restful_json 3.4.2 → 4.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/README.md +656 -453
- data/Rakefile +1 -1
- data/lib/restful_json.rb +0 -4
- data/lib/restful_json/config.rb +58 -14
- data/lib/restful_json/controller.rb +132 -67
- data/lib/restful_json/default_controller.rb +9 -1
- data/lib/restful_json/version.rb +1 -1
- metadata +2 -48
- data/lib/restful_json/base_controller.rb +0 -13
- data/lib/restful_json/railtie.rb +0 -19
- data/lib/twinturbo/application_permitter.rb +0 -93
- data/lib/twinturbo/controller.rb +0 -43
@@ -1,3 +1,11 @@
|
|
1
|
+
# The Rails 3.x "would you like fries with that" module that includes:
|
2
|
+
# * ActionController::Serialization
|
3
|
+
# * ActionController::StrongParameters
|
4
|
+
# * ActionController::Permittance
|
5
|
+
# * RestfulJson::Controller
|
6
|
+
#
|
7
|
+
# Instead of using this, please consider implementing your own module to include these modules so you have more control over it.
|
8
|
+
# And in Rails 4+, don't use this, because ActionController::StrongParameters might already be included.
|
1
9
|
module RestfulJson
|
2
10
|
module DefaultController
|
3
11
|
extend ::ActiveSupport::Concern
|
@@ -5,7 +13,7 @@ module RestfulJson
|
|
5
13
|
included do
|
6
14
|
include ::ActionController::Serialization
|
7
15
|
include ::ActionController::StrongParameters
|
8
|
-
include ::
|
16
|
+
include ::ActionController::Permittance
|
9
17
|
include ::RestfulJson::Controller
|
10
18
|
end
|
11
19
|
end
|
data/lib/restful_json/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: restful_json
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 4.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Gary S. Weaver
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-04-
|
12
|
+
date: 2013-04-29 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activesupport
|
@@ -25,48 +25,6 @@ dependencies:
|
|
25
25
|
- - ! '>='
|
26
26
|
- !ruby/object:Gem::Version
|
27
27
|
version: 3.1.0
|
28
|
-
- !ruby/object:Gem::Dependency
|
29
|
-
name: bundler
|
30
|
-
requirement: !ruby/object:Gem::Requirement
|
31
|
-
requirements:
|
32
|
-
- - ! '>='
|
33
|
-
- !ruby/object:Gem::Version
|
34
|
-
version: 1.2.2
|
35
|
-
type: :development
|
36
|
-
prerelease: false
|
37
|
-
version_requirements: !ruby/object:Gem::Requirement
|
38
|
-
requirements:
|
39
|
-
- - ! '>='
|
40
|
-
- !ruby/object:Gem::Version
|
41
|
-
version: 1.2.2
|
42
|
-
- !ruby/object:Gem::Dependency
|
43
|
-
name: appraisal
|
44
|
-
requirement: !ruby/object:Gem::Requirement
|
45
|
-
requirements:
|
46
|
-
- - ! '>='
|
47
|
-
- !ruby/object:Gem::Version
|
48
|
-
version: '0'
|
49
|
-
type: :development
|
50
|
-
prerelease: false
|
51
|
-
version_requirements: !ruby/object:Gem::Requirement
|
52
|
-
requirements:
|
53
|
-
- - ! '>='
|
54
|
-
- !ruby/object:Gem::Version
|
55
|
-
version: '0'
|
56
|
-
- !ruby/object:Gem::Dependency
|
57
|
-
name: simplecov
|
58
|
-
requirement: !ruby/object:Gem::Requirement
|
59
|
-
requirements:
|
60
|
-
- - ! '>='
|
61
|
-
- !ruby/object:Gem::Version
|
62
|
-
version: '0'
|
63
|
-
type: :development
|
64
|
-
prerelease: false
|
65
|
-
version_requirements: !ruby/object:Gem::Requirement
|
66
|
-
requirements:
|
67
|
-
- - ! '>='
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '0'
|
70
28
|
description: Develop declarative, featureful JSON RESTful-ish service controllers
|
71
29
|
to use with modern Javascript MVC frameworks like AngularJS, Ember, etc. with much
|
72
30
|
less code.
|
@@ -76,15 +34,11 @@ executables: []
|
|
76
34
|
extensions: []
|
77
35
|
extra_rdoc_files: []
|
78
36
|
files:
|
79
|
-
- lib/restful_json/base_controller.rb
|
80
37
|
- lib/restful_json/config.rb
|
81
38
|
- lib/restful_json/controller.rb
|
82
39
|
- lib/restful_json/default_controller.rb
|
83
|
-
- lib/restful_json/railtie.rb
|
84
40
|
- lib/restful_json/version.rb
|
85
41
|
- lib/restful_json.rb
|
86
|
-
- lib/twinturbo/application_permitter.rb
|
87
|
-
- lib/twinturbo/controller.rb
|
88
42
|
- Rakefile
|
89
43
|
- README.md
|
90
44
|
homepage: https://github.com/rubyservices/restful_json
|
@@ -1,13 +0,0 @@
|
|
1
|
-
module RestfulJson
|
2
|
-
module BaseController
|
3
|
-
extend ::ActiveSupport::Concern
|
4
|
-
|
5
|
-
module ClassMethods
|
6
|
-
# <b>DEPRECATED:</b> Please use <tt>include RestfulJson::DefaultController</tt> instead.
|
7
|
-
def acts_as_restful_json
|
8
|
-
warn "[DEPRECATION] `acts_as_restful_json` is deprecated. Please use `include RestfulJson::DefaultController` or see documentation."
|
9
|
-
include ::RestfulJson::DefaultController
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
data/lib/restful_json/railtie.rb
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
require 'restful_json'
|
2
|
-
|
3
|
-
module RestfulJson
|
4
|
-
class Railtie < ::Rails::Railtie
|
5
|
-
initializer "restful_json.action_controller" do
|
6
|
-
# provide deprecated acts_as_restful_json method on controller
|
7
|
-
ActiveSupport.on_load(:action_controller) do
|
8
|
-
include ::RestfulJson::BaseController
|
9
|
-
end
|
10
|
-
end
|
11
|
-
|
12
|
-
#TODO: split permitters out into their own gem, and then can always add to autoload path if gem loaded
|
13
|
-
initializer "restful_json.autoload_paths", after: :load_config_initializers do
|
14
|
-
if RestfulJson.use_permitters
|
15
|
-
ActiveSupport::Dependencies.autoload_paths << "#{Rails.root}/app/permitters" unless ActiveSupport::Dependencies.autoload_paths.include?("#{Rails.root}/app/permitters")
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,93 +0,0 @@
|
|
1
|
-
# from Adam Hawkins's gist:
|
2
|
-
# https://gist.github.com/3150306
|
3
|
-
# http://www.broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/
|
4
|
-
class ApplicationPermitter
|
5
|
-
class PermittedAttribute < Struct.new(:name, :options) ; end
|
6
|
-
|
7
|
-
delegate :authorize!, :to => :ability
|
8
|
-
class_attribute :permitted_attributes
|
9
|
-
self.permitted_attributes = []
|
10
|
-
|
11
|
-
class << self
|
12
|
-
def permit(*args)
|
13
|
-
options = args.extract_options!
|
14
|
-
|
15
|
-
args.each do |name|
|
16
|
-
self.permitted_attributes += [PermittedAttribute.new(name, options)]
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
def scope(name)
|
21
|
-
with_options :scope => name do |nested|
|
22
|
-
yield nested
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
def initialize(params, user, ability = nil)
|
28
|
-
@params, @user, @ability = params, user, ability
|
29
|
-
end
|
30
|
-
|
31
|
-
def permitted_params
|
32
|
-
authorize_params!
|
33
|
-
filtered_params
|
34
|
-
end
|
35
|
-
|
36
|
-
def resource_name
|
37
|
-
self.class.to_s.match(/(.+)Permitter/)[1].underscore.to_sym
|
38
|
-
end
|
39
|
-
|
40
|
-
|
41
|
-
private
|
42
|
-
|
43
|
-
def authorize_params!
|
44
|
-
needing_authorization = permitted_attributes.select { |a| a.options[:authorize] }
|
45
|
-
|
46
|
-
needing_authorization.each do |attribute|
|
47
|
-
if attribute.options[:scope]
|
48
|
-
values = Array.wrap(filtered_params[attribute.options[:scope]]).collect do |hash|
|
49
|
-
hash[attribute.name]
|
50
|
-
end.compact
|
51
|
-
else
|
52
|
-
values = Array.wrap filtered_params[attribute.name]
|
53
|
-
end
|
54
|
-
|
55
|
-
klass = (attribute.options[:as].try(:to_s) || attribute.name.to_s.split(/(.+)_ids?/)[1]).classify.constantize
|
56
|
-
|
57
|
-
values.each do |record_id|
|
58
|
-
record = klass.find record_id
|
59
|
-
permission = attribute.options[:authorize].to_sym || :read
|
60
|
-
authorize! permission, record
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
def filtered_params
|
66
|
-
scopes = {}
|
67
|
-
unscoped_attributes = []
|
68
|
-
|
69
|
-
permitted_attributes.each do |attribute|
|
70
|
-
if attribute.options[:scope]
|
71
|
-
key = attribute.options[:scope]
|
72
|
-
scopes[key] ||= []
|
73
|
-
scopes[key] << attribute.name
|
74
|
-
else
|
75
|
-
unscoped_attributes << attribute.name
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
@filtered_params ||= params.require(resource_name).permit(*unscoped_attributes, scopes)
|
80
|
-
end
|
81
|
-
|
82
|
-
def params
|
83
|
-
@params
|
84
|
-
end
|
85
|
-
|
86
|
-
def user
|
87
|
-
@user
|
88
|
-
end
|
89
|
-
|
90
|
-
def ability
|
91
|
-
@ability ||= Ability.new user
|
92
|
-
end
|
93
|
-
end
|
data/lib/twinturbo/controller.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
module TwinTurbo
|
2
|
-
module Controller
|
3
|
-
|
4
|
-
# modded from Adam Hawkins's original post:
|
5
|
-
# http://www.broadcastingadam.com/2012/07/parameter_authorization_in_rails_apis/
|
6
|
-
# with modification to only try to call permitted params if is a permitter
|
7
|
-
|
8
|
-
def permitted_params
|
9
|
-
#TODO: provide way of producing error if params invalid (not as simple as not rescuing- need to rework permitters)
|
10
|
-
@permitted_params ||= safe_permitted_params
|
11
|
-
end
|
12
|
-
|
13
|
-
def permitter
|
14
|
-
return unless permitter_class
|
15
|
-
|
16
|
-
@permitter ||= permitter_class.new params, current_user, current_ability
|
17
|
-
end
|
18
|
-
|
19
|
-
def permitter_class
|
20
|
-
# Try "The::Controller::Namespace::(singular name)Controller".contantize.
|
21
|
-
# If controller in a module, will fall back on "(singular name)Controller".contantize.
|
22
|
-
permitter_class_arr = ["#{self.class.to_s.match(/(.+)Controller/)[1].singularize}Permitter"]
|
23
|
-
if self.class.to_s['::']
|
24
|
-
permitter_class_arr << "#{self.class.to_s.match(/(.*?::)?(?<controller_name>.+)Controller/)[:controller_name].singularize}Permitter"
|
25
|
-
end
|
26
|
-
permitter_class_arr.each do |class_name|
|
27
|
-
begin
|
28
|
-
return class_name.constantize
|
29
|
-
rescue NameError
|
30
|
-
end
|
31
|
-
end
|
32
|
-
logger.debug "Could not find permitter: #{permitter_class_arr.collect{|c|c.to_s}.join(', ')}" if RestfulJson.debug?
|
33
|
-
nil
|
34
|
-
end
|
35
|
-
|
36
|
-
def safe_permitted_params
|
37
|
-
begin
|
38
|
-
permitter.send(:permitted_params)
|
39
|
-
rescue
|
40
|
-
end
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|