sudo_attributes 0.2.0

data/.document

@@ -0,0 +1,5 @@
+README.rdoc
+lib/**/*.rb
+bin/*
+features/**/*.feature
+LICENSE

data/.gitignore

@@ -0,0 +1,21 @@
+## MAC OS
+.DS_Store
+
+## TEXTMATE
+*.tmproj
+tmtags
+
+## EMACS
+*~
+\#*
+.\#*
+
+## VIM
+*.swp
+
+## PROJECT::GENERAL
+coverage
+rdoc
+pkg
+
+## PROJECT::SPECIFIC

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Peter Brown
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.textile

@@ -0,0 +1,81 @@
+h1. sudo_attributes
+
+Adds 'sudo' methods to active record classes, allowing you to easily override protected attributes.
+
+h2. The Problem
+
+ActiveRecord (ActiveModel in Rails 3) provides a convenient way to make your application more secure by using "protected" attributes. Protected attributes are assigned using either @attr_protected@ or @attr_accessible@. This adds security by preventing mass assignment of attributes when doing things like @user.update_attributes(params[:user])@. The issue is that it can be tedious to always manually assign protected attributes in an administrative area of your application. You may find yourself doing things like:
+
+<pre>
+user = User.find(params[:id])
+user.update_attributes(params[:user])
+user.admin = true
+user.something_else = true
+user.save
+</pre>
+
+h2. The Solution
+
+SudoAttributes adds a few 'sudo' methods to your models, allowing you to override the protected attributes **when you know the input can be trusted**.
+
+It's as easy as adding one method call to your models like so:
+
+<pre>
+class User < ActiveRecord::Base
+  has_sudo_attributes :protected => :admin
+end
+</pre>
+
+h2. Class Methods
+
+The class method *has_sudo_attributes* will be available to all rails models. When called with or without arguments, it adds numerous 'sudo' methods to the class. You may still use the default methods @attr_protected@ or @attr_accessible@ provided by rails, but you must still call @has_sudo_attributes@ in order to gain access to the sudo methods.
+
+Here are four different ways it can be used:
+
+@has_sudo_attributes :attribute1, :attribute2@ - Defines protected attributes
+
+@has_sudo_attributes :protected => :attribute1@ - Identical behavior to previous
+
+@has_sudo_attributes :accessible => [:attribute1, :attribute2]@ - Defines accessible attributes
+
+@has_sudo_attributes@ - With no arguments, it will rely on calls to @attr_protected@ or @attr_accessible@
+
+Any model that calls @has_sudo_attributes@ will also be able to create new instances that override protected attributes using the following methods:
+
+@Model.sudo_create@ - Uses same syntax as @Model.create@ to instantiate and save an object with protected attributes
+
+@Model.sudo_new@ - Uses same syntax as @Model.new@ to instantiate, but not save an object with protected attributes
+
+h2. Instance Methods
+
+The following instance method is available to any ActiveRecord model that calls @has_sudo_attributes@
+
+* @sudo_update_attributes@ - Uses identical syntax to @update_attributes@, but overrides protected attributes.
+
+h2. Examples
+
+**Protect an admin boolean attribute**
+
+<pre>
+class User < ActiveRecord::Base
+  has_sudo_attributes :protected => :admin
+end
+</pre>
+
+In your admin controller...
+
+<pre>
+params[:user] = {:name => "Pete", :admin => true} (Typically set from a form)
+
+@user = User.sudo_create(params[:user])
+
+Somewhere else in your admin controller...
+
+params[:user] = {:admin => false, :name => "Pete"}
+
+@user.sudo_update_attributes(params[:user])
+</pre>
+
+h2. Copyright
+
+Copyright (c) 2010 Peter Brown. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,53 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "sudo_attributes"
+    gem.summary = %Q{Override ActiveRecord protected attributes with mass assignment}
+    gem.description = %Q{Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment}
+    gem.email = "github@lette.us"
+    gem.homepage = "http://github.com/beerlington/sudo_attributes"
+    gem.authors = ["Peter Brown"]
+    gem.add_development_dependency "rspec", ">= 1.2.9"
+    gem.add_dependency "rails", ">= 2.3.0"
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "sudo_attributes #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.2.0

data/init.rb

@@ -0,0 +1 @@
+require "sudo_attributes"

data/lib/sudo_attributes.rb

@@ -0,0 +1,74 @@
+module SudoAttributes
+  
+  module Base
+    # This is the method that will be called from each model you want to enable SudoAttributes in
+    def has_sudo_attributes(*attrs)
+      raise "Invalid argument passed to has_sudo_attributes" unless valid_attributes? attrs
+
+      set_protected_attributes(attrs) unless attrs.empty?
+
+      self.send :extend, SudoAttributes::ClassMethods
+      self.send :include, SudoAttributes::InstanceMethods
+    end
+    
+    private
+    
+    def valid_attributes?(attrs)
+      attrs.empty? || hash_syntax?(attrs) || all_symbols?(attrs)
+    end
+    
+    # True if argument is in the form ":protected => :field1" or ":accessible => :field2"
+    def hash_syntax?(attrs)
+      return false unless attrs.size == 1
+  
+      hash = attrs.first
+      
+      hash.is_a?(Hash) && (hash.has_key?(:protected) || hash.has_key?(:accessible))
+    end
+    
+    # True if argument is in the form ":field1, :field2, :field3"
+    def all_symbols?(attrs)
+      attrs.all? {|e| e.class == Symbol}
+    end
+
+    # Set the protected attributes depending on the key
+    def set_protected_attributes(attrs)
+      if all_symbols? attrs
+        self.attr_protected *attrs
+      else
+        key = attrs[0].has_key?(:protected) ? :protected : :accessible
+
+        # Call either attr_protected or attr_accessible
+        self.send("attr_#{key}", *attrs[0][key])
+      end
+    end
+    
+  end
+  
+  # Added to ActiveRecord model only if has_sudo_attributes is called
+  module ClassMethods
+    def sudo_create(attributes=nil)
+      instance = sudo_new(attributes)
+      instance.save
+      instance
+    end
+
+    def sudo_new(attributes=nil)
+      new(attributes, false)
+    end
+  end
+ 
+  module InstanceMethods
+    def initialize(attributes=nil, attributes_protected=true)
+      super(nil)
+      send(:attributes=, attributes, attributes_protected)
+    end
+    
+    def sudo_update_attributes(new_attributes)
+      self.send(:attributes=, new_attributes, false)
+      save
+    end
+  end
+end
+
+ActiveRecord::Base.send :extend, SudoAttributes::Base

data/spec/spec.opts

@@ -0,0 +1 @@
+--color

data/spec/spec_helper.rb

@@ -0,0 +1,7 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+require 'rubygems'
+require 'active_record'
+require 'sudo_attributes'
+require 'spec'

data/spec/sudo_attributes_spec.rb

@@ -0,0 +1,134 @@
+require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
+
+ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+
+ActiveRecord::Schema.define(:version => 1) do
+  create_table :cats, :force => true do |t|
+    t.string :name
+    t.string :color
+    t.integer :age
+  end
+end
+
+module SudoAttributesTest
+  ARGUMENTS = [
+    { :protected => :name},
+    { :accessible => [:color, :age] },
+    :name,
+    nil # No arguments passed in
+  ]
+  
+  def self.build_cat_class(arguments)
+
+    # Remove the Cat class if it's already been defined in previous run
+    Object.class_eval { remove_const "Cat" if const_defined? "Cat" }
+
+    # Create a new Cat class and evaluate 'has_sudo_attributes :arguments
+    klass = Class.new(ActiveRecord::Base)
+    Object.const_set("Cat", klass)
+
+    if arguments.nil? 
+      Cat.class_eval do
+        attr_protected :name
+        has_sudo_attributes
+      end
+    else
+      Cat.class_eval { has_sudo_attributes arguments }
+    end
+  end
+end
+
+describe "Cat" do
+  
+  SudoAttributesTest::ARGUMENTS.each do |arguments|
+    
+    SudoAttributesTest::build_cat_class(arguments)
+    
+    context "calling has_sudo_attributes #{arguments.inspect}" do
+      
+      before(:all) do
+        @attributes = {:name => "Smiles", :color => "gray", :age => 6}
+      end
+
+      context "that is built using" do
+
+        context "default rails initializer" do
+          before(:each) { @cat = Cat.new @attributes}
+
+          it "should not have a name" do
+            @cat.name.should be_nil
+          end
+          
+          it "should not set the name with update_attributes" do
+            @cat.update_attributes(:name => "Smiles")
+            @cat.name.should be_nil
+          end
+          
+          it "should set the name with sudo_update_attributes" do
+            @cat.sudo_update_attributes(:name => "Smiles")
+            @cat.name.should == "Smiles"
+          end
+
+          it "should have a color" do
+            @cat.color.should == @attributes[:color]
+          end
+          
+          it "should have an age" do
+            @cat.age.should == @attributes[:age]
+          end
+        
+        end
+
+        context "SudoAttributes sudo_new initializer" do
+          before(:each) { @cat = Cat.sudo_new @attributes}
+
+          it "should have a name" do
+            @cat.name.should == @attributes[:name]
+          end
+          
+          it "should set the name with sudo_update_attributes" do
+            @cat.sudo_update_attributes(:name => "Portia")
+            @cat.name.should == "Portia"
+          end
+
+          it "should have a color" do
+            @cat.color.should == @attributes[:color]
+          end
+
+          it "should not have an id" do
+            @cat.id.should be_nil
+          end
+          
+          it "should have an age" do
+            @cat.age.should == @attributes[:age]
+          end
+        end
+
+        context "SudoAttributes sudo_create initializer" do
+          before(:each) { @cat = Cat.sudo_create @attributes}
+
+          it "should have a name" do
+            @cat.name.should == @attributes[:name]
+          end
+          
+          it "should set the name with sudo_update_attributes" do
+            @cat.sudo_update_attributes(:name => "Portia")
+            @cat.name.should == "Portia"
+          end
+
+          it "should have a color" do
+            @cat.color.should == @attributes[:color]
+          end
+
+          it "should have an id" do
+            @cat.id.should_not be_nil
+          end
+          
+          it "should have an age" do
+            @cat.age.should == @attributes[:age]
+          end
+        end
+      end
+    end
+  end
+end

data/sudo_attributes.gemspec

@@ -0,0 +1,63 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{sudo_attributes}
+  s.version = "0.2.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Peter Brown"]
+  s.date = %q{2010-09-29}
+  s.description = %q{Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment}
+  s.email = %q{github@lette.us}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.textile"
+  ]
+  s.files = [
+    ".document",
+     ".gitignore",
+     "LICENSE",
+     "README.textile",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/sudo_attributes.rb",
+     "spec/spec.opts",
+     "spec/spec_helper.rb",
+     "spec/sudo_attributes_spec.rb",
+     "sudo_attributes.gemspec",
+     "test/helper.rb",
+     "test/test_sudo_attributes.rb"
+  ]
+  s.homepage = %q{http://github.com/beerlington/sudo_attributes}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Override ActiveRecord protected attributes with mass assignment}
+  s.test_files = [
+    "spec/spec_helper.rb",
+     "spec/sudo_attributes_spec.rb",
+     "test/helper.rb",
+     "test/test_sudo_attributes.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_runtime_dependency(%q<rails>, [">= 2.3.0"])
+    else
+      s.add_dependency(%q<rspec>, [">= 1.2.9"])
+      s.add_dependency(%q<rails>, [">= 2.3.0"])
+    end
+  else
+    s.add_dependency(%q<rspec>, [">= 1.2.9"])
+    s.add_dependency(%q<rails>, [">= 2.3.0"])
+  end
+end
+

data/test/helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'sudo_attributes'
+
+class Test::Unit::TestCase
+end

data/test/test_sudo_attributes.rb

@@ -0,0 +1,7 @@
+require 'helper'
+
+class TestSudoAttributes < Test::Unit::TestCase
+  should "probably rename this file and start testing for real" do
+    flunk "hey buddy, you should probably rename this file and start testing for real"
+  end
+end

metadata

@@ -0,0 +1,115 @@
+--- !ruby/object:Gem::Specification 
+name: sudo_attributes
+version: !ruby/object:Gem::Version 
+  hash: 23
+  prerelease: false
+  segments: 
+  - 0
+  - 2
+  - 0
+  version: 0.2.0
+platform: ruby
+authors: 
+- Peter Brown
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-09-29 00:00:00 -04:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 13
+        segments: 
+        - 1
+        - 2
+        - 9
+        version: 1.2.9
+  type: :development
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: rails
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 2
+        - 3
+        - 0
+        version: 2.3.0
+  type: :runtime
+  version_requirements: *id002
+description: Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment
+email: github@lette.us
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.textile
+files: 
+- .document
+- .gitignore
+- LICENSE
+- README.textile
+- Rakefile
+- VERSION
+- init.rb
+- lib/sudo_attributes.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+- spec/sudo_attributes_spec.rb
+- sudo_attributes.gemspec
+- test/helper.rb
+- test/test_sudo_attributes.rb
+has_rdoc: true
+homepage: http://github.com/beerlington/sudo_attributes
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Override ActiveRecord protected attributes with mass assignment
+test_files: 
+- spec/spec_helper.rb
+- spec/sudo_attributes_spec.rb
+- test/helper.rb
+- test/test_sudo_attributes.rb