restrict 0.0.9 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c93762926e3f4b9df38b5ef6a4727a2137722b91
-  data.tar.gz: 9e40544b25b8bcf811a4de23cfa5ed3c26fce8d4
+SHA256:
+  metadata.gz: 40ecfe0fc4a56dfb106d72c936831d92ce4331d0082ead530c5eeaa47762dfcc
+  data.tar.gz: 6ae9d487ae24a4c36fb7a8483e04acb1b0ec249cd5d86039638d4279e5d79dd3
 SHA512:
-  metadata.gz: a5d3aebcad7634ed0e4f58b61feccbc2435499f5ba9dedfe38f9dbcc697f975d9b46abcf362e3cea32c78627c133a03744499903210533e03f066be903ebd72c
-  data.tar.gz: 48d33bb786b2bc5d62daa54d680bb373be4dfb8bcbbc9fff957e813b874c32da1157150898ad77ac03c9f6fe298236e3fee4a2bf36bb32082f86bf0f6298b1ce
+  metadata.gz: 5c7acadb64232f1b850265207d9288ab4c49bf7481cdf04a033dab7658983a8abfd463cb7c4a15a0d956b6d601dbf279930a0c137908431383d4c75c7a1f97ba
+  data.tar.gz: 3e518e19c2fa5a9eaf3ba0239baa0288b6904cc6082077cba046e36b5953ee8631586e58cdbd33cd2779a40c45fbfc8ab9c9c91a60b7d08b98ee9eff2d507c25

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+[0.1.0] - 2019-11-25
+  * Support controller inheritance
+
 [0.0.7] - 2014-08-25
   * Breaking change part 2: restrict without action names will now implicitly restrict all actions
   * :all_actions modifier is gone

data/README.md

@@ -58,6 +58,15 @@ Restrict.config.authentication_validation_method = :admin_session_exists?
 
 You may set the method that is used to figure out whether a user is signed in or not to whatever you like, however it's default is `:user_signed_in?` which is the most common (devise) method in use.
 
+### Inheritance
+
+A controller will respect all restrictions that are applied to its ancestors.
+
+You may implement a set of rules in a `BaseController` and refine them in subclasses later on.
+
+Please note: it is not possible yet to revert previously added restrictions, that means
+if a restriction on `show` is added in a class and another one in the subclass **BOTH** apply.
+
 ## Contributing
 
 You know how this works and bonus points for feature branches!

data/lib/restrict/already_restricted_error.rb

@@ -0,0 +1,4 @@
+module Restrict
+  class AlreadyRestrictedError < Error
+  end
+end

data/lib/restrict/rails/controller.rb

@@ -3,24 +3,43 @@ module Restrict
     module Controller
       extend ActiveSupport::Concern
 
-      included do
-        class_attribute :restrictions
+      def restrictions
+        inherited_restrictions + self.class.__send__(:restrict_restrictions)
+      end
+
+      def inherited_restrictions
+        self.class.ancestors.map do |ancestor|
+          if ancestor.instance_variable_get(:@restrict_gatekeeper_installed)
+            ancestor.__send__(:restrict_restrictions)
+          end
+        end.compact.flatten
       end
 
       module ClassMethods
         def restrict(*args)
           install_gatekeeper
-          self.restrictions ||= []
-          restrictions << Restrict::Restriction.new(*args)
+          restrict_restrictions << Restrict::Restriction.new(*args)
+        end
+
+        # Access the class instance variable. Do not mistake this method with
+        # the instance method `#restrictions` which is actually used to determine
+        # access and that respects inherited restrictions.
+        # Hence the `__` name.
+        private def restrict_restrictions
+          @restrictions ||= []
+        end
+
+        def inherited(subclass)
+          subclass.include Restrict::Rails::Controller
         end
 
         # This could happen in included block as well, but often you need
         # other before filters to happen before you actually check the
         # restrictions, so lets set it where it is used in the code as well.
         def install_gatekeeper
-          return if @gatekeeper_installed
+          return if @restrict_gatekeeper_installed
           before_action :invoke_gatekeeper
-          @gatekeeper_installed = true
+          @restrict_gatekeeper_installed = true
         end
       end
 

data/lib/restrict/rspec/matcher.rb

@@ -4,24 +4,23 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
     @given_controller = given_controller
 
     @restriction = given_controller.restrictions.find do |restriction|
-      restriction.applies_to?(given_action_name)
-    end
-
-    if @restriction
-      if @given_unless
-        @restriction.unless == @given_unless
-      else
-        true
+      if restriction.applies_to?(given_action_name) && matching_unless(restriction, @given_unless)
+        restriction
       end
-    else
-      false
     end
+
+    !!@restriction
   end
 
   chain :unless do |given_unless|
     @given_unless = given_unless
   end
 
+  def matching_unless(restriction, given_unless)
+    given_unless or return true
+    restriction.unless == given_unless
+  end
+
   failure_message do |actual|
     if @restriction && @given_unless
       "Expected restriction to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
@@ -38,7 +37,6 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
     end
   end
 
-  # :nocov:
   def description
     "Checks if a restriction for a given action is defined on the controller"
   end

data/lib/restrict/rspec/matcher_rspec2.rb

@@ -4,25 +4,24 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
     @given_controller = given_controller
 
     @restriction = given_controller.restrictions.find do |restriction|
-      restriction.applies_to?(given_action_name)
-    end
-
-    if @restriction
-      if @given_unless
-        @restriction.unless == @given_unless
-      else
-        true
+      if restriction.applies_to?(given_action_name) && matching_unless(restriction, @given_unless)
+        restriction
       end
-    else
-      false
     end
+
+    !!@restriction
   end
 
   chain :unless do |given_unless|
     @given_unless = given_unless
   end
 
-  failure_message_for_should do |actual|
+  def matching_unless(restriction, given_unless)
+    given_unless or return true
+    restriction.unless == given_unless
+  end
+
+  failure_message do |actual|
     if @restriction && @given_unless
       "Expected restriction to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
     else
@@ -30,7 +29,7 @@ RSpec::Matchers.define :have_restriction_on do |given_action_name|
     end
   end
 
-  failure_message_for_should_not do |actual|
+  failure_message_when_negated do |actual|
     if @given_unless
       "Expected restriction not to call #{@given_unless.inspect}, but calls #{@restriction.unless.inspect}"
     else

data/lib/restrict/version.rb

@@ -1,3 +1,3 @@
 module Restrict
-  VERSION = "0.0.9"
+  VERSION = "0.1.0"
 end

data/spec/lib/restrict/rails/controller_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe Restrict::Rails::Controller do
-
   let(:controller) { ExampleController.new }
 
   before do
@@ -34,4 +33,29 @@ describe Restrict::Rails::Controller do
     end
   end
 
+  describe 'in inherited mode' do
+    let(:base)       { ExampleController.new }
+    let(:controller) { InheritingController.new }
+    let(:child)      { BottomLineController.new }
+
+    before do
+      base.class.restrict       :show, unless: :level1?
+      controller.class.restrict :show, unless: :level2?
+      child.class.restrict      :show, unless: :level3?
+    end
+
+    it 'does not leak restrictions into superclass' do
+      expect(base).to have_restriction_on(:show).unless(:level1?)
+      expect(base).not_to have_restriction_on(:show).unless(:level2?)
+      expect(base).not_to have_restriction_on(:show).unless(:level3?)
+
+      expect(controller).to have_restriction_on(:show).unless(:level1?)
+      expect(controller).to have_restriction_on(:show).unless(:level2?)
+      expect(controller).not_to have_restriction_on(:show).unless(:level3?)
+
+      expect(child).to have_restriction_on(:show).unless(:level1?)
+      expect(child).to have_restriction_on(:show).unless(:level2?)
+      expect(child).to have_restriction_on(:show).unless(:level3?)
+    end
+  end
 end

data/spec/lib/restrict_spec.rb

@@ -1,7 +1,6 @@
 require 'spec_helper'
 
 describe Restrict do
-
   describe '#config' do
     it 'returns a configuration' do
       expect(Restrict.config).to be_a Restrict::Configuration
@@ -17,5 +16,4 @@ describe Restrict do
       expect(Restrict.config).to eq Restrict.config
     end
   end
-
 end

data/spec/spec_helper.rb

@@ -14,7 +14,9 @@ require 'restrict/rspec/shared_example'
 
 RSpec.configure do |config|
   config.after do
-    ExampleController.restrictions = []
+    ExampleController.__send__(:restrict_restrictions).clear
+    InheritingController.__send__(:restrict_restrictions).clear
+    BottomLineController.__send__(:restrict_restrictions).clear
   end
 end
 
@@ -45,3 +47,11 @@ class ExampleController < FakeController
     true
   end
 end
+
+class InheritingController < ExampleController
+  include Restrict::Rails::Controller
+end
+
+class BottomLineController < InheritingController
+  include Restrict::Rails::Controller
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: restrict
 version: !ruby/object:Gem::Version
-  version: 0.0.9
+  version: 0.1.0
 platform: ruby
 authors:
 - Johannes Opper
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-06-13 00:00:00.000000000 Z
+date: 2019-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -112,6 +112,7 @@ files:
 - Rakefile
 - lib/restrict.rb
 - lib/restrict/access_denied.rb
+- lib/restrict/already_restricted_error.rb
 - lib/restrict/configuration.rb
 - lib/restrict/error.rb
 - lib/restrict/gatekeeper.rb
@@ -150,8 +151,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
+rubygems_version: 3.0.6
 signing_key: 
 specification_version: 4
 summary: Simple access control dsl for controllers.