sinatra_resource 0.4.21 → 0.4.22
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile +18 -0
- data/Gemfile.lock +51 -0
- data/README.mdown +1 -1
- data/VERSION +1 -1
- data/examples/datacatalog/.bundle/config +2 -0
- data/examples/datacatalog/Gemfile +14 -0
- data/examples/datacatalog/Gemfile.lock +33 -0
- data/examples/datacatalog/Rakefile +2 -2
- data/examples/datacatalog/app.rb +0 -2
- data/examples/datacatalog/config/config.rb +5 -7
- data/examples/datacatalog/lib/base.rb +2 -2
- data/examples/datacatalog/lib/resource.rb +5 -5
- data/examples/datacatalog/lib/roles.rb +2 -2
- data/examples/datacatalog/model_helpers/search.rb +6 -6
- data/examples/datacatalog/models/categorization.rb +1 -1
- data/examples/datacatalog/models/note.rb +1 -1
- data/examples/datacatalog/models/source.rb +3 -3
- data/examples/datacatalog/models/usage.rb +2 -2
- data/examples/datacatalog/models/user.rb +7 -7
- data/examples/datacatalog/resources/categories.rb +7 -7
- data/examples/datacatalog/resources/categories_sources.rb +4 -4
- data/examples/datacatalog/resources/notes.rb +1 -1
- data/examples/datacatalog/resources/sources.rb +3 -3
- data/examples/datacatalog/resources/sources_usages.rb +3 -3
- data/examples/datacatalog/resources/users.rb +3 -3
- data/examples/datacatalog/tasks/db.rake +2 -2
- data/examples/datacatalog/tasks/test.rake +1 -1
- data/examples/datacatalog/test/helpers/assertions/assert_include.rb +1 -1
- data/examples/datacatalog/test/helpers/assertions/assert_not_include.rb +1 -1
- data/examples/datacatalog/test/helpers/lib/model_factories.rb +7 -7
- data/examples/datacatalog/test/helpers/lib/model_helpers.rb +1 -1
- data/examples/datacatalog/test/helpers/lib/request_helpers.rb +7 -7
- data/examples/datacatalog/test/helpers/resource_test_helper.rb +1 -1
- data/examples/datacatalog/test/helpers/shared/api_keys.rb +11 -11
- data/examples/datacatalog/test/helpers/shared/common_body_responses.rb +1 -1
- data/examples/datacatalog/test/helpers/shared/model_counts.rb +2 -2
- data/examples/datacatalog/test/helpers/shared/status_codes.rb +4 -4
- data/examples/datacatalog/test/helpers/test_cases/resource_test_case.rb +4 -4
- data/examples/datacatalog/test/helpers/test_helper.rb +4 -10
- data/examples/datacatalog/test/models/categorization_test.rb +6 -6
- data/examples/datacatalog/test/models/category_test.rb +8 -8
- data/examples/datacatalog/test/models/note_test.rb +6 -6
- data/examples/datacatalog/test/models/search_test.rb +4 -4
- data/examples/datacatalog/test/models/source_test.rb +5 -5
- data/examples/datacatalog/test/models/user_test.rb +11 -11
- data/examples/datacatalog/test/resources/categories/categories_delete_test.rb +12 -12
- data/examples/datacatalog/test/resources/categories/categories_get_many_test.rb +9 -9
- data/examples/datacatalog/test/resources/categories/categories_get_one_test.rb +7 -7
- data/examples/datacatalog/test/resources/categories/categories_post_test.rb +16 -16
- data/examples/datacatalog/test/resources/categories/categories_put_test.rb +17 -17
- data/examples/datacatalog/test/resources/categories_sources/categories_sources_delete_test.rb +25 -25
- data/examples/datacatalog/test/resources/categories_sources/categories_sources_get_many_test.rb +5 -5
- data/examples/datacatalog/test/resources/categories_sources/categories_sources_get_one_test.rb +15 -15
- data/examples/datacatalog/test/resources/categories_sources/categories_sources_post_test.rb +31 -31
- data/examples/datacatalog/test/resources/categories_sources/categories_sources_put_test.rb +41 -41
- data/examples/datacatalog/test/resources/notes/notes_get_many_test.rb +15 -15
- data/examples/datacatalog/test/resources/notes/notes_get_one_test.rb +7 -7
- data/examples/datacatalog/test/resources/notes/notes_post_test.rb +12 -12
- data/examples/datacatalog/test/resources/sources/sources_delete_test.rb +12 -12
- data/examples/datacatalog/test/resources/sources/sources_get_many_search_test.rb +20 -20
- data/examples/datacatalog/test/resources/sources/sources_get_many_test.rb +8 -8
- data/examples/datacatalog/test/resources/sources/sources_get_one_test.rb +17 -9
- data/examples/datacatalog/test/resources/sources/sources_post_test.rb +13 -13
- data/examples/datacatalog/test/resources/sources/sources_put_test.rb +30 -30
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_delete_test.rb +24 -24
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_get_many_filter_test.rb +9 -9
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_get_many_test.rb +9 -9
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_get_one_test.rb +15 -15
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_post_test.rb +16 -16
- data/examples/datacatalog/test/resources/sources_usages/sources_usages_put_test.rb +33 -33
- data/examples/datacatalog/test/resources/users/users_delete_test.rb +21 -21
- data/examples/datacatalog/test/resources/users/users_get_many_test.rb +16 -16
- data/examples/datacatalog/test/resources/users/users_get_one_test.rb +8 -8
- data/examples/datacatalog/test/resources/users/users_post_test.rb +13 -13
- data/examples/datacatalog/test/resources/users/users_put_test.rb +18 -18
- data/lib/builder/action_definitions.rb +8 -8
- data/lib/builder/helpers.rb +10 -12
- data/lib/builder/mongo_helpers.rb +13 -14
- data/lib/builder.rb +10 -10
- data/lib/exceptions.rb +1 -1
- data/lib/resource.rb +20 -20
- data/lib/roles.rb +2 -2
- data/lib/utility.rb +2 -2
- data/notes/permissions.mdown +6 -6
- data/sinatra_resource.gemspec +9 -4
- data/spec/spec_helper.rb +1 -1
- data/spec/utility_spec.rb +2 -2
- metadata +30 -4
@@ -21,34 +21,34 @@ class UsersPutResourceTest < ResourceTestCase
|
|
21
21
|
after do
|
22
22
|
@user.destroy
|
23
23
|
end
|
24
|
-
|
24
|
+
|
25
25
|
context "put /:id" do
|
26
26
|
context "anonymous" do
|
27
27
|
before do
|
28
28
|
put "/#{@user.id}", @valid_params
|
29
29
|
end
|
30
|
-
|
30
|
+
|
31
31
|
use "return 401 because the API key is missing"
|
32
32
|
use "user unchanged"
|
33
33
|
end
|
34
|
-
|
34
|
+
|
35
35
|
context "incorrect API key" do
|
36
36
|
before do
|
37
37
|
put "/#{@user.id}", @valid_params.merge(:api_key => BAD_API_KEY)
|
38
38
|
end
|
39
|
-
|
39
|
+
|
40
40
|
use "return 401 because the API key is invalid"
|
41
41
|
use "user unchanged"
|
42
42
|
end
|
43
43
|
end
|
44
|
-
|
44
|
+
|
45
45
|
%w(basic curator).each do |role|
|
46
46
|
[:created_at, :updated_at, :junk].each do |invalid|
|
47
47
|
context "#{role} : put /:id but with #{invalid}" do
|
48
48
|
before do
|
49
49
|
put "/#{@user.id}", valid_params_for(role).merge(invalid => 9)
|
50
50
|
end
|
51
|
-
|
51
|
+
|
52
52
|
use "return 401 because the API key is unauthorized"
|
53
53
|
use "user unchanged"
|
54
54
|
end
|
@@ -59,7 +59,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
59
59
|
before do
|
60
60
|
put "/#{@user.id}", valid_params_for(role).merge(erase => "")
|
61
61
|
end
|
62
|
-
|
62
|
+
|
63
63
|
use "return 401 because the API key is unauthorized"
|
64
64
|
use "user unchanged"
|
65
65
|
end
|
@@ -71,7 +71,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
71
71
|
put "/#{@user.id}", valid_params_for(role).
|
72
72
|
delete_if { |k, v| k == missing }
|
73
73
|
end
|
74
|
-
|
74
|
+
|
75
75
|
use "return 401 because the API key is unauthorized"
|
76
76
|
use "user unchanged"
|
77
77
|
end
|
@@ -81,7 +81,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
81
81
|
before do
|
82
82
|
put "/#{FAKE_ID}", valid_params_for(role)
|
83
83
|
end
|
84
|
-
|
84
|
+
|
85
85
|
use "return 401 because the API key is unauthorized"
|
86
86
|
use "user unchanged"
|
87
87
|
end
|
@@ -90,7 +90,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
90
90
|
before do
|
91
91
|
put "/#{@user.id}", valid_params_for(role)
|
92
92
|
end
|
93
|
-
|
93
|
+
|
94
94
|
use "return 401 because the API key is unauthorized"
|
95
95
|
use "user unchanged"
|
96
96
|
end
|
@@ -122,7 +122,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
122
122
|
put "/#{@user.id}", valid_params_for(role).
|
123
123
|
merge(@extra_admin_params).merge(invalid => 9)
|
124
124
|
end
|
125
|
-
|
125
|
+
|
126
126
|
use "return 400 Bad Request"
|
127
127
|
use "user unchanged"
|
128
128
|
invalid_param invalid
|
@@ -135,7 +135,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
135
135
|
put "/#{@user.id}", valid_params_for(role).
|
136
136
|
merge(@extra_admin_params).merge(erase => "")
|
137
137
|
end
|
138
|
-
|
138
|
+
|
139
139
|
use "return 400 Bad Request"
|
140
140
|
use "user unchanged"
|
141
141
|
missing_param erase
|
@@ -148,7 +148,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
148
148
|
put "/#{FAKE_ID}", valid_params_for(role).
|
149
149
|
merge(@extra_admin_params).delete_if { |k, v| k == missing }
|
150
150
|
end
|
151
|
-
|
151
|
+
|
152
152
|
use "return 404 Not Found with empty response body"
|
153
153
|
use "user unchanged"
|
154
154
|
end
|
@@ -160,11 +160,11 @@ class UsersPutResourceTest < ResourceTestCase
|
|
160
160
|
put "/#{@user.id}", valid_params_for(role).
|
161
161
|
merge(@extra_admin_params).delete_if { |k, v| k == missing }
|
162
162
|
end
|
163
|
-
|
163
|
+
|
164
164
|
use "return 200 Ok"
|
165
165
|
doc_properties %w(name email role _api_key token
|
166
166
|
id created_at updated_at)
|
167
|
-
|
167
|
+
|
168
168
|
test "should change correct fields in database" do
|
169
169
|
user = User.find_by_id(@user.id)
|
170
170
|
@valid_params.merge(@extra_admin_params).each_pair do |key, value|
|
@@ -179,7 +179,7 @@ class UsersPutResourceTest < ResourceTestCase
|
|
179
179
|
before do
|
180
180
|
put "/#{FAKE_ID}", valid_params_for(role).merge(@extra_admin_params)
|
181
181
|
end
|
182
|
-
|
182
|
+
|
183
183
|
use "return 404 Not Found with empty response body"
|
184
184
|
use "user unchanged"
|
185
185
|
end
|
@@ -188,11 +188,11 @@ class UsersPutResourceTest < ResourceTestCase
|
|
188
188
|
before do
|
189
189
|
put "/#{@user.id}", valid_params_for(role).merge(@extra_admin_params)
|
190
190
|
end
|
191
|
-
|
191
|
+
|
192
192
|
use "return 200 Ok"
|
193
193
|
doc_properties %w(name email role _api_key token
|
194
194
|
id created_at updated_at)
|
195
|
-
|
195
|
+
|
196
196
|
test "should change all fields in database" do
|
197
197
|
user = User.find_by_id(@user.id)
|
198
198
|
@valid_params.merge(@extra_admin_params).each_pair do |key, value|
|
@@ -1,5 +1,5 @@
|
|
1
1
|
module SinatraResource
|
2
|
-
|
2
|
+
|
3
3
|
class Builder
|
4
4
|
|
5
5
|
module ActionDefinitions
|
@@ -16,7 +16,7 @@ module SinatraResource
|
|
16
16
|
find_document!(model, id)
|
17
17
|
end
|
18
18
|
end
|
19
|
-
|
19
|
+
|
20
20
|
def document_count_for_get_many(model, resource_config, parent_document, child_assoc)
|
21
21
|
if resource_config[:parent]
|
22
22
|
count_nested_documents(parent_document, child_assoc, model)
|
@@ -24,7 +24,7 @@ module SinatraResource
|
|
24
24
|
count_documents(model)
|
25
25
|
end
|
26
26
|
end
|
27
|
-
|
27
|
+
|
28
28
|
def documents_for_get_many(role, model, resource_config, page, items_per_page, leaf, parent_document, child_assoc)
|
29
29
|
check_permission(:list, role, resource_config)
|
30
30
|
check_params(:list, role, resource_config, leaf)
|
@@ -37,7 +37,7 @@ module SinatraResource
|
|
37
37
|
authorized?(:read, lookup_role(doc), resource_config)
|
38
38
|
end
|
39
39
|
end
|
40
|
-
|
40
|
+
|
41
41
|
def document_for_post(role, model, resource_config, leaf, parent_document, child_assoc)
|
42
42
|
check_permission(:create, role, resource_config)
|
43
43
|
check_params(:create, role, resource_config, leaf)
|
@@ -53,7 +53,7 @@ module SinatraResource
|
|
53
53
|
do_callback(:after_create, resource_config, document, parent_document)
|
54
54
|
document
|
55
55
|
end
|
56
|
-
|
56
|
+
|
57
57
|
def document_for_put(role, model, resource_config, leaf, id, parent_document, child_assoc)
|
58
58
|
check_permission(:update, role, resource_config)
|
59
59
|
if resource_config[:parent]
|
@@ -74,7 +74,7 @@ module SinatraResource
|
|
74
74
|
do_callback(:after_update, resource_config, document, parent_document)
|
75
75
|
document
|
76
76
|
end
|
77
|
-
|
77
|
+
|
78
78
|
def document_for_delete(role, model, resource_config, leaf, id, parent_document, child_assoc)
|
79
79
|
check_permission(:delete, role, resource_config)
|
80
80
|
if resource_config[:parent]
|
@@ -97,7 +97,7 @@ module SinatraResource
|
|
97
97
|
end
|
98
98
|
|
99
99
|
end
|
100
|
-
|
100
|
+
|
101
101
|
end
|
102
|
-
|
102
|
+
|
103
103
|
end
|
data/lib/builder/helpers.rb
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
module SinatraResource
|
2
|
-
|
2
|
+
|
3
3
|
class Builder
|
4
4
|
|
5
5
|
module Helpers
|
6
|
-
|
6
|
+
|
7
7
|
# Build a resource, based on +document+, appropriate for +role+.
|
8
8
|
#
|
9
9
|
# @param [Symbol] role
|
@@ -102,7 +102,7 @@ module SinatraResource
|
|
102
102
|
error 401, convert(body_for(:unauthorized))
|
103
103
|
end
|
104
104
|
end
|
105
|
-
|
105
|
+
|
106
106
|
# Convert +object+ to desired format.
|
107
107
|
#
|
108
108
|
# For example, an application might want to convert +object+ to JSON or
|
@@ -143,7 +143,7 @@ module SinatraResource
|
|
143
143
|
end
|
144
144
|
convert(object)
|
145
145
|
end
|
146
|
-
|
146
|
+
|
147
147
|
# Execute a callback.
|
148
148
|
#
|
149
149
|
# @param [Symbol] name
|
@@ -224,7 +224,7 @@ module SinatraResource
|
|
224
224
|
def role_for(model, id)
|
225
225
|
lookup_role(model.find_by_id(id))
|
226
226
|
end
|
227
|
-
|
227
|
+
|
228
228
|
# Get role for a nested resource situation. Delegates to +lookup_role+.
|
229
229
|
#
|
230
230
|
# @params [MongoMapper::Document] parent
|
@@ -265,7 +265,7 @@ module SinatraResource
|
|
265
265
|
hash ? hash[to_r_or_w(action)] : :nobody
|
266
266
|
end || :anonymous
|
267
267
|
end
|
268
|
-
|
268
|
+
|
269
269
|
protected
|
270
270
|
|
271
271
|
# Is +role+ authorized for +action+, and, if specified, +property+?
|
@@ -330,8 +330,6 @@ module SinatraResource
|
|
330
330
|
{ "errors" => { "invalid_filter" => object } }
|
331
331
|
when :no_params
|
332
332
|
{ "errors" => "no_params" }
|
333
|
-
when :non_empty_params
|
334
|
-
{ "errors" => "non_empty_params" }
|
335
333
|
when :not_found
|
336
334
|
""
|
337
335
|
when :unauthorized
|
@@ -383,7 +381,7 @@ module SinatraResource
|
|
383
381
|
def lookup_role(document=nil)
|
384
382
|
raise NotImplementedError
|
385
383
|
end
|
386
|
-
|
384
|
+
|
387
385
|
# Are the params suitable for +action+? Raise 400 Bad Request if not.
|
388
386
|
#
|
389
387
|
# @param [Symbol] action
|
@@ -401,7 +399,7 @@ module SinatraResource
|
|
401
399
|
[FILTER_KEY, SEARCH_KEY].include?(k)
|
402
400
|
end
|
403
401
|
unless p.empty?
|
404
|
-
error 400, convert(body_for(:
|
402
|
+
error 400, convert(body_for(:invalid_params, p))
|
405
403
|
end
|
406
404
|
when :read
|
407
405
|
p = params.reject { |k, v| k == SHOW_KEY }
|
@@ -410,7 +408,7 @@ module SinatraResource
|
|
410
408
|
{ SHOW_KEY => params[SHOW_KEY] }))
|
411
409
|
end
|
412
410
|
unless p.empty?
|
413
|
-
error 400, convert(body_for(:
|
411
|
+
error 400, convert(body_for(:invalid_params, p))
|
414
412
|
end
|
415
413
|
when :create
|
416
414
|
# No need to complain. If there are problems,
|
@@ -421,7 +419,7 @@ module SinatraResource
|
|
421
419
|
end
|
422
420
|
when :delete
|
423
421
|
unless params.empty?
|
424
|
-
error 400, convert(body_for(:
|
422
|
+
error 400, convert(body_for(:invalid_params, p))
|
425
423
|
end
|
426
424
|
else
|
427
425
|
raise Error, "Unexpected: #{action.inspect}"
|
@@ -1,8 +1,7 @@
|
|
1
|
-
gem 'query_string_filter', '>= 0.1.4'
|
2
1
|
require 'query_string_filter'
|
3
2
|
|
4
3
|
module SinatraResource
|
5
|
-
|
4
|
+
|
6
5
|
class Builder
|
7
6
|
|
8
7
|
module MongoHelpers
|
@@ -34,7 +33,7 @@ module SinatraResource
|
|
34
33
|
conditions = params.empty? ? {} : make_conditions(params, model)
|
35
34
|
model.count(conditions)
|
36
35
|
end
|
37
|
-
|
36
|
+
|
38
37
|
def count_nested_documents(parent, child_assoc, child_model)
|
39
38
|
#
|
40
39
|
# This code needs significant improvement.
|
@@ -57,7 +56,7 @@ module SinatraResource
|
|
57
56
|
end
|
58
57
|
documents.length
|
59
58
|
end
|
60
|
-
|
59
|
+
|
61
60
|
# Create a document from params. If not valid, returns 400.
|
62
61
|
#
|
63
62
|
# @param [Class] model
|
@@ -105,7 +104,7 @@ module SinatraResource
|
|
105
104
|
end
|
106
105
|
child
|
107
106
|
end
|
108
|
-
|
107
|
+
|
109
108
|
# Delete a document with +id+.
|
110
109
|
#
|
111
110
|
# @param [Class] model
|
@@ -213,7 +212,7 @@ module SinatraResource
|
|
213
212
|
child_model.find_by_id(child_id)
|
214
213
|
end
|
215
214
|
end
|
216
|
-
|
215
|
+
|
217
216
|
# Find a nested document. If not found, returns 404.
|
218
217
|
#
|
219
218
|
# @param [MongoMapper::Document] parent_document
|
@@ -235,7 +234,7 @@ module SinatraResource
|
|
235
234
|
end
|
236
235
|
document
|
237
236
|
end
|
238
|
-
|
237
|
+
|
239
238
|
# Find +model+ documents: find all documents if no params, otherwise
|
240
239
|
# find selected documents.
|
241
240
|
#
|
@@ -286,7 +285,7 @@ module SinatraResource
|
|
286
285
|
select_related(parent, child_assoc, children)
|
287
286
|
end
|
288
287
|
end
|
289
|
-
|
288
|
+
|
290
289
|
# Delegates to application, who should use custom logic to relate
|
291
290
|
# +parent+ and +child+.
|
292
291
|
#
|
@@ -303,7 +302,7 @@ module SinatraResource
|
|
303
302
|
proc.call(parent, child) if proc
|
304
303
|
child
|
305
304
|
end
|
306
|
-
|
305
|
+
|
307
306
|
# Update a document with +id+ from params. If not valid, returns 400.
|
308
307
|
#
|
309
308
|
# @param [Class] model
|
@@ -319,7 +318,7 @@ module SinatraResource
|
|
319
318
|
end
|
320
319
|
document
|
321
320
|
end
|
322
|
-
|
321
|
+
|
323
322
|
# Update a nested document with params. If not valid, returns 400.
|
324
323
|
#
|
325
324
|
# @param [MongoMapper::Document] parent
|
@@ -350,11 +349,11 @@ module SinatraResource
|
|
350
349
|
update_document!(child_model, child_id)
|
351
350
|
end
|
352
351
|
end
|
353
|
-
|
352
|
+
|
354
353
|
protected
|
355
|
-
|
354
|
+
|
356
355
|
QS_FILTER = QueryStringFilter.new
|
357
|
-
|
356
|
+
|
358
357
|
# Build conditions hash based on +params+.
|
359
358
|
#
|
360
359
|
# @param [Hash] params
|
@@ -382,7 +381,7 @@ module SinatraResource
|
|
382
381
|
{}
|
383
382
|
end
|
384
383
|
end
|
385
|
-
|
384
|
+
|
386
385
|
# Filter out +conditions+ that do not have corresponding keys in
|
387
386
|
# +model+. This is part of the process that prevents a user from
|
388
387
|
# searching for parameters that they do not have access to.
|
data/lib/builder.rb
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
module SinatraResource
|
2
2
|
|
3
3
|
class Builder
|
4
|
-
|
4
|
+
|
5
5
|
FILTER_KEY = "filter"
|
6
6
|
SEARCH_KEY = "search"
|
7
7
|
SHOW_KEY = "show"
|
8
8
|
|
9
9
|
ITEMS_PER_PAGE = 20
|
10
|
-
|
10
|
+
|
11
11
|
def initialize(klass)
|
12
12
|
@klass = klass
|
13
13
|
|
@@ -21,7 +21,7 @@ module SinatraResource
|
|
21
21
|
@parent_model = @parent_resource_config[:model]
|
22
22
|
end
|
23
23
|
end
|
24
|
-
|
24
|
+
|
25
25
|
def build
|
26
26
|
build_get_one
|
27
27
|
build_get_many
|
@@ -30,7 +30,7 @@ module SinatraResource
|
|
30
30
|
build_delete
|
31
31
|
build_helpers
|
32
32
|
end
|
33
|
-
|
33
|
+
|
34
34
|
def build_get_one
|
35
35
|
model = @model
|
36
36
|
resource_config = @resource_config
|
@@ -96,7 +96,7 @@ module SinatraResource
|
|
96
96
|
end
|
97
97
|
end
|
98
98
|
end
|
99
|
-
|
99
|
+
|
100
100
|
def build_post
|
101
101
|
model = @model
|
102
102
|
resource_config = @resource_config
|
@@ -124,7 +124,7 @@ module SinatraResource
|
|
124
124
|
end
|
125
125
|
end
|
126
126
|
end
|
127
|
-
|
127
|
+
|
128
128
|
def build_put
|
129
129
|
model = @model
|
130
130
|
resource_config = @resource_config
|
@@ -154,7 +154,7 @@ module SinatraResource
|
|
154
154
|
end
|
155
155
|
end
|
156
156
|
end
|
157
|
-
|
157
|
+
|
158
158
|
def build_delete
|
159
159
|
model = @model
|
160
160
|
resource_config = @resource_config
|
@@ -182,7 +182,7 @@ module SinatraResource
|
|
182
182
|
end
|
183
183
|
end
|
184
184
|
end
|
185
|
-
|
185
|
+
|
186
186
|
def build_helpers
|
187
187
|
@klass.helpers do
|
188
188
|
include ActionDefinitions
|
@@ -190,7 +190,7 @@ module SinatraResource
|
|
190
190
|
include MongoHelpers
|
191
191
|
end
|
192
192
|
end
|
193
|
-
|
193
|
+
|
194
194
|
end
|
195
|
-
|
195
|
+
|
196
196
|
end
|
data/lib/exceptions.rb
CHANGED
data/lib/resource.rb
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
module SinatraResource
|
2
|
-
|
2
|
+
|
3
3
|
module Resource
|
4
4
|
def self.included(includee)
|
5
5
|
includee.extend ClassMethods
|
6
6
|
includee.setup
|
7
7
|
end
|
8
|
-
|
8
|
+
|
9
9
|
def resource_config
|
10
10
|
self.class.resource_config
|
11
11
|
end
|
12
12
|
|
13
13
|
module ClassMethods
|
14
|
-
|
14
|
+
|
15
15
|
attr_reader :resource_config
|
16
|
-
|
16
|
+
|
17
17
|
# Specify a callback.
|
18
18
|
#
|
19
19
|
# @param [Symbol] method
|
@@ -29,7 +29,7 @@ module SinatraResource
|
|
29
29
|
end
|
30
30
|
@resource_config[:callbacks][name] = block
|
31
31
|
end
|
32
|
-
|
32
|
+
|
33
33
|
# Specify the association +method+ of a parent model that points to
|
34
34
|
# its child model.
|
35
35
|
#
|
@@ -45,7 +45,7 @@ module SinatraResource
|
|
45
45
|
end
|
46
46
|
@resource_config[:child_assoc] = method
|
47
47
|
end
|
48
|
-
|
48
|
+
|
49
49
|
# Build the Sinatra actions based on the DSL statements in this class.
|
50
50
|
# You will want to do this last.
|
51
51
|
#
|
@@ -58,7 +58,7 @@ module SinatraResource
|
|
58
58
|
validate
|
59
59
|
Builder.new(self).build
|
60
60
|
end
|
61
|
-
|
61
|
+
|
62
62
|
# Specify the underlying +model+
|
63
63
|
#
|
64
64
|
# @example
|
@@ -79,7 +79,7 @@ module SinatraResource
|
|
79
79
|
end
|
80
80
|
@resource_config[:model] = model
|
81
81
|
end
|
82
|
-
|
82
|
+
|
83
83
|
# Specify the parent +resource+. Only used for nested resources.
|
84
84
|
#
|
85
85
|
# @param [Class] resource
|
@@ -106,7 +106,7 @@ module SinatraResource
|
|
106
106
|
end
|
107
107
|
@resource_config[:path] = name
|
108
108
|
end
|
109
|
-
|
109
|
+
|
110
110
|
# Specify the minimal role needed to access this resource for reading
|
111
111
|
# or writing.
|
112
112
|
#
|
@@ -129,7 +129,7 @@ module SinatraResource
|
|
129
129
|
@resource_config[:permission][verb] = role
|
130
130
|
end
|
131
131
|
end
|
132
|
-
|
132
|
+
|
133
133
|
# Declare a property and its access rules.
|
134
134
|
#
|
135
135
|
# @example
|
@@ -165,7 +165,7 @@ module SinatraResource
|
|
165
165
|
@resource_config[:properties][name][:hide_by_default] = hide
|
166
166
|
end
|
167
167
|
end
|
168
|
-
|
168
|
+
|
169
169
|
# Declare a relation with a block of code.
|
170
170
|
#
|
171
171
|
# Only needed with nested resources.
|
@@ -192,12 +192,12 @@ module SinatraResource
|
|
192
192
|
end
|
193
193
|
@resource_config[:relation][name] = block
|
194
194
|
end
|
195
|
-
|
195
|
+
|
196
196
|
# Specify the role definitions for this resource.
|
197
197
|
#
|
198
198
|
# @example
|
199
199
|
# roles Roles
|
200
|
-
#
|
200
|
+
#
|
201
201
|
# # which refers to, for example ...
|
202
202
|
# # module Roles
|
203
203
|
# # include SinatraResource::Roles
|
@@ -241,9 +241,9 @@ module SinatraResource
|
|
241
241
|
:roles => nil,
|
242
242
|
}
|
243
243
|
end
|
244
|
-
|
244
|
+
|
245
245
|
protected
|
246
|
-
|
246
|
+
|
247
247
|
# Set some defaults, only if they haven't been set already.
|
248
248
|
#
|
249
249
|
# @return [undefined]
|
@@ -251,7 +251,7 @@ module SinatraResource
|
|
251
251
|
set_default_path
|
252
252
|
set_default_properties
|
253
253
|
end
|
254
|
-
|
254
|
+
|
255
255
|
# Set the default relative path for a resource.
|
256
256
|
#
|
257
257
|
# @return [undefined]
|
@@ -271,7 +271,7 @@ module SinatraResource
|
|
271
271
|
if keys.include?("_id")
|
272
272
|
property :id, :w => :nobody
|
273
273
|
end
|
274
|
-
|
274
|
+
|
275
275
|
if keys.include?("created_at")
|
276
276
|
property :created_at, :w => :nobody
|
277
277
|
end
|
@@ -280,7 +280,7 @@ module SinatraResource
|
|
280
280
|
property :updated_at, :w => :nobody
|
281
281
|
end
|
282
282
|
end
|
283
|
-
|
283
|
+
|
284
284
|
# Verifies correctness of resource.
|
285
285
|
#
|
286
286
|
# @raise [ValidationError] if invalid
|
@@ -291,8 +291,8 @@ module SinatraResource
|
|
291
291
|
raise ValidationError, "model required"
|
292
292
|
end
|
293
293
|
end
|
294
|
-
|
294
|
+
|
295
295
|
end
|
296
296
|
end
|
297
|
-
|
297
|
+
|
298
298
|
end
|
data/lib/roles.rb
CHANGED
@@ -5,7 +5,7 @@ module SinatraResource
|
|
5
5
|
includee.extend ClassMethods
|
6
6
|
includee.setup
|
7
7
|
end
|
8
|
-
|
8
|
+
|
9
9
|
module ClassMethods
|
10
10
|
|
11
11
|
# High-level way to define a role. You can also specify what role it
|
@@ -164,5 +164,5 @@ module SinatraResource
|
|
164
164
|
|
165
165
|
end
|
166
166
|
end
|
167
|
-
|
167
|
+
|
168
168
|
end
|
data/lib/utility.rb
CHANGED
@@ -15,8 +15,8 @@ module SinatraResource
|
|
15
15
|
# (This method was adapted from ActiveSupport 2.3.5)
|
16
16
|
def self.underscore(camel_cased_word)
|
17
17
|
camel_cased_word.to_s.
|
18
|
-
gsub(/([A-Z]+)([A-Z][a-z])/,'\1_\2').
|
19
|
-
gsub(/([a-z\d])([A-Z])/,'\1_\2').
|
18
|
+
gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2').
|
19
|
+
gsub(/([a-z\d])([A-Z])/, '\1_\2').
|
20
20
|
tr("-", "_").
|
21
21
|
downcase
|
22
22
|
end
|
data/notes/permissions.mdown
CHANGED
@@ -70,7 +70,7 @@ know whether to allow or disallow.
|
|
70
70
|
def allow?(user_type, action, resource)
|
71
71
|
# logic depends solely on params
|
72
72
|
end
|
73
|
-
|
73
|
+
|
74
74
|
def disallow?(user_type, action, resource)
|
75
75
|
# logic depends solely on params
|
76
76
|
end
|
@@ -86,14 +86,14 @@ the 'user at hand' is different from the 'user type'.
|
|
86
86
|
:basic_user can :read some Notes # less useful
|
87
87
|
:basic_user can :read an owned Note
|
88
88
|
:basic_user can't :read an unowned Note
|
89
|
-
|
89
|
+
|
90
90
|
:basic_user can :create a Note
|
91
|
-
|
91
|
+
|
92
92
|
:basic_user can't :update any Note # less useful
|
93
93
|
:basic_user can :update some Notes # less useful
|
94
94
|
:basic_user can :update an owned Note
|
95
95
|
:basic_user can't :update an unowned Note
|
96
|
-
|
96
|
+
|
97
97
|
:basic_user can't :delete any Note # less useful
|
98
98
|
:basic_user can :delete some Notes # less useful
|
99
99
|
:basic_user can :delete an owned Note
|
@@ -147,7 +147,7 @@ Which brings us back to the 'allow?' and 'disallow?' methods:
|
|
147
147
|
def allow?(user_type, user, action, resource, instance, relation)
|
148
148
|
# logic depends solely on params
|
149
149
|
end
|
150
|
-
|
150
|
+
|
151
151
|
def disallow?(user_type, user, action, resource, instance, relation)
|
152
152
|
# logic depends solely on params
|
153
153
|
end
|
@@ -157,7 +157,7 @@ I would expect that user_type can be derived from user, so we can simplify:
|
|
157
157
|
def allow?(user, action, resource, instance, relation)
|
158
158
|
# logic depends solely on params
|
159
159
|
end
|
160
|
-
|
160
|
+
|
161
161
|
def disallow?(user, action, resource, instance, relation)
|
162
162
|
# logic depends solely on params
|
163
163
|
end
|