scoped_attr_accessible 0.1.0

data/.bundle/config

@@ -0,0 +1,2 @@
+--- 
+BUNDLE_DISABLE_SHARED_GEMS: "1"

data/.gitignore

@@ -0,0 +1 @@
+coverage

data/.rspec

@@ -0,0 +1,3 @@
+--colour
+--format=documentation
+--debug

data/.rvmrc

@@ -0,0 +1 @@
+rvm use @scopedattraccessible --create

data/Gemfile

@@ -0,0 +1,12 @@
+source 'http://rubygems.org/'
+
+gem 'activesupport', '~> 3.0.0'
+gem 'activemodel',   '~> 3.0.0'
+
+group :development do
+  gem 'rspec', '~> 2.0'
+  gem 'rr'
+  gem 'ruby-debug'
+  gem 'rcov'
+  gem 'ZenTest', :require => nil
+end

data/Gemfile.lock

@@ -0,0 +1,43 @@
+GEM
+  remote: http://rubygems.org/
+  specs:
+    ZenTest (4.4.0)
+    activemodel (3.0.0)
+      activesupport (= 3.0.0)
+      builder (~> 2.1.2)
+      i18n (~> 0.4.1)
+    activesupport (3.0.0)
+    builder (2.1.2)
+    columnize (0.3.1)
+    diff-lcs (1.1.2)
+    i18n (0.4.1)
+    linecache (0.43)
+    rcov (0.9.9)
+    rr (1.0.0)
+    rspec (2.0.0)
+      rspec-core (= 2.0.0)
+      rspec-expectations (= 2.0.0)
+      rspec-mocks (= 2.0.0)
+    rspec-core (2.0.0)
+    rspec-expectations (2.0.0)
+      diff-lcs (>= 1.1.2)
+    rspec-mocks (2.0.0)
+      rspec-core (= 2.0.0)
+      rspec-expectations (= 2.0.0)
+    ruby-debug (0.10.3)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.3.0)
+    ruby-debug-base (0.10.3)
+      linecache (>= 0.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  ZenTest
+  activemodel (~> 3.0.0)
+  activesupport (~> 3.0.0)
+  rcov
+  rr
+  rspec (~> 2.0)
+  ruby-debug

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 The Frontier Group.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,150 @@
+# scoped\_attr\_accessible
+
+scoped\_attr\_accessible is a plugin that makes it easy to scope the `attr_accessible` and `attr_protected`
+methods on any library using ActiveModel's MassAssignmentSecurity module. For those unfamiliar with it,
+[read here](http://api.rubyonrails.org/classes/ActiveModel/MassAssignmentSecurity/ClassMethods.html#method-i-attr_accessible)
+to get a bit of back story about how it works in ActiveRecord - thanks to ActiveModel, you can
+now get the joy of scoped access restrictions across any ORM built on ActiveModel, including [mongoid](http://mongoid.org/)!
+
+## Installation ##
+
+
+To use, just add to any application using ActiveModel. In Rails 3, this is a simple job of adding:
+
+    gem 'scoped_attr_accessible'
+    
+To our Gemfile and running `bundle install`.
+
+## Usage
+
+With it enabled, your application should continue to work as usual with classic `attr_accessible` and `attr_protected`.
+When in use, you can simply pass the `:scope` option in your declaration to declare a scope in which it should be accessible.
+
+For example,
+
+    class User < ActiveRecord::Base
+    
+      # All attributes are accessible for the admin scope.
+      attr_accessible :all, :scope => :admin
+      
+      # The default scope can only access a and b.
+      attr_accessible :a, :b
+      
+      # Make both :c and :d accessible for owners and the default scope
+      attr_accessible :c, :d, :scope => [:owner, :default]
+      
+      # Also, it works the same with attr_protected!
+      attr_protected :n, :scope => :default
+    
+    end
+    
+If both `attr_accessible` and `attr_protected` are used on a given scope, attributes
+declared in `attr_protected` take precedence. Also, If `attr_accessible` isn't called for a scope
+at all, it will allow all variables except those marked as protected.
+
+When declaring the scopes in the accessible / protected part, please note that they need to
+be symbol names for simplicity's sake.
+
+### Setting the Scope
+
+Next, when you call methods that use mass assignment (e.g. `ActiveRecord::Base#attributes=`),
+it will use your current scope to sanitize mass-assigned variables. By default, with no
+user intervention this scope is simply `:default`.
+
+To set the scope, you can do so on a class an instance level with instance-level taking precedence.
+
+To set it on a class level, simply do:
+    
+    User.current_sanitizer_scope = :admin
+    # Or, dynamically:
+    User.current_sanitizer_scope = @user.role.name.to_sym
+    
+This will be set Thread local. Also note you can get the current class-level scope:
+
+    p User.current_sanitizer_scope # => nil by default
+    
+Or, temporarily switch it out, resetting it afterwards:
+
+    p User.current_sanitizer_scope
+    User.with_sanitizer_scope :admin do
+      p User.current_sanitizer_scope
+    end
+    p User.current_sanitizer_scope
+
+You can also declare this on the instance level, e.g:
+
+    user = User.find(params[:id])
+    user.current_sanitizer_scope = :admin
+    # Or, more complex:
+    user.current_sanitizer_scope = "something-else"
+    
+### Complex Scoping
+
+Although the scope on a given accessible / protected declaration must be a symbol,
+scoped\_attr\_accessible provides a way to deal with non-symbol scopes when assigning them - Namely,
+you can set the `current_sanitizer_scope` value on classes or instances to an
+arbitrary object and let scoped\_attr\_accessible dynamically convert it for you.
+
+This is done using two seperate processes - Recognizers and Converters, each run when a given
+scope is not a symbol.
+
+The first of these (and the highest priority) are recognizers - they are simply blocks you
+can declare (like below) that have a scope name and return a value denoting whether or not  they
+match. e.g:
+
+    # Reeopen the class
+    class User < ActiveRecord::Base
+      
+      sanitizer_scope_recognizer :admin do |record, scope_value|
+        scope_value.is_a?(User) && user.admin?
+      end
+      
+      sanitizer_scope_recognizer :owner do |record, scope_value|
+        scope_value.is_a?(User) && scope_value == record
+      end
+    
+    end
+    
+In this example, we could simply do:
+
+    user = User.find(params[:id])
+    user.current_sanitizer_scope = current_user
+    user.update_attributes params[:user]
+    
+And it would automatically set the scope to :owner / :admin when sanitizing the attributes.
+
+The second and more flexible option is scope convertors - they're given the same information (e.g.
+a record and scope value) and they are responsible for returning nil or a reduced form of the scope.
+If they return a reduced form (e.g. they may return their creating user, or a plain symbol) it is
+smart enough to reduce it until it does have a symbol.
+
+As an example, we could implement the following:
+
+    # Reeopen the class
+    class User < ActiveRecord::Base
+      
+      sanitizer_scope_converter do |record, scope_value|
+        return user.role.name.to_sym if scope_value.is_a?(User)
+        return scope_value.user if scope_value.is_a?(UserSession)
+      end
+    
+    end
+
+When combined, these all form a very flexible way to dynamically scope attribute accessible.
+
+## Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a future version unintentionally.
+* Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+## Contributors
+
+* Darcy Laycock
+* Mario Visic
+
+## Copyright
+
+Copyright (c) 2010 The Frontier Group. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,47 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name        = "scoped_attr_accessible"
+    gem.summary     = %Q{Scoping for attr_accessible and attr_protected on ActiveModel objects.}
+    gem.description = %Q{scoped_attr_accessible is a plugin that makes it easy to scope the `attr_accessible` and `attr_protected`
+    methods on any library using ActiveModel's MassAssignmentSecurity module.}
+    gem.email       = "team+darcy+mario@thefrontiergroup.com.au"
+    gem.homepage    = "http://github.com/thefrontiergroup/scoped_attr_accessible"
+    gem.authors     = ["Darcy Laycock", "Mario Visic"]
+    gem.add_dependency             "activemodel", "~> 3.0"
+    gem.add_development_dependency "rspec",       "~> 2.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+task :default => :spec
+
+desc "Run all specs in spec directory (excluding plugin specs)"
+RSpec::Core::RakeTask.new(:spec)
+
+namespace :spec do
+  desc "Run all specs with rcov"
+  RSpec::Core::RakeTask.new(:rcov) do |t|
+    t.rcov = true
+    t.pattern = "./spec/**/*_spec.rb"
+    t.rcov_opts = '--exclude spec/,/gems/,/Library/,/usr/,lib/tasks,.bundle,config,/lib/rspec/,/lib/rspec-'
+  end
+end
+
+
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "scoped_attr_accessible #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/autotest/discover.rb

@@ -0,0 +1,7 @@
+begin
+  require 'autotest/fsevent'
+  require 'autotest/growl'
+rescue LoadError
+end
+
+Autotest.add_discovery { "rspec2" }

data/lib/scoped_attr_accessible/active_model_mixin.rb

@@ -0,0 +1,109 @@
+require 'active_support/concern'
+require 'active_support/core_ext/class/inheritable_attributes'
+require 'active_support/core_ext/array/extract_options'
+
+module ScopedAttrAccessible
+  module ActiveModelMixin    
+    extend ActiveSupport::Concern
+    
+    
+    module IncludedHook
+      def included(base)
+        super
+        base.class_eval { include ActiveModelMixin }
+      end
+    end
+    
+    included do
+      extlib_inheritable_accessor :_scoped_attr_sanitizer
+    end
+    
+    module ClassMethods
+      
+      def attr_accessible(*args)
+        scopes    = scopes_from_args(args)
+        sanitizer = self.scoped_attr_sanitizer
+        args.each do |attribute|
+          scopes.each { |s| sanitizer.make_accessible attribute, s }
+        end
+        self._active_authorizer = sanitizer
+      end
+      
+      def attr_protected(*args)
+        scopes    = scopes_from_args(args)
+        sanitizer = self.scoped_attr_sanitizer
+        args.each do |attribute|
+          scopes.each { |s| sanitizer.make_protected attribute, s }
+        end
+        self._active_authorizer = sanitizer
+      end
+      
+      def scoped_attr_sanitizer
+        self._scoped_attr_sanitizer ||= ScopedAttrAccessible::Sanitizer.new
+      end
+      
+      def current_sanitizer_scope
+        Thread.current[current_sanitizer_scope_key]
+      end
+      
+      def current_sanitizer_scope=(value)
+        Thread.current[current_sanitizer_scope_key] = value
+      end
+      
+      def with_sanitizer_scope(scope_name)
+        old_scope = current_sanitizer_scope
+        self.current_sanitizer_scope = scope_name
+        yield if block_given?
+      ensure
+        self.current_sanitizer_scope = old_scope
+      end
+      
+      def sanitizer_scope_recognizer(name, &recognizer)
+        scoped_attr_sanitizer.define_recognizer(name, &recognizer)
+      end
+      
+      def sanitizer_scope_converter(&converter)
+        scoped_attr_sanitizer.define_converter(&converter)
+      end
+      
+      protected
+      
+      def current_sanitizer_scope_key
+        :"#{name}_sanitizer_scope"
+      end
+      
+      def scopes_from_args(args)
+        options = args.extract_options!
+        scope   = Array(options.delete(:scope)).map(&:to_sym)
+        scope  << :default if scope.empty?
+        args   << options unless options.empty?
+        scope
+      end
+      
+    end
+    
+    module InstanceMethods
+
+      def current_sanitizer_scope
+        @current_sanitizer_scope || self.class.current_sanitizer_scope || :default
+      end
+
+      def current_sanitizer_scope=(value)
+        @current_sanitizer_scope = value
+      end
+
+      protected
+
+      def sanitize_for_mass_assignment(attributes)
+        authorizer = self.mass_assignment_authorizer
+        if authorizer.respond_to?(:sanitize_with_scope)
+          authorizer.sanitize_with_scope attributes, current_sanitizer_scope, self
+        else
+          super
+        end
+      end
+
+    end
+    
+  end
+end

data/lib/scoped_attr_accessible/sanitizer.rb

@@ -0,0 +1,80 @@
+require 'set'
+
+module ScopedAttrAccessible
+  class Sanitizer
+    
+    def initialize
+      @accessible_attributes = Hash.new { |h,k| h[k] = Set.new }
+      @protected_attributes  = Hash.new { |h,k| h[k] = Set.new }
+      # Scope recognizers return a boolean, with a hash key
+      @scope_recognizers     = Hash.new { |h,k| h[k] = [] }
+      # Returns a scope symbol.
+      @scope_converters      = []
+    end
+    
+    # Looks up a scope name from the registered recognizers and then from the converters.
+    def normalize_scope(object, context)
+      return object if object.is_a?(Symbol)
+      # 1. Process recognizers, looking for a match.
+      @scope_recognizers.each_pair do |name, recognizers|
+        return name if recognizers.any? { |r| lambda(&r).call(context, object) }
+      end
+      # 2. Process converters, finding a result.
+      @scope_converters.each do |converter|
+        scope = lambda(&converter).call(context, object)
+        return normalize_scope(scope, converter) unless scope.nil?
+      end
+      # 3. Fall back to default
+      return :default
+    end
+    
+    def sanitize(attributes, context = Object.new)
+      sanitize_with_scope attributes, :default, context
+    end
+    
+    def sanitize_with_scope(attributes, scope, context)
+      scope = normalize_scope scope, context
+      attributes.reject { |k, v| deny? k, scope }
+    end
+    
+    def define_recognizer(scope, &blk)
+      @scope_recognizers[scope.to_sym] << blk
+    end
+    
+    def define_converter(&blk)
+      @scope_converters << blk
+    end
+    
+    def make_protected(attribute, scope = :default)
+      @protected_attributes[scope.to_sym] << attribute.to_s
+    end
+    
+    def make_accessible(attribute, scope = :default)
+      @accessible_attributes[scope.to_sym] << attribute.to_s
+    end
+    
+    def deny?(attribute, scope = :default)
+      !attribute_assignable_with_scope?(attribute, scope)
+    end
+    
+    def allow?(attribute, scope = :default)
+      attribute_assignable_with_scope?(attribute, scope)
+    end
+    
+    def attribute_assignable_with_scope?(attribute, scope)
+      attribute = attribute.to_s.gsub(/\(.+/, '')
+      scope     = scope.to_sym
+      scope_protected, scope_accessible = @protected_attributes[scope], @accessible_attributes[scope]
+      if scope_protected.include? attribute
+        return false
+      elsif scope_accessible.include?('all') || scope_accessible.include?(attribute)
+        return true
+      elsif !scope_accessible.empty?
+        return false
+      else
+        return true
+      end
+    end
+    
+  end
+end

data/lib/scoped_attr_accessible.rb

@@ -0,0 +1,15 @@
+require 'active_support/concern'
+
+module ScopedAttrAccessible
+  autoload :Sanitizer,        'scoped_attr_accessible/sanitizer'
+  autoload :ActiveModelMixin, 'scoped_attr_accessible/active_model_mixin'
+  
+  # Mixes the am mixin into ActiveModel's mass assignment helpers.
+  def self.mixin!
+    require 'active_model/mass_assignment_security'
+    ActiveModel::MassAssignmentSecurity.module_eval do
+      extend ScopedAttrAccessible::ActiveModelMixin::IncludedHook
+    end
+  end
+  
+end

data/spec/scoped_attr_accessible/active_model_mixin_spec.rb

@@ -0,0 +1,314 @@
+require 'spec_helper'
+
+describe ScopedAttrAccessible::ActiveModelMixin do
+  
+  before :all do
+    ScopedAttrAccessible.mixin!
+  end
+  
+  subject { Class.new { include ActiveModel::MassAssignmentSecurity } }
+  
+  let(:subject_instance) { subject.new }
+  
+  context 'attr_accessible overrides' do
+    
+    before :each do
+      @sanitizer = ScopedAttrAccessible::Sanitizer.new
+      stub(subject).scoped_attr_sanitizer { @sanitizer }
+    end
+    
+    it 'should call make_accessible' do
+      mock(@sanitizer).make_accessible(:a, :x)
+      subject.attr_accessible :a, :scope => :x
+    end
+    
+    it 'should default the scope' do
+      mock(@sanitizer).make_accessible(:a, :default)
+      subject.attr_accessible :a
+    end
+    
+    it 'should call it correctly when given multiple scopes' do
+      mock(@sanitizer).make_accessible(:a, :admin)
+      mock(@sanitizer).make_accessible(:a, :normal)
+      subject.attr_accessible :a, :scope => [:admin, :normal]
+    end
+    
+    it 'should call make_accessible for each attribute' do
+      mock(@sanitizer).make_accessible(:a, :default)
+      mock(@sanitizer).make_accessible(:b, :default)
+      subject.attr_accessible :a, :b
+    end
+    
+    it 'should set the active authorizer' do
+      subject._active_authorizer = nil
+      subject.attr_accessible :a, :b
+      subject._active_authorizer.should == @sanitizer
+    end
+    
+  end
+  
+  context 'attr_protected overrides' do
+    
+    before :each do
+      @sanitizer = ScopedAttrAccessible::Sanitizer.new
+      stub(subject).scoped_attr_sanitizer { @sanitizer }
+    end
+    
+    it 'should call make_protected' do
+      mock(@sanitizer).make_protected(:a, :x)
+      subject.attr_protected :a, :scope => :x
+    end
+    
+    it 'should default the scope' do
+      mock(@sanitizer).make_protected(:a, :default)
+      subject.attr_protected :a
+    end
+    
+    it 'should call it correctly when given multiple scopes' do
+      mock(@sanitizer).make_protected(:a, :admin)
+      mock(@sanitizer).make_protected(:a, :normal)
+      subject.attr_protected :a, :scope => [:admin, :normal]
+    end
+    
+    it 'should call make_protected for each attribute' do
+      mock(@sanitizer).make_protected(:a, :default)
+      mock(@sanitizer).make_protected(:b, :default)
+      subject.attr_protected :a, :b
+    end
+    
+    it 'should set the active authorizer' do
+      subject._active_authorizer = nil
+      subject.attr_protected :a, :b
+      subject._active_authorizer.should == @sanitizer
+    end
+    
+  end
+  
+  context 'getting the current sanitizer' do
+    
+    it 'should create a new sanitizer if not present' do
+      subject._scoped_attr_sanitizer = nil
+      @sanitizer = ScopedAttrAccessible::Sanitizer.new
+      mock(ScopedAttrAccessible::Sanitizer).new { @sanitizer }
+      subject.scoped_attr_sanitizer.should equal(@sanitizer)
+    end
+    
+    it 'should memoize the sanitizer' do
+      sanitizer = subject.scoped_attr_sanitizer
+      sanitizer_two = subject.scoped_attr_sanitizer
+      sanitizer.should equal(sanitizer)
+    end
+    
+  end
+  
+  context 'current sanitizer scope' do
+    
+    it 'should let you get the default sanitizer scope' do
+      subject.current_sanitizer_scope.should be_nil
+    end
+    
+    it 'should let you set the sanitizer scope' do
+      subject.current_sanitizer_scope = :a
+      subject.current_sanitizer_scope.should == :a
+      subject.current_sanitizer_scope = :b
+      subject.current_sanitizer_scope.should == :b
+    end
+    
+    it 'should let you temporary change the sanitizer scope' do
+      subject.current_sanitizer_scope = :before
+      inner_called = false
+      subject.with_sanitizer_scope :after do
+        inner_called = true
+        subject.current_sanitizer_scope.should == :after
+      end
+      inner_called.should be_true
+    end
+    
+    it 'should reset the scope after a temporary change' do
+      subject.current_sanitizer_scope = :before
+      inner_called = false
+      subject.with_sanitizer_scope :after do
+        inner_called = true
+      end
+      inner_called.should be_true
+      subject.current_sanitizer_scope.should == :before
+    end
+    
+  end
+  
+  context 'instance level scoping' do
+    
+    before :each do
+      subject.current_sanitizer_scope          = :class_level
+      subject_instance.current_sanitizer_scope = :instance_level
+    end
+    
+    it 'should use the instance scope if present' do
+      subject_instance.current_sanitizer_scope.should == :instance_level
+    end
+    
+    it 'should fallback to the class scope if the instance scope is not present' do
+      subject_instance.current_sanitizer_scope = nil
+      subject_instance.current_sanitizer_scope.should == :class_level
+    end
+    
+    it 'should fallback to default if no scope is set' do
+      subject_instance.current_sanitizer_scope = nil
+      subject.current_sanitizer_scope = nil
+      subject_instance.current_sanitizer_scope.should == :default
+    end
+
+    it 'should let you assign the instance level scope' do
+      subject_instance.current_sanitizer_scope = :after
+      subject_instance.current_sanitizer_scope.should == :after
+    end
+    
+  end
+  
+  context 'recognizers and converters' do
+    
+    before :each do
+      @sanitizer = ScopedAttrAccessible::Sanitizer.new
+      stub(subject).scoped_attr_sanitizer { @sanitizer }
+    end
+    
+    it 'should call the sanitizers methods when defining a converter' do
+      mock(@sanitizer).define_converter
+      subject.sanitizer_scope_converter {}
+    end
+    
+    it 'should call the sanitizers methods when defining a recognizer' do
+      mock(@sanitizer).define_recognizer(:admin)
+      subject.sanitizer_scope_recognizer(:admin) { }
+    end
+    
+  end
+  
+  context 'hooking into the process' do
+    
+    subject do
+      Class.new do
+        include ActiveModel::MassAssignmentSecurity
+        
+        attr_accessible :a, :b, :c
+        attr_accessible :a, :b, :c, :d, :scope => :owner
+        attr_accessible :all,           :scope => :admin
+        attr_protected :c, :d,          :scope => :guy_who_deletes_stuff
+        
+        def sanitized_keys_from(hash)
+          sanitize_for_mass_assignment(hash).keys
+        end
+      end
+    end
+    
+    let(:subject_instance) { subject.new }
+    
+    let :example_attributes do
+      {'a' => 'a', 'b' => 'c', 'c' => 'c', 'd' => 'd', 'e' => 'e'}
+    end
+    
+    it 'should return the correct attributes for the default scope' do
+      subject_instance.current_sanitizer_scope = nil
+      subject.current_sanitizer_scope          = nil
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c)
+    end
+    
+    it 'should return the correct attributes for the owner scope' do
+      subject_instance.current_sanitizer_scope = :owner
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c d)
+    end
+    
+    it 'should return the correct attributes for the admin scope' do
+      subject_instance.current_sanitizer_scope = :admin
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c d e)
+    end
+    
+    it 'should return the correct attributes for an unknown scope' do
+      subject_instance.current_sanitizer_scope = :unknown_scope
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c d e)
+    end
+    
+    it 'should return the correct attributes for the guy_who_deletes_stuff scope' do
+      subject_instance.current_sanitizer_scope = :guy_who_deletes_stuff
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b e)
+    end
+    
+  end
+  
+  context 'tying it all together' do
+    
+    subject do
+      Class.new do
+        include ActiveModel::MassAssignmentSecurity
+        
+        attr_accessible :a, :b, :c
+        attr_accessible :a, :b, :c, :d, :scope => :owner
+        attr_accessible :all,           :scope => :admin
+        attr_protected :c, :d,          :scope => :guy_who_deletes_stuff
+        
+        sanitizer_scope_recognizer :owner do |record, value|
+          value.is_a?(Numeric)
+        end
+        
+        sanitizer_scope_converter do |record, value|
+          return :admin if value == "hola"
+          return :guy_who_deletes_stuff if record.name == "Bob"
+        end
+        
+        attr_accessor :name
+        
+        def sanitized_keys_from(hash)
+          sanitize_for_mass_assignment(hash).keys
+        end
+      end
+    end
+    
+    let(:subject_instance) { subject.new }
+    
+    let :example_attributes do
+      {'a' => 'a', 'b' => 'c', 'c' => 'c', 'd' => 'd', 'e' => 'e'}
+    end
+    
+    before :each do
+      subject_instance.current_sanitizer_scope = nil
+      subject.current_sanitizer_scope          = nil
+
+    end
+    
+    it 'should return the correct attributes for the default scope' do
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c)
+    end
+    
+    it 'should return the correct attributes for the owner scope' do
+      subject_instance.current_sanitizer_scope = 12
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c d)
+    end
+    
+    it 'should return the correct attributes for the admin scope' do
+      subject_instance.current_sanitizer_scope = "hola"
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b c d e)
+    end
+    
+    it 'should return the correct attributes for the guy_who_deletes_stuff scope' do
+      subject_instance.name = "Bob"
+      subject_instance.current_sanitizer_scope = "trigger-it"
+      subject_instance.sanitized_keys_from(example_attributes).should == %w(a b e)
+      subject_instance.name = nil
+    end
+    
+    it 'should fallback if with a different sanitizer' do
+      klass = Class.new(subject)
+      klass._active_authorizer = nil
+      instance = klass.new
+      instance.sanitized_keys_from(example_attributes).should == %w(a b c d e)
+    end
+    
+    it 'should not overwrite children class sanitizers' do
+      klass = Class.new(subject)
+      klass.attr_accessible :e, :scope => :owner
+      subject.scoped_attr_sanitizer.sanitize_with_scope(example_attributes, :owner, nil).should only_have_attributes('a', 'b', 'c', 'd')
+    end
+    
+  end
+  
+end

data/spec/scoped_attr_accessible/sanitizer_spec.rb

@@ -0,0 +1,185 @@
+require 'spec_helper'
+
+describe ScopedAttrAccessible::Sanitizer do
+  
+  let :complex_sanitizer_one do
+    ScopedAttrAccessible::Sanitizer.new.tap do |s|
+      s.make_protected  :a, :default
+      s.make_protected  :b, :default
+      s.make_accessible :all, :default
+      s.make_protected  :a, :admin
+      s.make_accessible :all, :admin
+    end
+  end
+  
+  let :complex_sanitizer_two do
+    ScopedAttrAccessible::Sanitizer.new.tap do |s|
+      s.make_protected  :d, :admin
+      s.make_accessible :all, :admin
+      s.make_accessible :a, :default
+      s.make_accessible :b, :default
+    end
+  end
+  
+  let :example_attributes_one do
+    {:a => 'a', :b => 'c', :c => 'c', :d => 'd', :e => 'e'}
+  end
+  
+  let :example_attributes_two do
+    {'a' => 'a', 'b' => 'c', 'c' => 'c', 'd' => 'd'}
+  end
+  
+  context 'normalizing scopes' do
+    
+    subject { ScopedAttrAccessible::Sanitizer.new }
+    
+    before :each do
+      subject.define_recognizer :a do |context, object|
+        object.to_s == "a" || context == "test context a"
+      end
+      subject.define_recognizer :b do |context, object|
+        object.to_s == "b" || context == "test context b"
+      end
+      subject.define_converter do |context, object|
+        return :number  if object.is_a?(Numeric)
+        return :admin   if !object.nil? && %(admin darcy).include?(object)
+        return :awesome if context == "another test context"
+      end
+    end
+    
+    it 'should return the argument if passed a symbol' do
+      subject.normalize_scope(:a, nil).should == :a
+      subject.normalize_scope(:another, nil).should == :another
+    end
+    
+    it 'should let you provide optional context' do
+      subject.normalize_scope(nil, "test context a").should == :a
+      subject.normalize_scope(nil, "test context b").should == :b
+      subject.normalize_scope(nil, "another test context").should == :awesome
+    end
+    
+    it 'should use recognizers in an attempt to find a scope' do
+      subject.normalize_scope("a", nil).should == :a
+      subject.normalize_scope("b", nil).should == :b
+    end
+    
+    it 'should use converters in an attempt to find a scope' do
+      subject.normalize_scope(2, nil).should   == :number
+      subject.normalize_scope(3.0, nil).should == :number
+      subject.normalize_scope('admin', nil).should == :admin
+      subject.normalize_scope('darcy', nil).should == :admin
+    end
+    
+    it 'should return default when the item is unknown' do
+      subject.normalize_scope("unknown item here", nil).should == :default
+    end
+    
+  end
+  
+  context 'marking attributes availability' do
+    
+    def allow(*args)
+      be_allow(*args)
+    end
+    
+    let :empty_sanitizer do
+      ScopedAttrAccessible::Sanitizer.new
+    end
+    
+    let :accessible_sanitizer do
+      ScopedAttrAccessible::Sanitizer.new.tap do |s|
+        s.make_accessible :a, :default
+        s.make_accessible :b, :default
+        s.make_accessible :c, :admin
+      end
+    end
+    
+    let :protected_sanitizer do
+      ScopedAttrAccessible::Sanitizer.new.tap do |s|
+        s.make_protected :a, :default
+        s.make_protected :b, :default
+        s.make_protected :c, :admin
+      end
+    end
+        
+    it 'should return true by default an empty list' do
+      empty_sanitizer.should allow(:a)
+      empty_sanitizer.should allow(:b)
+      empty_sanitizer.should allow(:c)
+      empty_sanitizer.should allow(:d)
+      empty_sanitizer.should allow(:a, :admin)
+      empty_sanitizer.should allow(:b, :admin)
+      empty_sanitizer.should allow(:c, :admin)
+      empty_sanitizer.should allow(:d, :admin)
+    end
+    
+    it 'should return false by default with an unknown attribute and an accessible list' do
+      accessible_sanitizer.should_not allow(:d)
+      accessible_sanitizer.should_not allow(:d, :admin)
+      accessible_sanitizer.should_not allow(:c)
+      accessible_sanitizer.should_not allow(:a, :admin)
+      accessible_sanitizer.should_not allow(:b, :admin)
+    end
+    
+    it 'should return false when it is protected' do
+      protected_sanitizer.should_not allow(:a, :default)
+      protected_sanitizer.should_not allow(:b, :default)
+      protected_sanitizer.should_not allow(:c, :admin)
+    end
+    
+    it 'should work with a string' do
+      complex_sanitizer_two.should allow('a')
+      complex_sanitizer_two.should allow('b')
+      complex_sanitizer_two.should_not allow('d', :admin)
+      complex_sanitizer_two.should allow('a', :admin)
+    end
+    
+    it 'should return true if it is in the accessible' do
+      accessible_sanitizer.should allow(:a)
+      accessible_sanitizer.should allow(:b)
+      accessible_sanitizer.should allow(:c, :admin)
+      accessible_sanitizer.should_not allow(:d)
+      accessible_sanitizer.should_not allow(:d, :admin)
+    end
+    
+    it 'should return true if all are accessible' do
+      complex_sanitizer_one.should_not allow(:a)
+      complex_sanitizer_one.should_not allow(:b)
+      complex_sanitizer_one.should allow(:c)
+      complex_sanitizer_one.should allow(:d)
+      complex_sanitizer_one.should_not allow(:a, :admin)
+      complex_sanitizer_one.should allow(:b, :admin)
+      complex_sanitizer_one.should allow(:c, :admin)
+      complex_sanitizer_one.should allow(:d, :admin)
+    end
+    
+  end
+  
+  context 'sanitize_with_scope' do
+    
+    it 'should remove protected attributes' do
+      complex_sanitizer_one.sanitize_with_scope(example_attributes_one, :default,  nil).should only_have_attributes('c', 'd', 'e')
+      complex_sanitizer_one.sanitize_with_scope(example_attributes_one, :admin, nil).should    only_have_attributes('b', 'c', 'd', 'e')
+      complex_sanitizer_two.sanitize_with_scope(example_attributes_one, :default, nil).should  only_have_attributes('a', 'b')
+    end
+    
+  end
+  
+  context 'sanitize' do
+    
+    subject { ScopedAttrAccessible::Sanitizer.new }
+    
+    it 'should call with the default scope' do
+      mock(subject).sanitize_with_scope example_attributes_one, :default, anything
+      subject.sanitize example_attributes_one
+    end
+    
+    it 'should let you provide a context' do
+      my_context = 42
+      mock(subject).sanitize_with_scope example_attributes_one, :default, my_context
+      subject.sanitize example_attributes_one, my_context
+    end
+    
+  end
+  
+end 

data/spec/scoped_attr_accessible_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+require 'active_model'
+
+describe ScopedAttrAccessible do
+  
+  it 'should automatically mix it in when hijacked' do
+    ScopedAttrAccessible.mixin!
+    klass = Class.new { include ActiveModel::MassAssignmentSecurity }
+    klass.ancestors.include?(ActiveModel::MassAssignmentSecurity).should be_true
+    klass.ancestors.include?(ScopedAttrAccessible::ActiveModelMixin).should be_true
+    klass.should respond_to(:with_sanitizer_scope)
+    klass.new.should respond_to(:current_sanitizer_scope)
+  end
+  
+end

data/spec/spec_helper.rb

@@ -0,0 +1,16 @@
+ENV["RAILS_ENV"] ||= 'test'
+$LOAD_PATH.unshift Pathname(__FILE__).dirname.dirname.join("lib").to_s
+
+require 'bundler/setup'
+Bundler.setup
+Bundler.require :default, :development
+
+require 'scoped_attr_accessible'
+require 'rspec'
+
+Dir[Pathname(__FILE__).dirname.join("support/**/*.rb")].each { |f| require f }
+
+RSpec.configure do |config|
+  config.mock_with :rr
+  config.include   CustomMatchers
+end

data/spec/support/custom_matchers.rb

@@ -0,0 +1,26 @@
+module CustomMatchers
+  class OnlyHaveAttributesMatcher
+    
+    def initialize(*attrs)  
+      @attributes = attrs.map(&:to_s)
+    end  
+  
+    def matches?(target)  
+      @target_attributes = target.keys.map(&:to_s)
+      @target_attributes == @attributes
+    end  
+  
+    def failure_message_for_should  
+      "expected to only allow attributes #{@attributes.join(", ")}, allowed #{@target_attributes.join(", ")}"
+    end  
+  
+    def failure_message_for_should_not  
+      "expected to not only allow attributes #{@attributes.join(", ")}, allowed #{@target_attributes.join(", ")}"
+    end  
+    
+  end  
+  
+  def only_have_attributes(*attrs)  
+    OnlyHaveAttributesMatcher.new(*attrs)  
+  end  
+end

metadata

@@ -0,0 +1,122 @@
+--- !ruby/object:Gem::Specification 
+name: scoped_attr_accessible
+version: !ruby/object:Gem::Version 
+  hash: 27
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 0
+  version: 0.1.0
+platform: ruby
+authors: 
+- Darcy Laycock
+- Mario Visic
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-11 00:00:00 +08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: activemodel
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 3
+        - 0
+        version: "3.0"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 2
+        - 0
+        version: "2.0"
+  type: :development
+  version_requirements: *id002
+description: |-
+  scoped_attr_accessible is a plugin that makes it easy to scope the `attr_accessible` and `attr_protected`
+      methods on any library using ActiveModel's MassAssignmentSecurity module.
+email: team+darcy+mario@thefrontiergroup.com.au
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.md
+files: 
+- .bundle/config
+- .gitignore
+- .rspec
+- .rvmrc
+- Gemfile
+- Gemfile.lock
+- LICENSE
+- README.md
+- Rakefile
+- VERSION
+- autotest/discover.rb
+- lib/scoped_attr_accessible.rb
+- lib/scoped_attr_accessible/active_model_mixin.rb
+- lib/scoped_attr_accessible/sanitizer.rb
+- spec/scoped_attr_accessible/active_model_mixin_spec.rb
+- spec/scoped_attr_accessible/sanitizer_spec.rb
+- spec/scoped_attr_accessible_spec.rb
+- spec/spec_helper.rb
+- spec/support/custom_matchers.rb
+has_rdoc: true
+homepage: http://github.com/thefrontiergroup/scoped_attr_accessible
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Scoping for attr_accessible and attr_protected on ActiveModel objects.
+test_files: 
+- spec/scoped_attr_accessible/active_model_mixin_spec.rb
+- spec/scoped_attr_accessible/sanitizer_spec.rb
+- spec/scoped_attr_accessible_spec.rb
+- spec/spec_helper.rb
+- spec/support/custom_matchers.rb