volt 0.8.27.beta3 → 0.8.27.beta4

data/lib/volt/models/permissions.rb

@@ -0,0 +1,246 @@
+module Volt
+  class Model
+
+    # The permissions module provides helpers for working with Volt permissions.
+    module Permissions
+      module ClassMethods
+        # Own by user requires a logged in user (Volt.user) to save a model.  If
+        # the user is not logged in, an validation error will occur.  Once created
+        # the user can not be changed.
+        #
+        # @param key [Symbol] the name of the attribute to store
+        def own_by_user(key=:user_id)
+          # When the model is created, assign it the user_id (if the user is logged in)
+          on(:new) do
+            if !(user_id = Volt.user_id).nil?
+              send(:"_#{key}=", user_id)
+            end
+          end
+
+          on(:create, :update) do
+            # Don't allow the key to be changed
+            deny(key)
+          end
+
+          # Setup a validation that requires a user_id
+          validate do
+            # Lookup directly in @attributes to optimize and prevent the need
+            # for a nil model.
+            unless @attributes[:user_id]
+              # Show an error that the user is not logged in
+              next {key => ['requires a logged in user']}
+            end
+          end
+        end
+
+
+        # TODO: Change to
+        # permissions(:create, :read, :update) do |action|
+        #   if owner?
+        #     allow
+        #   else
+        #     deny :user_id
+        #   end
+        # end
+
+        # permissions takes a block and yields
+        def permissions(*actions, &block)
+          # Store the permissions block so we can run it in validations
+          self.__permissions__ ||= {}
+
+          # if no action was specified, assume all actions
+          actions += [:create, :read, :update, :delete] if actions.size == 0
+
+          actions.each do |action|
+            # Add to an array of proc's for each action
+            (self.__permissions__[action] ||= []) << block
+          end
+
+          validate do
+            action = new? ? :create : :update
+            run_permissions(action)
+          end
+        end
+      end
+
+      def self.included(base)
+        base.send(:extend, ClassMethods)
+        base.class_attribute :__permissions__
+      end
+
+      def allow(*fields)
+        if @__allow_fields
+          if @__allow_fields != true
+            if fields.size == 0
+              # No field's were passed, this means we deny all
+              @__allow_fields = true
+            else
+              # Fields were specified, add them to the list
+              @__allow_fields += fields.map(&:to_sym)
+            end
+          end
+        else
+          raise "allow should be called inside of a permissions block"
+        end
+      end
+
+      def deny(*fields)
+        if @__deny_fields
+          if @__deny_fields != true
+            if fields.size == 0
+              # No field's were passed, this means we deny all
+              @__deny_fields = true
+            else
+              # Fields were specified, add them to the list
+              @__deny_fields += fields.map(&:to_sym)
+            end
+          end
+        else
+          raise "deny should be called inside of a permissions block"
+        end
+      end
+
+      # owner? can be called on a model to check if the currently logged
+      # in user (```Volt.user```) is the owner of this instance.
+      #
+      # @param key [Symbol] the name of the attribute where the user_id is stored
+      def owner?(key=:user_id)
+        # Lookup the original user_id
+        owner_id = was(key) || send(:"_#{key}")
+        owner_id != nil && owner_id == Volt.user_id
+      end
+
+      # Returns boolean if the model can be deleted
+      def can_delete?
+        action_allowed?(:delete)
+      end
+
+      # Checks the read permissions
+      def can_read?
+        action_allowed?(:read)
+      end
+
+      def can_create?
+        action_allowed?(:create)
+      end
+
+      # Checks if any denies are in place for an action (read or delete)
+      def action_allowed?(action_name)
+        # TODO: this does some unnecessary work
+        compute_allow_and_deny(action_name)
+
+        deny = @__deny_fields == true || (@__deny_fields && @__deny_fields.size > 0)
+
+        clear_allow_and_deny
+
+        return !deny
+      end
+
+      # Return the list of allowed fields
+      def allow_and_deny_fields(action_name)
+        compute_allow_and_deny(action_name)
+
+        result = [@__allow_fields, @__deny_fields]
+
+        clear_allow_and_deny
+
+        return result
+      end
+
+      # Filter fields returns the attributes with any denied or not allowed fields
+      # removed based on the current user.
+      #
+      # Run with Volt.as_user(...) to change the user
+      def filtered_attributes
+        # Run the read permission check
+        allow, deny = allow_and_deny_fields(:read)
+
+        if allow && allow != true && allow.size > 0
+          # always keep id
+          allow << :_id
+
+          # Only keep fields in the allow list
+          return @attributes.select {|key| allow.include?(key) }
+        elsif deny == true
+          # Only keep id
+          # TODO: Should this be a full reject?
+          return @attributes.reject {|key| key != :_id }
+        elsif deny && deny.size > 0
+          # Reject any in the deny list
+          return @attributes.reject {|key| deny.include?(key) }
+        else
+          return @attributes
+        end
+      end
+
+      private
+      def run_permissions(action_name=nil)
+        compute_allow_and_deny(action_name)
+
+        errors = {}
+
+        if @__allow_fields == true
+          # Allow all fields
+        elsif @__allow_fields && @__allow_fields.size > 0
+          # Deny all not specified in the allow list
+          changed_attributes.keys.each do |field_name|
+            unless @__allow_fields.include?(field_name)
+              add_error_if_changed(errors, field_name)
+            end
+          end
+        end
+
+        if @__deny_fields == true
+          # Don't allow any field changes
+          changed_attributes.keys.each do |field_name|
+            add_error_if_changed(errors, field_name)
+          end
+        elsif @__deny_fields
+          # Allow all except the denied
+          @__deny_fields.each do |field_name|
+            if changed?(field_name)
+              add_error_if_changed(errors, field_name)
+            end
+          end
+        end
+
+        clear_allow_and_deny
+
+        errors
+      end
+
+      def clear_allow_and_deny
+        @__deny_fields = nil
+        @__allow_fields = nil
+      end
+
+      # Run through the permission blocks for the action name, acumulate
+      # all allow/deny fields.
+      def compute_allow_and_deny(action_name)
+        @__deny_fields = []
+        @__allow_fields = []
+
+        # Skip permissions can be run on the server to ignore the permissions
+        return if Volt.in_mode?(:skip_permissions)
+
+        # Run the permission blocks
+        action_name ||= new? ? :create : :update
+
+        # Run each of the permission blocks for this action
+        permissions = self.class.__permissions__
+        if permissions && (blocks = permissions[action_name])
+          blocks.each do |block|
+            # Call the block, pass the action name
+            instance_exec(action_name, &block)
+          end
+        end
+      end
+
+      def add_error_if_changed(errors, field_name)
+        if changed?(field_name)
+          (errors[field_name] ||= []) << 'can not be changed'
+        end
+      end
+    end
+  end
+end

data/lib/volt/models/persistors/array_store.rb

@@ -1,6 +1,8 @@
 require 'volt/models/persistors/store'
-require 'volt/models/persistors/query/query_listener_pool'
 require 'volt/models/persistors/store_state'
+require 'volt/models/persistors/query/normalizer'
+require 'volt/models/persistors/query/query_listener_pool'
+require 'volt/utils/timers'
 
 module Volt
   module Persistors
@@ -9,7 +11,7 @@ module Volt
 
       @@query_pool = QueryListenerPool.new
 
-      attr_reader :model
+      attr_reader :model, :root_dep
 
       def self.query_pool
         @@query_pool
@@ -18,159 +20,225 @@ module Volt
       def initialize(model, tasks = nil)
         super
 
+        # The listener event counter keeps track of how many things are listening
+        # on this model and loads/unloads data when in use.
+        @listener_event_counter = EventCounter.new(
+          -> { load_data },
+          -> { stop_listening }
+        )
+
+        # The root dependency tracks how many listeners are on the ArrayModel
+        # @root_dep = Dependency.new(@listener_event_counter.method(:add), @listener_event_counter.method(:remove))
+        @root_dep = Dependency.new(method(:listener_added), method(:listener_removed))
+
         @query = @model.options[:query]
-        @limit = @model.options[:limit]
-        @skip = @model.options[:skip]
+      end
+
+      def loaded(initial_state = nil)
+        super
+
+        # Setup up the query listener, and if it is already listening, then
+        # go ahead and load that data in.  This allows us to use it immediately
+        # if the data is loaded in another place.
+        if query_listener.listening
+          query_listener.add_store(self)
+          @added_to_query = true
+        end
+      end
 
-        @skip = nil if @skip == 0
+      def inspect
+        "<#{self.class.to_s}:#{object_id} #{@model.path.inspect} #{@query.inspect}>"
       end
 
+      # Called when an each binding is listening
       def event_added(event, first, first_for_event)
         # First event, we load the data.
         if first
-          @has_events = true
-          load_data
+          @listener_event_counter.add
         end
       end
 
+      # Called when an each binding stops listening
       def event_removed(event, last, last_for_event)
         # Remove listener where there are no more events on this model
         if last
-          @has_events = false
-          stop_listening
+          @listener_event_counter.remove
         end
       end
 
-      # Called when an event is removed and we no longer want to keep in
-      # sync with the database.
-      def stop_listening(stop_watching_query = true)
-        return if @has_events
-        return if @fetch_promises && @fetch_promises.size > 0
+      # Called by child models to track their listeners
+      def listener_added
+        @listener_event_counter.add
+        # puts "LIST ADDED: #{inspect} - #{@listener_event_counter.count} #{@model.path.inspect}"
+      end
 
-        @query_computation.stop if @query_computation && stop_watching_query
+      # Called by child models to track their listeners
+      def listener_removed
+        @listener_event_counter.remove
+        # puts "LIST REMOVED: #{inspect} - #{@query.inspect} - #{@listener_event_counter.count} #{@model.path.inspect}"
+      end
 
-        if @query_listener
-          @query_listener.remove_store(self)
-          @query_listener = nil
+      # Called when an event is removed and we no longer want to keep in
+      # sync with the database.  The data is kept in memory and the model's
+      # loaded_state is marked as "dirty" meaning it may not be in sync.
+      def stop_listening
+        # puts "Stop LIST1"
+        Timers.next_tick do
+          Computation.run_without_tracking do
+            # puts "STOP LIST2"
+            if @listener_event_counter.count == 0
+              if @added_to_query
+                @query_listener.remove_store(self)
+                @query_listener = nil
+
+                @added_to_query = nil
+              end
+
+              @model.change_state_to(:loaded_state, :dirty)
+            end
+          end
         end
 
-        @state = :dirty
+        Timers.flush_next_tick_timers! if Volt.server?
       end
 
       # Called the first time data is requested from this collection
       def load_data
-        # Don't load data from any queried
-        if @state == :not_loaded || @state == :dirty
-          # puts "Load Data at #{@model.path.inspect} - query: #{@query.inspect} on #{self.inspect}"
-          change_state_to :loading
-
-          if @query.is_a?(Proc)
-            @query_computation = -> do
-              stop_listening(false)
+        # puts "LOAD DATA: #{@model.path.inspect}: #{@model.options[:query].inspect}"
+        Computation.run_without_tracking do
+          loaded_state = @model.loaded_state
 
-              change_state_to :loading
+          # Don't load data from any queried
+          if loaded_state == :not_loaded || loaded_state == :dirty
+            @model.change_state_to(:loaded_state, :loading)
 
-              new_query = @query.call
-
-              run_query(@model, @query.call, @skip, @limit)
-            end.watch!
-          else
-            run_query(@model, @query, @skip, @limit)
+            run_query
           end
         end
       end
 
-      # Clear out the models data, since we're not listening anymore.
-      def unload_data
-        puts 'Unload Data'
-        change_state_to :not_loaded
-        @model.clear
+      def run_query
+        unless @added_to_query
+          @model.clear
+
+          @added_to_query = true
+          query_listener.add_store(self)
+        end
       end
 
-      def run_query(model, query = {}, skip = nil, limit = nil)
-        @model.clear
+      # Looks up the query listener for this ArrayStore
+      # @query should be treated as immutable.
+      def query_listener
+        return @query_listener if @query_listener
+
+        collection = @model.path.last
+        query = @query
 
-        collection = model.path.last
         # Scope to the parent
-        if model.path.size > 1
-          parent = model.parent
+        if @model.path.size > 1
+          parent = @model.parent
 
           parent.persistor.ensure_setup if parent.persistor
 
           if parent && (attrs = parent.attributes) && attrs[:_id].true?
-            query[:"#{model.path[-3].singularize}_id"] = attrs[:_id]
+            query = query.dup
+
+            query << [:find, {:"#{@model.path[-3].singularize}_id" => attrs[:_id]}]
           end
         end
 
-        # The full query contains the skip and limit
-        full_query = [query, skip, limit]
-        @query_listener = @@query_pool.lookup(collection, full_query) do
+        query = Query::Normalizer.normalize(query)
+
+        @query_listener ||= @@query_pool.lookup(collection, query) do
           # Create if it does not exist
-          QueryListener.new(@@query_pool, @tasks, collection, full_query)
+          QueryListener.new(@@query_pool, @tasks, collection, query)
         end
 
-        @query_listener.add_store(self)
+        # @@query_pool.print
+
+        @query_listener
       end
 
-      # Find can take either a query object, or a block that returns a query object.  Use
-      # the block style if you need reactive updating queries
-      def find(query = nil, &block)
-        # Set a default query if there is no block
-        if block
-          if query
-            fail 'Query should not be passed in to a find if a block is specified'
-          end
-          query = block
-        else
-          query ||= {}
-        end
+      # Find takes a query object
+      def where(query = nil)
+        query ||= {}
 
-        Cursor.new([], @model.options.merge(query: query))
+        add_query_part(:find, query)
       end
+      alias_method :find, :where
 
       def limit(limit)
-        Cursor.new([], @model.options.merge(limit: limit))
+        add_query_part(:limit, limit)
       end
 
       def skip(skip)
-        Cursor.new([], @model.options.merge(skip: skip))
+        add_query_part(:skip, skip)
+      end
+
+      # .sort is already a ruby method, so we use order instead
+      def order(sort)
+        add_query_part(:sort, sort)
+      end
+
+      # Add query part adds a [method_name, *arguments] array to the query.
+      # This will then be passed to the backend to run the query.
+      #
+      # @return [Cursor] a new cursor
+      def add_query_part(*args)
+        opts = @model.options
+        query = opts[:query] ? opts[:query].deep_clone : []
+        query << args
+
+        # Make a new opts hash with changed query
+        opts = opts.merge(query: query)
+        Cursor.new([], opts)
       end
 
       # Returns a promise that is resolved/rejected when the query is complete.  Any
       # passed block will be passed to the promises then.  Then will be passed the model.
-      def then(&block)
-        fail 'then must pass a block' unless block
+      def fetch(&block)
         promise = Promise.new
 
-        promise = promise.then(&block)
+        # Run the block after resolve if a block is passed in
+        promise = promise.then(&block) if block
 
-        if @state == :loaded
+        if @model.loaded_state == :loaded
           promise.resolve(@model)
         else
-          @fetch_promises ||= []
-          @fetch_promises << promise
+          Proc.new do |comp|
+            if @model.loaded_state == :loaded
+              promise.resolve(@model)
+
+              comp.stop
+            end
 
-          load_data
+          end.watch!
         end
 
         promise
       end
 
+      # Alias then for now
+      # TODO: Deprecate
+      alias_method :then, :fetch
+
       # Called from backend
       def add(index, data)
         $loading_models = true
 
-        data_id = data['_id'] || data[:_id]
+        Model.no_validate do
+          data_id = data['_id'] || data[:_id]
 
-        # Don't add if the model is already in the ArrayModel
-        unless @model.array.find { |v| v._id == data_id }
-          # Find the existing model, or create one
-          new_model = @@identity_map.find(data_id) do
-            new_options = @model.options.merge(path: @model.path + [:[]], parent: @model)
-            @model.new_model(data, new_options, :loaded)
-          end
+          # Don't add if the model is already in the ArrayModel
+          unless @model.array.find { |v| v._id == data_id }
+            # Find the existing model, or create one
+            new_model = @@identity_map.find(data_id) do
+              new_options = @model.options.merge(path: @model.path + [:[]], parent: @model)
+              @model.new_model(data, new_options, :loaded)
+            end
 
-          @model.insert(index, new_model)
+            @model.insert(index, new_model)
+          end
         end
 
         $loading_models = false

data/lib/volt/models/persistors/base.rb

@@ -21,6 +21,22 @@ module Volt
 
       def event_removed(event, last, last_for_event)
       end
+
+      # Find the root for this model
+      def root_model
+        node = @model
+
+        loop do
+          parent = node.parent
+          if parent
+            node = parent
+          else
+            break
+          end
+        end
+
+        node
+      end
     end
   end
 end

data/lib/volt/models/persistors/cookies.rb

@@ -22,6 +22,7 @@ module Volt
       end
 
       def write_cookie(key, value, options = {})
+        options[:path] ||= '/'
         parts = []
 
         parts << `encodeURIComponent(key)`
@@ -29,12 +30,13 @@ module Volt
         parts << `encodeURIComponent(value)`
         parts << '; '
 
+        parts << 'path='    << options[:path] << '; '           if options[:path]
         parts << 'max-age=' << options[:max_age] << '; '        if options[:max_age]
-        if options[:expires]
-          expires = options[:expires]
+
+        if (expires = options[:expires])
           parts << 'expires=' << `expires.toGMTString()` << '; '
         end
-        parts << 'path='    << options[:path] << '; '           if options[:path]
+
         parts << 'domain='  << options[:domain] << '; '         if options[:domain]
         parts << 'secure'                                       if options[:secure]
 
@@ -55,12 +57,15 @@ module Volt
       def loaded(initial_state = nil)
         # When the main model is first loaded, we pull in the data from the
         # store if it exists
-        if !@loaded && @model.path == []
-          @loaded = true
+        if !@cookies_loaded && @model.path == []
+          @cookies_loaded = true
 
           writing_cookies do
+            # Assign directly so we don't trigger the callbacks on the initial load
+            attrs = @model.attributes
+
             read_cookies.each_pair do |key, value|
-              @model.assign_attribute(key, value)
+              attrs[key.to_sym] = value
             end
           end
         end
@@ -70,16 +75,16 @@ module Volt
       def changed(attribute_name)
         # TODO: Make sure we're only assigning directly, not sub models
         unless $writing_cookies
-          value = @model.read_attribute(attribute_name)
+          value = @model.get(attribute_name)
 
           # Temp, expire in 1 year, going to expand this api
-          write_cookie(attribute_name, value.to_s, expires: Time.now + (356 * 24 * 60 * 60))
+          write_cookie(attribute_name, value.to_s, expires: Time.now + (356 * 24 * 60 * 60), path: '/')
         end
       end
 
       def removed(attribute_name)
         writing_cookies do
-          write_cookie(attribute_name, '', expires: Time.now)
+          write_cookie(attribute_name, '', max_age: 0, path: '/')
         end
       end
 

data/lib/volt/models/persistors/flash.rb

@@ -16,6 +16,9 @@ module Volt
             }, 5000);
           `
         end
+
+        # Need to return nil to prevent non-opal object return
+        nil
       end
 
       def clear_model(model)

data/lib/volt/models/persistors/local_store.rb

@@ -10,22 +10,6 @@ module Volt
         @model = model
       end
 
-      # Find the root for this model
-      def root_model
-        node = @model
-
-        loop do
-          parent = node.parent
-          if parent
-            node = parent
-          else
-            break
-          end
-        end
-
-        node
-      end
-
       # Called when a model is added to the collection
       def added(model, index)
         root_model.persistor.save_all