
+
+```ruby
+allow('HEAD') { @your_resource }
+allow('GET') { @your_resource }
+allow('POST', only: %i[create index]) { YourResource.new(authorized_context) }
+allow('PUT', only: %i[show update]) { @your_resource }
+allow('DESTROY', only: %i[show update]) { @your_resource }
+```
+
+This is the case because:
+- Your `index` path (collection) is the same as your `create` path
+- Your `show` path (resource) is the same as your `update` and `delete` path
+- You can call `HEAD` both on the collection (`index`) and resource (`show`)
+- You can call `GET` on both the collection (`index`) and resource (`show`)
+- You can call `POST` only on the collection (`index`) path
+- You can call `PUT` and `DESTROY` only on the resource (`show`) path
+
+If 
+
+### Configuration
+
+In an initializer you can set procs in order to change the default behaviour:
+
+```ruby
+ResourceAllowHeader.configure do
+  self.implicit_resource_proc = proc { |controller| controller.resource }
+  self.can_proc = proc { |action, resource, controller| action == :whatever || controller.can?(action, resource) }
+end
+```
+
+## Related
+
+- [`AuthorizedTransaction`](https://github.com/XPBytes/authorized_transaction): :closed_lock_with_key: Authorize an
+  activerecord transaction (or any other transaction) with cancan(can) or any other authorization framework
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can
+also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the
+version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version,
+push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at [XPBytes/resource_allow_header](https://github.com/XPBytes/resource_allow_header).

data/lib/resource_allow_header.rb

@@ -1,4 +1,5 @@
 require "resource_allow_header/version"
+
 require 'active_support/concern'
 require 'active_support/core_ext/module/attribute_accessors'
 
@@ -12,12 +13,12 @@ module ResourceAllowHeader
 
   mattr_accessor :implicit_resource_proc, :can_proc
 
-  def self.configure
-    yield self
+  def self.configure(&block)
+    block_given? ? instance_exec(self, &block) : self
   end
 
   included do
-    attr_accessor :allow_
+    attr_accessor :current_action_lazy_allows
     after_action :set_allow_header
 
     def set_allow_header
@@ -25,7 +26,7 @@ module ResourceAllowHeader
     end
 
     def compute_allow_header(resource: implicit_resource)
-      Hash(allow_).each_with_object([]) do |(method, allow), result|
+      Hash(current_action_lazy_allows).each_with_object([]) do |(method, allow), result|
         allowable_resource = allow[:resource]&.call || resource
         next unless allow?(allow[:action], allowable_resource)
         result << method
@@ -36,18 +37,21 @@ module ResourceAllowHeader
   class_methods do
     # noinspection RubyStringKeysInHashInspection
     HTTP_ABILITY_METHOD_MAP = {
-        'HEAD' => :show,
-        'GET' => :show,
-        'POST' => :create,
-        'PUT' => :update,
-        'PATCH' => :update,
-        'DELETE' => :destroy
+      'HEAD' => :show,
+      'GET' => :show,
+      'POST' => :create,
+      'PUT' => :update,
+      'PATCH' => :update,
+      'DELETE' => :destroy
     }.freeze
 
     def allow(http_method, ability_action = map_http_method_to_ability_action(http_method), **options, &block)
       before_action(**options) do
         allow_resource = block_given? && proc { instance_exec(&block) } || nil
-        self.allow_ = Hash(allow_).merge(http_method => { resource: allow_resource, action: ability_action })
+
+        self.current_action_lazy_allows = Hash(current_action_lazy_allows).merge(
+          http_method => { resource: allow_resource, action: ability_action }
+        )
       end
     end
 
@@ -56,17 +60,23 @@ module ResourceAllowHeader
     end
   end
 
-  private
-
-  def implicit_resource
-    implicit_resource_proc&.call(self) || @allow_resource || @resource
-  end
+  protected
 
   def allow?(action, resource)
     if can_proc.respond_to?(:call)
-      return can_proc(action, resource, self)
+      return instance_exec(action, resource, self, &can_proc)
+    end
+
+    can?(action, resource)
+  end
+
+  private
+
+  def implicit_resource
+    if implicit_resource_proc.respond_to?(:call)
+      return instance_exec(self, &implicit_resource_proc)
     end
 
-    can?(allow[:action], allow[:resource]&.call || resource)
+    @allow_resource || @resource
   end
 end

data/lib/resource_allow_header/version.rb

@@ -1,3 +1,3 @@
 module ResourceAllowHeader
-  VERSION = "0.2.0"
+  VERSION = '0.3.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: resource_allow_header
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Derk-Jan Karrenbeld
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-02-14 00:00:00.000000000 Z
+date: 2019-02-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -88,10 +88,12 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".idea/.rakeTasks"
 - ".idea/inspectionProfiles/Project_Default.xml"
 - ".idea/misc.xml"
 - ".idea/modules.xml"
 - ".idea/resource_allow_header.iml"
+- ".idea/runConfigurations/test.xml"
 - ".idea/vcs.xml"
 - ".travis.yml"
 - CHANGELOG.md