restaurant 0.0.2 → 0.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7fb21aa890ec7f4772dc2e12122ec1cc13ea5708
-  data.tar.gz: 71c730838eb22204bfc1f2118d742789daf5c76c
+  metadata.gz: 5d5122a098f9caa7cc338db255ba09004f7ccf66
+  data.tar.gz: c3d345db89308e5c3290712e9107a0ce5e72fd4c
 SHA512:
-  metadata.gz: 46a16736907c671d72bff370cdb9ac952a47b56fcde3bfc05f53eb76d0af9aca20f37026fbf902806a9f3b2a9a7559de3c4cea280f67f54a9d2b64cb7a69ad18
-  data.tar.gz: 8bf6d5ab874825e3af1c160845bc3949e8ef5b102b167729ea49ef87fac96e77e732db82604e7157f5c8f3c2f4b95d41a6d571964894b6f690face7e46dc3392
+  metadata.gz: faeea0c7030f4a52afde512659ed888b5535ed1abe9ca06c913b8b643ffe39074cb857ec0035e9bf9f8b77e0d94c2d5d5c45da7ae01ed9304c6a0f03b217a95a
+  data.tar.gz: 7b66d037c43da749f4829d55a80ef64282544580fe07902b9ee4cbbe99d7fca79d144632055453dceae2b26f5376a7e242f00ac940cc7708875e8d4cf9154ae1

data/README.md

@@ -1,72 +1,52 @@
 # Restaurant
-Restaurant serves RESTful API on Rails.
+Restaurant serves your data via auto-defined RESTful API on your rails application.
 
 ## Features
+* Auto-defined controllers
+* Auto-defined routes
+* SQL-like URI query
+* OAuth authentication
+* Scope based authorization
+ * restrict actions
+ * restrict attributes
+ * restrict filtering
+ * restrict sorting
+* RESTful APIs
+ * GET /:resources
+ * GET /:resources/:id
+ * POST /:resources
+ * PUT /:resources/:id
+ * DELETE /:resources/:id
 
-### No more controllers, No more routes
-Restaurant provides strict RESTful API implementation for your models.
-All controllers and routings will be auto-defined based on your config/restaurant.yml definition.
-No need to write any more app/controllers and config/routes.rb.
-All you have to do is write your models and authorization yaml file.
-
-```ruby
-# app/controllers/application_controller.rb
-class ApplicationController < ActionController::Base
-  include Restaurant::ControllerHelper
-end
-```
-
-```ruby
-# config/routes.rb
-Rails.application.routes.draw do
-  Restaurant::Router.route(self)
-end
-```
+## Auto-defined controllers and routes
+Controllers and routes are auto-defined from your config/restaurant.yml.
 
 ```yaml
 # config/restaurant.yml
-public:
-  recipes:
-    actions:
-      - index
-      - show
-  users:
-    actions:
-      - show
+public:         # User with "public" scope token
+  recipes:      #
+    actions:    #
+      - show    # can access to /recipes/:id
+    attributes: #
+      - title   # can read recipe.title
+admin:          # User with "admin" scope token
+  recipes:      #
+    actions:    #
+      - index   # can access to /recipes
+      - show    # can access to /recipes/:id
+    where:      #
+      - id      # can filter recipes by id
+      - title   # can filter recipes by title
+    order:      #
+      - id      # can sort recipes by id
+      - title   # can sort recipes by title
+    attributes: #
+      - id      # can read recipe.id
+      - title   # can read recipe.title
 ```
 
-### Authorization
-You can restrict users by their scopes, accessed actions, and used queries.
-
-* User with "public" scope token
- * can access /recipes/:id
-* User with "admin" scope token
- * can access /recipes/:id
- * can access /recipes
- * can filter recipes by id and title
- * can sort recipes by id and title
-
-```yaml
-# config/restaurant.yml
-public:
-  recipes:
-    actions:
-      - show
-admin:
-  recipes:
-    actions:
-      - index
-      - show
-    where:
-      - id
-      - title
-    order:
-      - id
-      - title
-```
-
-### SQL-like URI query
-Our restraunt serves SQL-like URI query system.
+## SQL-like URI query
+You can filter and sort resources by SQL-like URI query.
 
 ```ruby
 context "with where params" do
@@ -84,3 +64,29 @@ context "with where params" do
   end
 end
 ```
+
+## Install
+```ruby
+# Gemfile
+gem "restaurant"
+
+# app/controllers/application_controller.rb
+class ApplicationController < ActionController::Base
+  include Restaurant::ControllerHelper
+end
+
+# config/routes.rb
+Rails.application.routes.draw do
+  Restaurant::Router.route(self)
+end
+```
+
+```
+$ bundle install
+$ bundle exec rails g doorkeeper:install
+$ bundle exec rails g doorkeeper:migration
+$ bundle exec rake db:migrate
+```
+
+## More
+See [the example application](https://github.com/r7kamura/restaurant/tree/master/spec/dummy).

data/lib/restaurant.rb

@@ -3,10 +3,10 @@ require "restaurant/authorization"
 require "restaurant/config"
 require "restaurant/controller_helper"
 require "restaurant/controller_provider"
-require "restaurant/model_class_finder"
 require "restaurant/params_query_responder"
 require "restaurant/params_query_translator"
 require "restaurant/restful_actions"
+require "restaurant/role_provider"
 require "restaurant/router"
 require "restaurant/railtie"
 

data/lib/restaurant/authorization.rb

@@ -8,78 +8,6 @@ module Restaurant::Authorization
   private
 
   def require_authorization
-    head 403 unless has_authorization?
-  end
-
-  def has_authorization?
-    has_action_authorization? && has_query_authorization?
-  end
-
-  def has_action_authorization?
-    controllers_set.any? do |controllers|
-      if controller = controllers[controller_name]
-        controller["actions"].include?(action_name)
-      end
-    end
-  end
-
-  def has_query_authorization?
-    if has_not_allowed_where? || has_not_allowed_order?
-      false
-    else
-      true
-    end
-  end
-
-  def controllers_set
-    @controllers_set ||= Restaurant::Config.roles.inject([]) do |result, (role, controllers)|
-      result << controllers if doorkeeper_token.scopes.include?(role.to_sym)
-      result
-    end
-  end
-
-  def has_where_query?
-    params[:where]
-  end
-
-  def has_order_query?
-    params[:order]
-  end
-
-  def current_abilities
-    @current_abilities ||= controllers_set.inject([]) do |abilities, controllers|
-      abilities << controllers[controller_name] if controllers[controller_name]
-      abilities
-    end
-  end
-
-  def current_order_abilities
-    current_abilities.inject([]) do |columns, ability|
-      columns + (ability["order"] || [])
-    end
-  end
-
-  def current_where_abilities
-    current_abilities.inject([]) do |columns, ability|
-      columns + (ability["where"] || [])
-    end
-  end
-
-  def has_not_allowed_where?
-    has_where_query? && (where_queries - current_where_abilities).any?
-  end
-
-  def has_not_allowed_order?
-    has_order_query? && (order_queries - current_order_abilities).any?
-  end
-
-  def where_queries
-    params[:where].keys
-  end
-
-  def order_queries
-    Array.wrap(params[:order]).map do |column|
-      column.sub(/^-/, "")
-    end
+    head 403 unless current_role.has_authorization?
   end
 end

data/lib/restaurant/controller_helper.rb

@@ -4,10 +4,10 @@ module Restaurant::ControllerHelper
   included do
     use Rack::AcceptDefault
     include Restaurant::ControllerProvider
-    include Restaurant::ModelClassFinder
     include Restaurant::RestfulActions
     include Restaurant::Authentication
     include Restaurant::Authorization
+    include Restaurant::RoleProvider
     self.responder = Restaurant::ParamsQueryResponder
   end
 end

data/lib/restaurant/restful_actions.rb

@@ -1,15 +1,35 @@
 module Restaurant::RestfulActions
-  extend ActiveSupport::Concern
+  def index
+    respond_with model.scoped, :only => current_role.allowed_attributes
+  end
 
-  included do
-    include Restaurant::ModelClassFinder
+  def show
+    respond_with resource, :only => current_role.allowed_attributes
   end
 
-  def index
-    respond_with model_class.scoped
+  def create
+    respond_with model.create(model_param), :only => current_role.allowed_attributes
   end
 
-  def show
-    respond_with model_class.find(params[:id])
+  def update
+    respond_with resource.update_attributes(model_param)
+  end
+
+  def destroy
+    respond_with resource.delete
+  end
+
+  private
+
+  def model
+    self.class.name.sub(/Controller$/, "").singularize.constantize
+  end
+
+  def model_param
+    params[model.name.underscore]
+  end
+
+  def resource
+    model.find(params[:id])
   end
 end

data/lib/restaurant/role_provider.rb

@@ -0,0 +1,91 @@
+module Restaurant::RoleProvider
+  def current_role
+    @current_role ||= Role.new(self)
+  end
+
+  class Role
+    delegate(
+      :action_name,
+      :controller_name,
+      :doorkeeper_token,
+      :params,
+      :to => :controller
+    )
+
+    attr_reader :controller
+
+    def initialize(controller)
+      @controller = controller
+    end
+
+    def has_authorization?
+      has_action_authorization? && has_query_authorization?
+    end
+
+    def abilities
+      @abilities ||= Restaurant::Config.roles.map do |role, controllers|
+        if doorkeeper_token.scopes.include?(role.to_sym)
+          controllers[controller_name]
+        end
+      end.compact
+    end
+
+    def allowed_attributes
+      abilities.map {|ability| ability["attributes"] }.compact.inject(:|)
+    end
+
+    private
+
+    def has_action_authorization?
+      abilities.any? do |ability|
+        ability["actions"].include?(action_name)
+      end
+    end
+
+    def has_query_authorization?
+      if has_not_allowed_where? || has_not_allowed_order?
+        false
+      else
+        true
+      end
+    end
+
+    def has_where_query?
+      params[:where]
+    end
+
+    def has_order_query?
+      params[:order]
+    end
+
+    def order_abilities
+      abilities.inject([]) do |columns, ability|
+        columns + (ability["order"] || [])
+      end
+    end
+
+    def where_abilities
+      abilities.inject([]) do |columns, ability|
+        columns + (ability["where"] || [])
+      end
+    end
+
+    def has_not_allowed_where?
+      has_where_query? && (where_queries - where_abilities).any?
+    end
+
+    def has_not_allowed_order?
+      has_order_query? && (order_queries - order_abilities).any?
+    end
+
+    def where_queries
+      params[:where].keys
+    end
+
+    def order_queries
+      Array.wrap(params[:order]).map do |column|
+        column.sub(/^-/, "")
+      end
+    end
+  end
+end

data/lib/restaurant/version.rb

@@ -1,3 +1,3 @@
 module Restaurant
-  VERSION = "0.0.2"
+  VERSION = "0.0.3"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: restaurant
 version: !ruby/object:Gem::Version
-  version: 0.0.2
+  version: 0.0.3
 platform: ruby
 authors:
 - Ryo Nakamura
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-05-13 00:00:00.000000000 Z
+date: 2013-05-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -164,7 +164,8 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: Restaurant serves RESTful API on Rails
+description: Restraunt serves your data via auto-defined RESTful API on your rails
+  application.
 email:
 - r7kamura@gmail.com
 executables: []
@@ -176,11 +177,11 @@ files:
 - lib/restaurant/config.rb
 - lib/restaurant/controller_helper.rb
 - lib/restaurant/controller_provider.rb
-- lib/restaurant/model_class_finder.rb
 - lib/restaurant/params_query_responder.rb
 - lib/restaurant/params_query_translator.rb
 - lib/restaurant/railtie.rb
 - lib/restaurant/restful_actions.rb
+- lib/restaurant/role_provider.rb
 - lib/restaurant/router.rb
 - lib/restaurant/version.rb
 - lib/restaurant.rb
@@ -210,6 +211,6 @@ rubyforge_project:
 rubygems_version: 2.0.0
 signing_key: 
 specification_version: 4
-summary: Rails RESTful API server plugin
+summary: A rails plugin to auto-define RESTful API
 test_files: []
 has_rdoc: 

data/lib/restaurant/model_class_finder.rb

@@ -1,7 +0,0 @@
-module Restaurant::ModelClassFinder
-  private
-
-  def model_class
-    self.class.name.sub(/Controller$/, "").singularize.constantize
-  end
-end