toast 0.3.5 → 0.4.0

data/README.md

@@ -11,7 +11,7 @@ and what attributes and associations are to be exposed. That's it. No
 controller boiler plate code for every model, no routing setup.
 
 Toast is a Rails engine that runs one generic controller and a sets up
-the routing to it according to the definition in the models, which is
+the routing according to the definition in the models, which is
 denoted using a block oriented DSL.
 
 REST is more than some pretty URIs, the use of the HTTP verbs and
@@ -23,7 +23,7 @@ which ever suits the task best. That's why TOAST stands for:
 >  **TOast Ain't reST**
 
 *Be careful*: This version is experimental and probably not bullet
-proof. As soon as the gem is installed a controller with ready routing
+proof. As soon as the gem is loaded a controller with ready routing
 is enabled serving the annotated model's data records for reading,
 updating and deleting. There are no measures to prevent XSS and CSFR
 attacks.
@@ -49,8 +49,9 @@ and let a corresponding model class have a *resourceful_model* annotation:
 
        resourceful_model do
          # attributes or association names
-         fields :name, :number, :coconuts, :apple
-
+         readables :coconuts, :apple
+	 writables :name, :number	 
+	 
          # class methods of Banana returning an Array of Banana records
          collections :find_some, :all
        end
@@ -121,17 +122,13 @@ More details and configuration options are documented in the manual... (_comming
 Installation
 ============
 
-    git clone git@github.com:robokopp/toast.git
-    gem install jeweler
-    cd toast
-    rake install
+With bundler
 
-or with bundler (Gemfile) 
+    gem "toast"
 
-    gem "toast", :git => "https://github.com/robokopp/toast.git"
+the latest Git:
 
-Note: There is a Gem on RubyGems.org too, but I will not keep it up-to-date for now. 
-Please use the git (edge) version.
+    gem "toast", :git => "https://github.com/robokopp/toast.git"	
 
 Test Suite
 ==========

data/lib/toast/association.rb

@@ -10,8 +10,9 @@ module Toast
 
       @model = model
       @record = model.find(id) rescue raise(ResourceNotFound)
-      @collection = subresource_name
+      @assoc = subresource_name
       @format = format
+      @is_collection = [:has_many, :has_and_belongs_to_many].include? @model.reflect_on_association(@assoc.to_sym).macro
 
       @associate_model = Resource.get_class_by_resource_name subresource_name
       @associate_model.uri_base = @model.uri_base
@@ -19,7 +20,7 @@ module Toast
     end
 
     def get
-      result = @record.send(@collection)
+      result = @record.send(@assoc)
 
       if result.is_a? Array 
         {
@@ -35,8 +36,38 @@ module Toast
 
     end
 
-    def put
-      raise MethodNotAllowed
+    def put payload
+      # only for has_one/belongs_to assocs            
+      raise MethodNotAllowed if @is_collection
+      
+      # update see record
+      if self.media_type != @associate_model.toast_config.media_type
+        raise UnsupportedMediaType
+      end
+
+      unless payload.is_a? Hash
+        raise PayloadFormatError
+      end
+
+      # silently ignore all exposed readable, but not writable fields
+      (@associate_model.toast_config.readables - @associate_model.toast_config.writables).each do |rof|
+        payload.delete(rof)
+      end
+      
+      record = @record.send(@assoc)
+      
+      # set the virtual attributes 
+      (payload.keys.to_set - record.attribute_names.to_set).each do |vattr|
+        record.send("#{vattr}=", payload.delete(vattr))             
+      end 
+      
+      # mass-update for the rest 
+      record.update_attributes payload
+      { 
+        :json => record.exposed_attributes,
+        :status => :ok,
+        :location => record.uri
+      }      
     end
 
     def post payload
@@ -45,21 +76,29 @@ module Toast
         raise UnsupportedMediaType
       end
 
-      if payload.keys.to_set != (@associate_model.toast_config.exposed_attributes.to_set - @associate_model.toast_config.auto_fields.to_set)
-        raise PayloadInvalid
+
+      # silently ignore all exposed readable, but not writable fields
+      (@associate_model.toast_config.readables - @associate_model.toast_config.writables).each do |rof|
+        payload.delete(rof)
       end
 
       unless payload.is_a? Hash
         raise PayloadFormatError
       end 
 
-      record = @record.send(@collection).create payload
+      begin
+        record = @record.send(@assoc).create! payload
       
-      {
-        :json => record.exposed_attributes,
-        :location => record.uri,
-        :status => :created
-      }
+        {
+          :json => record.exposed_attributes,
+          :location => record.uri,
+          :status => :created
+        }
+      
+      rescue ActiveRecord::RecordInvalid => e
+        # model validation failed
+        raise PayloadInvalid.new(e.message)
+      end
     end
 
     def delete

data/lib/toast/config_dsl.rb

@@ -4,12 +4,11 @@ module Toast
     class Base
       include Blockenspiel::DSL
       dsl_attr_accessor :media_type, :has_many, :namespace
-      # attr_reader :exposed_attributes, :exposed_associations
 
       def initialize model
         @model = model
-        @fields = []
-        @auto_fields = []
+        @readables = ["uri"]
+        @writables = []
         @collections = []
         @singles = []
         @media_type = "application/json"
@@ -18,50 +17,63 @@ module Toast
         @in_collection = ConfigDSL::InCollection.new model, self
       end
 
-      def fields= *fields
-        @fields.push *ConfigDSL.sanitize(fields,"fields")
-      end
-
-      def fields *arg
-        return(@fields) if arg.empty?
-        self.fields = *arg
-      end
-
       def exposed_attributes
         assocs = @model.reflect_on_all_associations.map{|a| a.name.to_s}
-        @fields.select{|f| !assocs.include?(f)}
+        (@writables + @readables).uniq.select{|f| !assocs.include?(f)}
       end
 
       def exposed_associations
         assocs = @model.reflect_on_all_associations.map{|a| a.name.to_s}
-        @fields.select{|f| assocs.include?(f)}
+        (@writables + @readables).uniq.select{|f| assocs.include?(f)}
+      end
+
+      def readables= arg
+        #if arg.first == :all
+        #  @readables.push @model.attribute_names - ConfigDSL.sanitize(args.last[:except], "readables")
+        #else
+          @readables.push *ConfigDSL.sanitize(arg,"readables")          
+        #end
       end
 
-      def auto_fields= *arg
-        @auto_fields.push *ConfigDSL.sanitize(arg,"auto fields")
+      # args: Array or :all, :except => Array
+      def readables *arg
+        return(@readables) if arg.empty?
+        self.readables = arg        
       end
 
-      def auto_fields *arg
-        return(@auto_fields) if arg.empty?
-        self.auto_fields = *arg        
+      def writables= arg
+        #if arg.first == :all
+        #  @writables.push @model.attribute_names - ConfigDSL.sanitize(args.last[:except], "writables")
+        #else
+        # white list writables (protect the rest from mass-assignment)
+        @model.attr_accessible *arg
+        @writables.push *ConfigDSL.sanitize(arg,"writables")          
+        #end
       end
+
+      # args: Array or :all, :except => Array
+      def writables *arg
+        return(@writables) if arg.empty?
+        self.writables = arg        
+      end
+
      
-      def disallow_methods= *arg
+      def disallow_methods= arg
         @disallow_methods.push *ConfigDSL.sanitize(arg,"disallow methods")
       end
 
       def disallow_methods *arg
         return(@disallow_methods) if arg.empty?
-        self.disallow_methods = *arg        
+        self.disallow_methods = arg        
       end
 
-      def pass_params_to= *arg
+      def pass_params_to= arg
         @pass_params_to.push *ConfigDSL.sanitize(arg,"pass_params_to")
       end
 
       def pass_params_to *arg
         return(@pass_params_to) if arg.empty?
-        self.pass_params_to = *arg        
+        self.pass_params_to = arg        
       end
      
       def collections= collections=[]
@@ -70,7 +82,7 @@ module Toast
 
       def collections *arg
         return(@collections) if arg.empty?
-        self.collections = *arg
+        self.collections = arg
       end
 
       def singles= singles=[]
@@ -79,7 +91,7 @@ module Toast
 
       def singles *arg
         return(@singles) if arg.empty?
-        self.singles = *arg
+        self.singles = arg
       end
 
       def in_collection &block
@@ -99,53 +111,51 @@ module Toast
 
       def initialize model, base_config
         @model = model
-        @fields = base_config.fields
+        @readables = base_config.readables # must assign a reference 
+        @writables = base_config.writables # must assign a reference 
         @disallow_methods = []
-        # @exposed_attributes = base_config.exposed_attributes
-        # @exposed_associations = base_config.exposed_associations
         @media_type = "application/json"
       end
 
-      def fields= *fields
-        @fields = ConfigDSL.sanitize(fields,"fields")
+      def readables= readables
+        @writables = [] # forget inherited writables
+        @readables = ConfigDSL.sanitize(readables,"readables") << "uri"
+      end
 
-        # @exposed_attributes = []
-        # @exposed_associations = []
+      def readables *arg
+        return(@readables) if arg.empty?
+        self.readables = arg
+      end
 
-        # @fields.each do |attr_or_assoc|
-        #   if @model.new.attributes.keys.include? attr_or_assoc
-        #     @exposed_attributes << attr_or_assoc
-        #   else
-        #     @exposed_associations << attr_or_assoc
-        #   end
-        # end
+      def writables *arg
+        self.writables = 42
       end
 
-      def fields *arg
-        return(@fields) if arg.empty?
-        self.fields = *arg
+      def writables= arg
+        puts
+        puts "Toast Config Warning (#{model.class}): Defining \"writables\" in collection definition has no effect."
+        puts
       end
 
       def exposed_attributes
         assocs = @model.reflect_on_all_associations.map{|a| a.name.to_s}
-        @fields.select{|f| !assocs.include?(f)}
+        (@readables + @writables).uniq.select{|f| !assocs.include?(f)}
       end
 
       def exposed_associations
         assocs = @model.reflect_on_all_associations.map{|a| a.name.to_s}
-        @fields.select{|f| assocs.include?(f)}
+        (@readables + @writables).uniq.select{|f| assocs.include?(f)}
       end
 
-      def disallow_methods= *arg
+      def disallow_methods= arg
         @disallow_methods.push *ConfigDSL.sanitize(arg,"disallow methods")
       end
 
       def disallow_methods *arg
         return(@disallow_methods) if arg.empty?
-        self.disallow_methods = *arg        
+        self.disallow_methods = arg        
       end
 
-      # attr_reader :exposed_attributes, :exposed_associations
     end
 
 

data/lib/toast/record.rb

@@ -25,10 +25,17 @@ module Toast
         raise PayloadFormatError
       end
 
-      if payload.keys.to_set != (@model.toast_config.exposed_attributes.to_set - @model.toast_config.auto_fields.to_set)
-        raise PayloadInvalid
+      # silently ignore all exposed readable, but not writable fields
+      (@model.toast_config.readables - @model.toast_config.writables).each do |rof|
+        payload.delete(rof)
       end
       
+      # set the virtual attributes 
+      (payload.keys.to_set - @record.attribute_names.to_set).each do |vattr|
+        @record.send("#{vattr}=", payload.delete(vattr))             
+      end 
+      
+      # mass-update for the rest 
       @record.update_attributes payload
       { 
         :json => @record.exposed_attributes,

data/lib/toast/resource.rb

@@ -7,7 +7,7 @@ module Toast
   class UnsupportedMediaType < Exception; end
 
   # Represents a resource. There are following resource types as sub classes:
-  # Record, RootCollection, AssociateCollection, Attribute
+  # Record, RootCollection, Association, Single
   class Resource
 
     attr_accessor :media_type
@@ -39,8 +39,6 @@ module Toast
                 Toast::Record.new(model, id, format)
               elsif model.toast_config.exposed_associations.include? subresource_name
                 Toast::Association.new(model, id, subresource_name, format)                
-              elsif model.toast_config.exposed_attributes.include? subresource_name
-                Toast::Attribute.new(model, id, subresource_name, format)
               else
                 raise ResourceNotFound
               end

data/lib/toast/root_collection.rb

@@ -65,11 +65,11 @@ module Toast
         raise PayloadFormatError
       end
 
-      if payload.keys.to_set != (@model.toast_config.exposed_attributes.to_set - @model.toast_config.auto_fields.to_set)
-        raise PayloadInvalid
+      # silently ignore all exposed readable, but not writable fields
+      (@model.toast_config.readables - @model.toast_config.writables).each do |rof|
+        payload.delete(rof)
       end
       
-
       begin
         record = @model.create! payload              
 
@@ -78,8 +78,9 @@ module Toast
           :location => record.uri,
           :status => :created
         }
-
+        
       rescue ActiveRecord::RecordInvalid => e
+        # model validation failed
         raise PayloadInvalid.new(e.message)
       end
     end

metadata

@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
   prerelease: false
   segments: 
   - 0
-  - 3
-  - 5
-  version: 0.3.5
+  - 4
+  - 0
+  version: 0.4.0
 platform: ruby
 authors: 
 - Robert Annies
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-02-29 00:00:00 +01:00
+date: 2012-03-13 00:00:00 +01:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -48,7 +48,6 @@ files:
 - lib/toast.rb
 - lib/toast/active_record_extensions.rb
 - lib/toast/association.rb
-- lib/toast/attribute.rb
 - lib/toast/config_dsl.rb
 - lib/toast/engine.rb
 - lib/toast/record.rb

data/lib/toast/attribute.rb

@@ -1,42 +0,0 @@
-module Toast
-  class Attribute < Resource
-
-    attr_reader :model
-
-    def initialize model, id, attribute_name, format
-      unless model.toast_config.exposed_attributes.include? attribute_name
-        raise ResourceNotFound 
-      end
-
-      @model = model
-      @record = model.find(id) rescue raise(ResourceNotFound)
-      @attribute_name = attribute_name
-      @format = format
-    end
-    
-    def get
-      {
-        :json => @record[@attribute_name],
-        :status => :ok
-      }
-    end
-
-    def put payload
-      
-      @record.update_attribute(@attribute_name, payload)
-      { 
-        :json => @record[@attribute_name],
-        :stauts => :ok,
-        :loaction => @record.uri
-      }
-    end
-
-    def post payload
-      raise MethodNotAllowed
-    end
-    
-    def delete
-      raise MethodNotAllowed
-    end
-  end
-end