sequel-privacy 0.5.4 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/sequel/plugins/privacy.rb +36 -17
  3. data/lib/sequel/privacy/version.rb +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 54198780e9744c541e3915d3ac5722ccb16b119a77729b5013b854e698604511
4
- data.tar.gz: 5219bec34c9542ce88f928bc39c1998586e6ed2c15637296dead03d958e12db1
3
+ metadata.gz: 7dd8660d0cc93e21c96080ba66f777e9b39f00ec7a5ca4f8fa211739a97dbe62
4
+ data.tar.gz: 85952e038e33a535adf8adaed566c08310e003f2540a406457029d678e889009
5
5
  SHA512:
6
- metadata.gz: 8673ccf1e4e6cb592299c9a930ee7ff779e0343e66753a245f71f4aa26d21906c486dc1435d55af53c1c8b09c8166f24fec2e8036ce3f962598df4d8a29cadf9
7
- data.tar.gz: 34bc11e989421e4cd7d5207fc531d7bcf17cf681c8b10c3104918c12d5d2a9eb8cdf68274dd64397c8b49ba51b6c59b3de4fd4ef73e8acbf06b1fdd671039cce
6
+ metadata.gz: 9276223bd19d31daaabbaa34076e15c6dce4ce2439daadc30bee5e021fc7a88571323ce213ab2840afbe533b53d73129625817177a44b7a178f1fc93b6f21c37
7
+ data.tar.gz: d6c2e72d8eea11c83b42be27a64dd5076e0e320a7d15efe7a6092ca543714203cf643ad14eee190b986eda570a331fca2b8d519126494ff35d5caef421f2fb9a
data/lib/sequel/plugins/privacy.rb CHANGED
@@ -148,17 +148,24 @@ module Sequel
148
148
  :@allow_unsafe_access => nil
149
149
  )
150
150
 
151
- # Allows the model to be accessed without a ViewerContext,
152
- # useful when you're migrating an existing codebase or adopting gradually.
153
- sig { void }
154
- def allow_unsafe_access!
151
+ # Allows the model to be accessed without a ViewerContext, useful when
152
+ # you're migrating an existing codebase or adopting gradually.
153
+ # You can prevent this from applying to certain fields or associations by
154
+ # passing `except:`.
155
+ sig { params(except: T::Array[Symbol]).void }
156
+ def allow_unsafe_access!(except: [])
155
157
  @allow_unsafe_access = T.let(true, T.nilable(T::Boolean))
158
+ @unsafe_access_except = T.let(except.map(&:to_sym), T.nilable(T::Array[Symbol]))
156
159
  Sequel::Privacy.logger&.warn("#{self} allows unsafe access - migrate to use for_vc()")
157
160
  end
158
161
 
159
- sig { returns(T::Boolean) }
160
- def allow_unsafe_access?
161
- @allow_unsafe_access == true
162
+ # Checks if the model or a field/association allows unsafe access.
163
+ sig { params(name: T.nilable(Symbol)).returns(T::Boolean) }
164
+ def allow_unsafe_access?(name = nil)
165
+ return false unless @allow_unsafe_access == true
166
+ return true if name.nil?
167
+
168
+ !(@unsafe_access_except || []).include?(name)
162
169
  end
163
170
 
164
171
  # Per-class thread-local key carrying the current VC during row
@@ -246,7 +253,7 @@ module Sequel
246
253
  vc = instance_variable_get(:@viewer_context)
247
254
 
248
255
  unless vc
249
- return original_method.bind(self).() if T.unsafe(self.class).allow_unsafe_access?
256
+ return original_method.bind(self).() if T.unsafe(self.class).allow_unsafe_access?(field)
250
257
 
251
258
  Kernel.raise Sequel::Privacy::MissingViewerContext,
252
259
  "#{self.class}##{field} requires a ViewerContext"
@@ -406,6 +413,12 @@ module Sequel
406
413
 
407
414
  define_method(name) do
408
415
  vc = instance_variable_get(:@viewer_context)
416
+
417
+ if vc.nil? && !T.unsafe(self.class).allow_unsafe_access?(name)
418
+ Kernel.raise Sequel::Privacy::MissingViewerContext,
419
+ "#{self.class}##{name} requires a ViewerContext"
420
+ end
421
+
409
422
  assoc_class ||= assoc_reflection.associated_class
410
423
 
411
424
  obj = if vc && assoc_class.respond_to?(:privacy_vc_key)
@@ -444,6 +457,12 @@ module Sequel
444
457
 
445
458
  define_method(name) do
446
459
  vc = instance_variable_get(:@viewer_context)
460
+
461
+ if vc.nil? && !T.unsafe(self.class).allow_unsafe_access?(name)
462
+ Kernel.raise Sequel::Privacy::MissingViewerContext,
463
+ "#{self.class}##{name} requires a ViewerContext"
464
+ end
465
+
447
466
  assoc_class ||= assoc_reflection.associated_class
448
467
 
449
468
  objs = if vc && assoc_class.respond_to?(:privacy_vc_key)
@@ -475,8 +494,8 @@ module Sequel
475
494
  end
476
495
  end
477
496
 
478
- sig { params(_assoc_name: Symbol, singular_name: Symbol, policies: T::Array[T.untyped]).void }
479
- def _wrap_association_add(_assoc_name, singular_name, policies)
497
+ sig { params(assoc_name: Symbol, singular_name: Symbol, policies: T::Array[T.untyped]).void }
498
+ def _wrap_association_add(assoc_name, singular_name, policies)
480
499
  method_name = :"add_#{singular_name}"
481
500
  original = instance_method(method_name)
482
501
 
@@ -484,7 +503,7 @@ module Sequel
484
503
  vc = instance_variable_get(:@viewer_context)
485
504
 
486
505
  unless vc
487
- return original.bind(self).(obj) if T.unsafe(self.class).allow_unsafe_access?
506
+ return original.bind(self).(obj) if T.unsafe(self.class).allow_unsafe_access?(assoc_name)
488
507
 
489
508
  Kernel.raise Sequel::Privacy::MissingViewerContext,
490
509
  "Cannot #{method_name} without a viewer context"
@@ -506,8 +525,8 @@ module Sequel
506
525
  end
507
526
  end
508
527
 
509
- sig { params(_assoc_name: Symbol, singular_name: Symbol, policies: T::Array[T.untyped]).void }
510
- def _wrap_association_remove(_assoc_name, singular_name, policies)
528
+ sig { params(assoc_name: Symbol, singular_name: Symbol, policies: T::Array[T.untyped]).void }
529
+ def _wrap_association_remove(assoc_name, singular_name, policies)
511
530
  method_name = :"remove_#{singular_name}"
512
531
  original = instance_method(method_name)
513
532
 
@@ -515,7 +534,7 @@ module Sequel
515
534
  vc = instance_variable_get(:@viewer_context)
516
535
 
517
536
  unless vc
518
- return original.bind(self).(obj) if T.unsafe(self.class).allow_unsafe_access?
537
+ return original.bind(self).(obj) if T.unsafe(self.class).allow_unsafe_access?(assoc_name)
519
538
 
520
539
  Kernel.raise Sequel::Privacy::MissingViewerContext,
521
540
  "Cannot #{method_name} without a viewer context"
@@ -537,8 +556,8 @@ module Sequel
537
556
  end
538
557
  end
539
558
 
540
- sig { params(_assoc_name: Symbol, plural_name: Symbol, policies: T::Array[T.untyped]).void }
541
- def _wrap_association_remove_all(_assoc_name, plural_name, policies)
559
+ sig { params(assoc_name: Symbol, plural_name: Symbol, policies: T::Array[T.untyped]).void }
560
+ def _wrap_association_remove_all(assoc_name, plural_name, policies)
542
561
  method_name = :"remove_all_#{plural_name}"
543
562
  original = instance_method(method_name)
544
563
 
@@ -546,7 +565,7 @@ module Sequel
546
565
  vc = instance_variable_get(:@viewer_context)
547
566
 
548
567
  unless vc
549
- return original.bind(self).() if T.unsafe(self.class).allow_unsafe_access?
568
+ return original.bind(self).() if T.unsafe(self.class).allow_unsafe_access?(assoc_name)
550
569
 
551
570
  Kernel.raise Sequel::Privacy::MissingViewerContext,
552
571
  "Cannot #{method_name} without a viewer context"
data/lib/sequel/privacy/version.rb CHANGED
@@ -3,6 +3,6 @@
3
3
 
4
4
  module Sequel
5
5
  module Privacy
6
- VERSION = '0.5.4'
6
+ VERSION = '0.5.5'
7
7
  end
8
8
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sequel-privacy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.4
4
+ version: 0.5.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Austin Bales