sinatra_resource 0.1.0 → 0.2.0

data/lib/builder/helpers.rb

@@ -11,11 +11,13 @@ module SinatraResource
       #
       # @param [MongoMapper::Document] document
       #
+      # @param [Hash] resource_config
+      #
       # @return [Hash<String => Object>]
-      def build_resource(role, document)
+      def build_resource(role, document, resource_config)
         resource = {}
-        config[:properties].each_pair do |property, hash|
-          if authorized?(:read, role, property)
+        resource_config[:properties].each_pair do |property, hash|
+          if authorized?(:read, role, resource_config, property)
             resource[property.to_s] = value(property, document, hash)
           end
         end
@@ -29,10 +31,12 @@ module SinatraResource
       #
       # @param [String] api_key
       #
+      # @param [Hash] resource_config
+      #
       # @return [Array<Hash<String => Object>>]
-      def build_resources(documents)
+      def build_resources(documents, resource_config)
         documents.map do |document|
-          build_resource(lookup_role(document), document)
+          build_resource(lookup_role(document), document, resource_config)
         end
       end
 
@@ -44,10 +48,17 @@ module SinatraResource
       # @param [Symbol] role
       #   a role (such as :anonymous, :basic, or :admin)
       #
+      # @param [Hash] resource_config
+      #
+      # @param [Boolean] leaf
+      #   If a simple resource, should be true.
+      #   If a nested resource, are we at the 'end' (the leaf)?
+      #
       # @return [undefined]
-      def check_params(action, role)
+      def check_params(action, role, resource_config, leaf)
+        return unless leaf
         params_check_action(action)
-        params_check_action_and_role(action, role)
+        params_check_action_and_role(action, role, resource_config)
       end
 
       # Halt unless the current role has permission to carry out +action+
@@ -58,10 +69,12 @@ module SinatraResource
       # @param [Symbol] role
       #   a role (such as :anonymous, :basic, or :admin)
       #
+      # @param [Hash] resource_config
+      #
       # @return [undefined]
-      def check_permission(action, role)
-        before_authorization(action, role)
-        unless authorized?(action, role)
+      def check_permission(action, role, resource_config)
+        before_authorization(action, role, resource_config)
+        unless authorized?(action, role, resource_config)
           error 401, convert(body_for(:unauthorized))
         end
       end
@@ -85,12 +98,12 @@ module SinatraResource
       # @param [Object] object
       #
       # @return [String]
-      def display(action, object)
+      def display(action, object, resource_config)
         case action
         when :read
         when :create
           response.status = 201
-          path = config[:path] + %(/#{object["id"]})
+          path = resource_config[:path] + %(/#{object["id"]})
           response.headers['Location'] = full_uri(path)
         when :update
         when :delete
@@ -118,8 +131,8 @@ module SinatraResource
       # @param [String, nil] id
       #
       # @return [Symbol]
-      def get_role(id=nil)
-        lookup_role(id ? config[:model].find_by_id(id) : nil)
+      def get_role(model, id=nil)
+        lookup_role(id ? model.find_by_id(id) : nil)
       end
 
       # Return the minimum role required for +action+, and, if specified,
@@ -128,13 +141,17 @@ module SinatraResource
       # @param [Symbol] action
       #   :read, :create, :update, or :delete
       #
+      # @param [Hash] resource_config
+      #
+      # @param [Symbol, nil] property
+      #
       # @return [Symbol]
       #   a role (such as :anonymous, :basic, or :admin)
-      def minimum_role(action, property=nil)
+      def minimum_role(action, resource_config, property=nil)
         if property.nil?
-          config[:permission][to_read_or_modify(action)]
+          resource_config[:permission][to_read_or_modify(action)]
         else
-          config[:properties][property][to_r_or_w(action)]
+          resource_config[:properties][property][to_r_or_w(action)]
         end || :anonymous
       end
       
@@ -148,18 +165,20 @@ module SinatraResource
       # @param [Symbol] action
       #   :read, :create, :update, or :delete
       #
-      # @param [Symbol] property
+      # @param [Hash] resource_config
+      #
+      # @param [Symbol, nil] property
       #   a property of a resource
       #
       # @return [Boolean]
-      def authorized?(action, role, property=nil)
-        klass = config[:roles]
+      def authorized?(action, role, resource_config, property=nil)
+        klass = resource_config[:roles]
         klass.validate_role(role)
-        klass.satisfies?(role, minimum_role(action, property))
+        klass.satisfies?(role, minimum_role(action, resource_config, property))
       end
 
       # Application-level hook that runs as part of +check_permission+,
-      # before +authorized?(action, role)+ is called.
+      # before +authorized?(action, role, resource_config)+ is called.
       #
       # For example, an application might want to throw custom errors
       # in certain situations before +authorized?+ runs.
@@ -172,8 +191,10 @@ module SinatraResource
       # @param [Symbol] role
       #   a role (such as :anonymous, :basic, or :admin)
       #
+      # @param [Hash] resource_config
+      #
       # @return [String]
-      def before_authorization(action, role)
+      def before_authorization(action, role, resource_config)
         raise NotImplementedError
       end
 
@@ -201,7 +222,7 @@ module SinatraResource
         when :not_found
           ""
         when :unauthorized
-          ""
+          { "errors" => "unauthorized_api_key" }
         end
       end
 
@@ -221,6 +242,10 @@ module SinatraResource
       # @param [Symbol] action
       #   :read, :create, :update, or :delete
       #
+      # @param [Boolean] leaf
+      #   If a simple resource, should be true.
+      #   If a nested resource, are we at the 'end' (the leaf)?
+      #
       # @return [undefined]
       def params_check_action(action)
         case action
@@ -251,11 +276,13 @@ module SinatraResource
       # @param [Symbol] role
       #   a role (such as :anonymous, :basic, or :admin)
       #
+      # @param [Hash] resource_config
+      #
       # @return [undefined]
-      def params_check_action_and_role(action, role)
+      def params_check_action_and_role(action, role, resource_config)
         invalid = []
         params.each_pair do |property, value|
-          invalid << property if !authorized?(action, role, property.intern)
+          invalid << property if !authorized?(action, role, resource_config, property.intern)
         end
         unless invalid.empty?
           error 400, convert(body_for(:invalid_params, invalid))

data/lib/builder/mongo_helpers.rb

@@ -3,12 +3,29 @@ module SinatraResource
   class Builder
 
     module MongoHelpers
+
+
+      # Make sure that +parent+ document is related to the +child+ document
+      # by way of +association+. If not, return 404 Not Found.
+      #
+      # @param [MongoMapper::Document] parent
+      #
+      # @param [Symbol] association
+      #
+      # @param [String] child_id
+      #
+      # @return [MongoMapper::Document]
+      def check_related?(parent, association, child_id)
+        unless parent.send(association).find { |x| x.id == child_id }
+          error 404, convert(body_for(:not_found))
+        end
+      end
       
       # Create a document from params. If not valid, returns 400.
       #
       # @return [MongoMapper::Document]
-      def create_document!
-        document = config[:model].new(params)
+      def create_document!(model)
+        document = model.new(params)
         unless document.valid?
           error 400, convert(body_for(:invalid_document, document))
         end
@@ -23,8 +40,8 @@ module SinatraResource
       # @param [String] id
       #
       # @return [MongoMapper::Document]
-      def delete_document!(id)
-        document = find_document!(id)
+      def delete_document!(model, id)
+        document = find_document!(model, id)
         document.destroy
         document
       end
@@ -34,8 +51,8 @@ module SinatraResource
       # @param [String] id
       #
       # @return [MongoMapper::Document]
-      def find_document!(id)
-        document = config[:model].find_by_id(id)
+      def find_document!(model, id)
+        document = model.find_by_id(id)
         unless document
           error 404, convert(body_for(:not_found))
         end
@@ -48,15 +65,49 @@ module SinatraResource
       #   a class that includes MongoMapper::Document
       #
       # @return [Array<MongoMapper::Document>]
-      def find_documents!
-        config[:model].find(:all)
+      def find_documents!(model)
+        model.find(:all)
+      end
+      
+      # Delegates to application, who should use custom logic to related
+      # +parent+ and +child+.
+      #
+      # @param [MongoMapper::Document] parent
+      #
+      # @param [MongoMapper::Document] child
+      #
+      # @param [Hash] resource_config
+      #
+      # @return [MongoMapper::Document] child document
+      def make_related(parent, child, resource_config)
+        proc = resource_config[:relation][:create]
+        proc.call(parent, child) if proc
+        child
+      end
+      
+      # Select only the +children+ that are related to the +parent+ by
+      # way of the +association+.
+      #
+      # @param [MongoMapper::Document] parent
+      #
+      # @param [Symbol] association
+      #
+      # @param [Array<MongoMapper::Document>] children
+      #
+      # @return [MongoMapper::Document]
+      def select_related(parent, association, children)
+        children.select do |child|
+          parent.send(association).find { |x| x.id == child.id }
+        end
+        # TODO: this has O^2 complexity because of the nesting.
+        # I think it is reducible to O.
       end
 
       # Update a document with +id+ from params. If not valid, returns 400.
       #
       # @return [MongoMapper::Document]
-      def update_document!(id)
-        document = config[:model].update(id, params)
+      def update_document!(model, id)
+        document = model.update(id, params)
         unless document.valid?
           error 400, convert(body_for(:invalid_document, document))
         end

data/lib/builder.rb

@@ -3,7 +3,17 @@ module SinatraResource
   class Builder
     
     def initialize(klass)
-      @klass = klass
+      @klass  = klass
+
+      @resource_config   = @klass.resource_config
+      @child_association = @resource_config[:child_association]
+      @model             = @resource_config[:model]
+      @parent            = @resource_config[:parent]
+      @path              = @resource_config[:path]
+      if @parent
+        @parent_resource_config = @parent.resource_config
+        @parent_model           = @parent_resource_config[:model]
+      end
     end
     
     def build
@@ -16,64 +26,152 @@ module SinatraResource
     end
     
     def build_get_one
-      @klass.get '/:id/?' do
-        id = params.delete("id")
-        role = get_role(id)
-        check_permission(:read, role)
-        check_params(:read, role)
-        document = find_document!(id)
-        resource = build_resource(role, document)
-        display(:read, resource)
+      model           = @model
+      resource_config = @resource_config
+      if !@parent
+        @klass.get '/:id/?' do
+          id = params.delete("id")
+          role = get_role(model, id)
+          document = document_for_get_one(role, model, resource_config, true, id, nil, nil)
+          resource = build_resource(role, document, resource_config)
+          display(:read, resource, resource_config)
+        end
+      else
+        association            = @child_association
+        parent_model           = @parent_model
+        parent_resource_config = @parent_resource_config
+        path                   = @path
+        @parent.get "/:parent_id/#{path}/:id/?" do
+          id = params.delete("id")
+          parent_id = params.delete("parent_id")
+          parent_role = get_role(parent_model, parent_id)
+          parent_document = document_for_get_one(parent_role, parent_model, parent_resource_config, false, parent_id, nil, nil)
+          # ------
+          role = get_role(model, id)
+          document = document_for_get_one(role, model, resource_config, true, id, parent_document, association)
+          resource = build_resource(role, document, resource_config)
+          display(:read, resource, resource_config)
+        end
       end
     end
 
     def build_get_many
-      @klass.get '/?' do
-        role = get_role
-        check_permission(:read, role)
-        check_params(:read, role)
-        documents = find_documents!
-        resources = build_resources(documents)
-        display(:read, resources)
+      model           = @model
+      resource_config = @resource_config
+      if !@parent
+        @klass.get '/?' do
+          role = get_role(model)
+          documents = documents_for_get_many(role, model, resource_config, true, nil, nil)
+          resources = build_resources(documents, resource_config)
+          display(:read, resources, resource_config)
+        end
+      else
+        association            = @child_association
+        parent_model           = @parent_model
+        parent_resource_config = @parent_resource_config
+        path                   = @path
+        @parent.get "/:parent_id/#{path}/?" do
+          parent_id = params.delete("parent_id")
+          parent_role = get_role(parent_model, parent_id)
+          parent_document = document_for_get_one(parent_role, parent_model, parent_resource_config, false, parent_id, nil, nil)
+          # ------
+          role = get_role(model)
+          documents = documents_for_get_many(role, model, resource_config, true, parent_document, association)
+          resources = build_resources(documents, resource_config)
+          display(:read, resources, resource_config)
+        end
       end
     end
     
     def build_post
-      @klass.post '/?' do
-        role = get_role
-        check_permission(:create, role)
-        check_params(:create, role)
-        document = create_document!
-        resource = build_resource(role, document)
-        display(:create, resource)
+      model           = @model
+      resource_config = @resource_config
+      if !@parent
+        @klass.post '/?' do
+          role = get_role(model)
+          document = document_for_post(role, model, resource_config, true, nil, nil)
+          resource = build_resource(role, document, resource_config)
+          display(:create, resource, resource_config)
+        end
+      else
+        association            = @child_association
+        parent_model           = @parent_model
+        parent_resource_config = @parent_resource_config
+        path                   = @path
+        @parent.post "/:parent_id/#{path}/?" do
+          parent_id = params.delete("parent_id")
+          parent_role = get_role(parent_model, parent_id)
+          parent_document = document_for_get_one(parent_role, parent_model, parent_resource_config, false, parent_id, nil, nil)
+          # ------
+          role = get_role(model)
+          document = document_for_post(role, model, resource_config, true, parent_document, association)
+          resource = build_resource(role, document, resource_config)
+          display(:create, resource, resource_config)
+        end
       end
     end
     
     def build_put
-      @klass.put '/:id/?' do
-        id = params.delete("id")
-        role = get_role(id)
-        check_permission(:update, role)
-        check_params(:update, role)
-        document = update_document!(id)
-        resource = build_resource(role, document)
-        display(:update, resource)
+      model           = @model
+      resource_config = @resource_config
+      if !@parent
+        @klass.put '/:id/?' do
+          id = params.delete("id")
+          role = get_role(model, id)
+          document = document_for_put(role, model, resource_config, true, id, nil, nil)
+          resource = build_resource(role, document, resource_config)
+          display(:update, resource, resource_config)
+        end
+      else
+        association            = @child_association
+        parent_model           = @parent_model
+        parent_resource_config = @parent_resource_config
+        path                   = @path
+        @parent.put "/:parent_id/#{path}/:id/?" do
+          id = params.delete("id")
+          parent_id = params.delete("parent_id")
+          parent_role = get_role(parent_model, parent_id)
+          parent_document = document_for_get_one(parent_role, parent_model, parent_resource_config, false, parent_id, id, id)
+          # ------
+          role = get_role(model, id)
+          document = document_for_put(role, model, resource_config, true, id, parent_document, association)
+          resource = build_resource(role, document, resource_config)
+          display(:update, resource, resource_config)
+        end
       end
     end
     
     def build_delete
-      @klass.delete '/:id/?' do
-        id = params.delete("id")
-        role = get_role(id)
-        check_permission(:delete, role)
-        check_params(:delete, role)
-        delete_document!(id)
-        display(:delete, "")
+      model           = @model
+      resource_config = @resource_config
+      if !@parent
+        @klass.delete '/:id/?' do
+          id = params.delete("id")
+          role = get_role(model, id)
+          document_for_delete(role, model, resource_config, true, id, nil, nil)
+          display(:delete, "", resource_config)
+        end
+      else
+        association            = @child_association
+        parent_model           = @parent_model
+        parent_resource_config = @parent_resource_config
+        path                   = @path
+        @parent.delete "/:parent_id/#{path}/:id/?" do
+          id = params.delete("id")
+          parent_id = params.delete("parent_id")
+          parent_role = get_role(parent_model, parent_id)
+          parent_document = document_for_get_one(parent_role, parent_model, parent_resource_config, false, parent_id, nil, nil)
+          # ------
+          role = get_role(model, id)
+          document_for_delete(role, model, resource_config, true, id, parent_document, association)
+          display(:delete, "", resource_config)
+        end
       end
     end
     
     def build_helpers
       @klass.helpers do
+        include ActionDefinitions
         include Helpers
         include MongoHelpers
       end