wallaby-core 0.2.11 → 0.3.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f1ac3bd8eff66540e6b9f6c6c7b1f569bffe58177134b70fde36bd5b9e3df82
-  data.tar.gz: ec78aac3194fe1dd051160d9f77695247213565260b1035d1aebd7acd84ea1a6
+  metadata.gz: 86ff434d6a25fa665cb828cc1a1839166f386a71dff24afacb7a114402a81f50
+  data.tar.gz: 1a923d492ef62f597608a9c49f8a1341fe59687e8c4668749f3ad25d7a1b1c71
 SHA512:
-  metadata.gz: d5b70441c58655aa2bd9aa49175f137e8680a78619c9a5236e560a912dc86995dba8597a60f54ad90ac3a80a074a4ddb8bfca346c8a73fa772edae8e63aa2fc9
-  data.tar.gz: 459f70f2d01dba201f7873b5a7fa61c33ea3cf8ff8824ea7d33f450878ddbb01242bf71887a3200229cfe44b3c0c70190e76ea165872fe43238e424ed5a0254e
+  metadata.gz: 73183959d1177a5d707baae5c698e57f6e5ca47fe4b248e1014402dbe95c9015418d3d6d46194161c38543745c685a99bfacb73c197a1972e85beec758d8598c
+  data.tar.gz: ffdeeb4e9df6b63f281912c21acb758e0a7bb9d8863d38a5e081b5c81cbfed5bf4942910ebf8d03fcef2c90cb8cd66f3bf0d9763302f59ae084003ea4f82dfb3

data/app/controllers/wallaby/resources_controller.rb

@@ -1,16 +1,29 @@
 # frozen_string_literal: true
 
 module Wallaby
+  # define {ResourcesController}'s parent
   ResourcesController = Class.new configuration.base_controller
 
-  # Resources controller, superclass for all customization controllers.
-  # It contains CRUD template action methods
-  # ({Wallaby::ResourcesConcern#index #index} / {Wallaby::ResourcesConcern#new #new}
-  # / {Wallaby::ResourcesConcern#create #create} / {Wallaby::ResourcesConcern#edit #edit}
-  # / {Wallaby::ResourcesConcern#update #update} / {Wallaby::ResourcesConcern#destroy #destroy})
-  # that allow subclasses to override.
+  # Resources controller is the superclass for all customization controllers.
+  # It can be used for both Admin Interface and general purpose.
   #
-  # For better practice, please create an application controller class (see example)
+  # It contains typical resourceful action template methods
+  # that can be overridden by subclasses when customizing:
+  #
+  # - {ResourcesConcern#index #index}
+  # - {ResourcesConcern#new #new}
+  # - {ResourcesConcern#create #create}
+  # - {ResourcesConcern#edit #edit}
+  # - {ResourcesConcern#update #update}
+  # - {ResourcesConcern#destroy #destroy}
+  #
+  # And it also contains resource related helper methods, e.g.:
+  #
+  # - {Resourcable#collection #collection}
+  # - {Resourcable#resource #resource}
+  # - {Resourcable#resource_params #resource_params}
+  #
+  # For better practice, please create an application controller class  (see example)
   # to better control the functions shared between different resource controllers.
   # @example Create an application class for Admin Interface usage
   #   class Admin::ApplicationController < Wallaby::ResourcesController

data/app/security/ability.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 # @!visibility private
-# Defualt ability for wallaby
+# Defualt ability for {Wallaby}
 # If main app has defined `ability.rb`, this file will not be loaded/used.
 class Ability
   include ::CanCan::Ability if defined?(::CanCan)

data/config/routes.rb

@@ -2,37 +2,44 @@
 
 Wallaby::Engine.routes.draw do
   # NOTE: For health check if needed
-  # @see Wallaby::ApplicationController#healthy
+  # @see Wallaby::ApplicationConcern#healthy
   get 'status', to: 'wallaby/resources#healthy'
 
   with_options to: Wallaby::ResourcesRouter.new do |route|
-    # @see `home` action for more
+    # @see Wallaby::ResourcesConcern#home
     route.root defaults: { action: 'home' }
 
-    # To generate error pages for all supported HTTP status
+    # Error pages for all supported HTTP status in {Wallaby::ERRORS}
     Wallaby::ERRORS.each do |status|
       code = Rack::Utils::SYMBOL_TO_STATUS_CODE[status]
-      route.get status, defaults: { action: status }
-      route.get code.to_s, defaults: { action: status }
+      route.get status, defaults: { action: status.to_s }
+      route.get code.to_s, defaults: { action: status.to_s }
     end
 
-    # To generate general CRUD resourceful routes
+    # resourceful routes.
+    #
+    # `:resources` param here will be converted to the model class in the controller.
+    # For instance, `"order::items"` will become `Order::Item` later,
+    # and `Order::Item` will be used by servicer/authorizer/paginator through out the whole request process.
+    #
+    # Using colons in the `:resources` param e.g. `"order::items"` instead of `"order/items"` is
+    # to make nested namespace possible to be handled by these dynamic routes.
     # @see Wallaby::ResourcesRouter
     scope path: ':resources' do
-      # @see Wallaby::ResourcesController#index
+      # @see Wallaby::ResourcesConcern#index
       route.get '', defaults: { action: 'index' }, as: :resources
-      # @see Wallaby::ResourcesController#new
+      # @see Wallaby::ResourcesConcern#new
       route.get 'new', defaults: { action: 'new' }, as: :new_resource
-      # @see Wallaby::ResourcesController#edit
+      # @see Wallaby::ResourcesConcern#edit
       route.get ':id/edit', defaults: { action: 'edit' }, as: :edit_resource
-      # @see Wallaby::ResourcesController#show
+      # @see Wallaby::ResourcesConcern#show
       route.get ':id', defaults: { action: 'show' }, as: :resource
 
-      # @see Wallaby::ResourcesController#create
+      # @see Wallaby::ResourcesConcern#create
       route.post '', defaults: { action: 'create' }
-      # @see Wallaby::ResourcesController#update
-      route.match ':id', via: %i(patch put), defaults: { action: 'update' }
-      # @see Wallaby::ResourcesController#destroy
+      # @see Wallaby::ResourcesConcern#update
+      route.match ':id', via: %i[patch put], defaults: { action: 'update' }
+      # @see Wallaby::ResourcesConcern#destroy
       route.delete ':id', defaults: { action: 'destroy' }
     end
   end

data/lib/adaptors/wallaby/custom/default_provider.rb

@@ -2,7 +2,7 @@
 
 module Wallaby
   class Custom
-    # Default authorization provider for {Wallaby::Custom} mode that whitelists everything.
+    # Default authorization provider for {Custom} mode that allowlists everything.
     class DefaultProvider < DefaultAuthorizationProvider
     end
   end

data/lib/adaptors/wallaby/custom/model_decorator.rb

@@ -2,9 +2,9 @@
 
 module Wallaby
   class Custom
-    # {Wallaby::Custom} mode decorator that only pulls out all the attributes from setter/getter methods.
+    # {Custom} mode decorator that only pulls out all the attributes from setter/getter pair methods.
     class ModelDecorator < ::Wallaby::ModelDecorator
-      # Assume that attributes come from the setter/getter, e.g. `name=`/`name`
+      # Retrieve the attributes from the setter/getter pair methods, e.g. `name=` and `name`
       # @return [ActiveSupport::HashWithIndifferentAccess] metadata
       def fields
         @fields ||=
@@ -34,21 +34,9 @@ module Wallaby
         @form_fields ||= Utils.clone fields
       end
 
-      # @return [Array<String>] a list of field names for index page
-      def index_field_names
-        @index_field_names ||= reposition index_fields.keys, primary_key
-      end
-
-      # @return [Array<String>] a list of field names for show page
-      def show_field_names
-        @show_field_names ||= reposition show_fields.keys, primary_key
-      end
-
-      # @return [Array<String>] a list of field names for form (new/edit) page
-      def form_field_names
-        @form_field_names ||= form_fields.keys - [primary_key.to_s]
-      end
-
+      # It returns an ActiveModel::Errors instance. However, this instance does not contain any errors.
+      # You might want to override this method in the custom resource decorator
+      # and get the errors out from the given **resource**.
       # @param resource [Object]
       # @return [ActiveModel::Errors]
       def form_active_errors(resource)

data/lib/adaptors/wallaby/custom/model_finder.rb

@@ -2,12 +2,12 @@
 
 module Wallaby
   class Custom
-    # Model finder for {Wallaby::Custom} mode that returns the list of model set by
+    # Model finder for {Custom} mode that returns the list of model set by
     # {Wallaby::Configuration#custom_models}
     class ModelFinder < ::Wallaby::ModelFinder
-      # @return [Wallaby::ClashArray] a list of classes
+      # @return [ClashArray] a list of classes
       def all
-        Wallaby.configuration.custom_models.presence
+        Wallaby.configuration.custom_models
       end
     end
   end

data/lib/adaptors/wallaby/custom/model_pagination_provider.rb

@@ -2,7 +2,7 @@
 
 module Wallaby
   class Custom
-    # Model pagination provider for {Wallaby::Custom} mode
+    # Model pagination provider for {Custom} mode
     class ModelPaginationProvider < ::Wallaby::ModelPaginationProvider
       # By default, it doesn't support pagination
       # @return [false]

data/lib/adaptors/wallaby/custom/model_service_provider.rb

@@ -2,7 +2,7 @@
 
 module Wallaby
   class Custom
-    # Model service provider for {Wallaby::Custom} mode
+    # Model service provider for {Custom} mode
     class ModelServiceProvider < ::Wallaby::ModelServiceProvider
     end
   end

data/lib/authorizers/wallaby/cancancan_authorization_provider.rb

@@ -14,18 +14,25 @@ module Wallaby
       defined?(CanCanCan) && context.respond_to?(:current_ability)
     end
 
+    # Get the information from context for {ModelAuthorizationProvider#initialize}
+    # @param context [ActionController::Base, ActionView::Base]
+    # @return [Hash] options
+    def self.options_from(context)
+      {
+        ability: context.try(:current_ability),
+        user: context.try(:wallaby_user)
+      }
+    end
+
     # @!attribute [w] ability
     attr_writer :ability
 
     # @!attribute [r] ability
-    # @return [Ability] the Ability instance for {#user #user} (which is a
-    #   {Wallaby::AuthenticationConcern#wallaby_user #wallaby_user})
+    # @return [Ability] the Ability instance for {#user #user} or from the {#options}[:ability]
     def ability
       # NOTE: use current_ability's class to create the ability instance.
       # just in case that developer uses a different Ability class (e.g. UserAbility)
       @ability ||= options[:ability] || Ability.new(user)
-    rescue ArgumentError, NameError
-      context.current_ability
     end
 
     # Check user's permission for an action on given subject.
@@ -33,7 +40,7 @@ module Wallaby
     # This method will be mostly used in controller.
     # @param action [Symbol, String]
     # @param subject [Object, Class]
-    # @raise [Wallaby::Forbidden] when user is not authorized to perform the action.
+    # @raise [Forbidden] when user is not authorized to perform the action.
     def authorize(action, subject)
       ability.authorize! action, subject
     rescue ::CanCan::AccessDenied

data/lib/authorizers/wallaby/default_authorization_provider.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Wallaby
-  # Default authorization provider that whitelists everything.
+  # Default authorization provider that allowlists everything.
   class DefaultAuthorizationProvider < ModelAuthorizationProvider
     # It returns false so that it can be used as the last resort.
     # @param _context [ActionController::Base, ActionView::Base]
@@ -10,6 +10,15 @@ module Wallaby
       false
     end
 
+    # It returns empty hash.
+    # @param context [ActionController::Base, ActionView::Base]
+    # @return [Hash]
+    def self.options_from(context)
+      {
+        user: context.try(:wallaby_user)
+      }
+    end
+
     # Do nothing
     # @param _action [Symbol, String]
     # @param subject [Object, Class]

data/lib/authorizers/wallaby/model_authorizer.rb

@@ -23,7 +23,7 @@ module Wallaby
       # It will be inherited from its parent classes if there isn't one for current class.
       # @return [String, Symbol]
       def provider_name
-        @provider_name ||= superclass.try :provider_name
+        @provider_name || superclass.try(:provider_name)
       end
     end
 
@@ -34,12 +34,12 @@ module Wallaby
     attr_reader :model_class
 
     # @!attribute [r] provider
-    # @return [Wallaby::ModelAuthorizationProvider] the instance that does the job
+    # @return [ModelAuthorizationProvider] the instance that does the job
     # @since wallaby-5.2.0
     attr_reader :provider
 
     # @!attribute [r] context
-    # @return [ActionController::Base, ActionView::Base]
+    # @return [ActionController::Base, ActionView::Base, nil]
     # @since 0.2.2
     attr_reader :context
 
@@ -48,29 +48,54 @@ module Wallaby
     # @since 0.2.2
     attr_reader :options
 
+    # @note use this method instead of {#initialize} to create authorizer instance
+    # Factory method to determine which provider and what options to use.
     # @param model_class [Class]
     # @param context [ActionController::Base, ActionView::Base]
-    # @param options [Symbol, String, nil]
-    def initialize(model_class, context, **options)
+    def self.create(model_class, context)
+      model_class ||= self.model_class
+      provider_class = guess_and_set_provider_from(model_class, context)
+      options = provider_class.options_from(context)
+      new(model_class, provider: provider_class.new(options), context: context)
+    end
+
+    # Shortcut of {Map.authorizer_provider_map}
+    def self.providers_of(model_class)
+      Map.authorizer_provider_map(model_class)
+    end
+
+    # @param model_class [Class]
+    # @param provider_name [String]
+    # @param provider [Wallaby::ModelAuthorizationProvider]
+    # @param context [ActionController::Base, ActionView::Base]
+    # @param options [Hash]
+    def initialize(
+      model_class,
+      provider_name: nil,
+      provider: nil,
+      context: nil,
+      options: {}
+    )
       @model_class = model_class || self.class.model_class
-      @context = context
       @options = options
-      @provider = guess_provider_from(context)
+      @context = context
+      @provider = provider \
+        || self.class.providers_of(@model_class)[provider_name].new(options)
     end
 
-    protected
-
     # Go through the provider list and find out the one is
     # {Wallaby::ModelAuthorizationProvider.available? .available?}
+    # @param model_class [Class]
     # @param context [ActionController::Base, ActionView::Base]
-    def guess_provider_from(context)
+    # @return [Class] provider class
+    def self.guess_and_set_provider_from(model_class, context)
+      providers = providers_of(model_class)
       provider_class =
-        Map.authorizer_provider_map(model_class).try do |providers|
-          providers[options[:provider_name] || self.class.provider_name] \
-            || providers.values.find { |klass| klass.available? context } \
-            || providers[:default] # fallback to default
-        end
-      provider_class.new context, **options
+        providers[provider_name] \
+          || providers.values.find { |klass| klass.available? context } \
+          || providers[:default] # fallback to default
+      self.provider_name ||= provider_class.provider_name
+      provider_class
     end
   end
 end

data/lib/authorizers/wallaby/pundit_authorization_provider.rb

@@ -1,9 +1,6 @@
 # frozen_string_literal: true
 
 module Wallaby
-  # @note This authorization provider DOES NOT use the
-  #   {https://github.com/varvet/pundit#customize-pundit-user pundit_user} helper.
-  #   It uses the one from {Wallaby::AuthenticationConcern#wallaby_user #wallaby_user} instead.
   # {https://github.com/varvet/pundit Pundit} base authorization provider.
   class PunditAuthorizationProvider < ModelAuthorizationProvider
     # Detect and see if Pundit is in use.
@@ -14,12 +11,21 @@ module Wallaby
       defined?(Pundit) && context.respond_to?(:pundit_user)
     end
 
+    # Get the information from context for {ModelAuthorizationProvider#initialize}
+    # @param context [ActionController::Base, ActionView::Base]
+    # @return [Hash] options
+    def self.options_from(context)
+      {
+        user: context.try(:pundit_user) || context.try(:wallaby_user)
+      }
+    end
+
     # Check user's permission for an action on given subject.
     #
-    # This method will be mostly used in controller.
+    # This method is mostly used in controller.
     # @param action [Symbol, String]
     # @param subject [Object, Class]
-    # @raise [Wallaby::Forbidden] when user is not authorized to perform the action.
+    # @raise [Forbidden] when user is not authorized to perform the action.
     def authorize(action, subject)
       Pundit.authorize(user, subject, normalize(action)) && subject
     rescue ::Pundit::NotAuthorizedError
@@ -35,10 +41,18 @@ module Wallaby
     # @return [true] if user is allowed to perform the action
     # @return [false] otherwise
     def authorized?(action, subject)
-      policy = Pundit.policy! user, subject
+      policy = Pundit.policy!(user, subject)
       policy.try normalize(action)
     end
 
+    # Restrict user to access certain scope/query.
+    # @param _action [Symbol, String]
+    # @param scope [Object]
+    # @return [Object]
+    def accessible_for(_action, scope)
+      Pundit.policy_scope!(user, scope)
+    end
+
     # Restrict user to assign certain values.
     #
     # It will do a lookup in policy's methods and pick the first available method:
@@ -49,7 +63,7 @@ module Wallaby
     # @param subject [Object]
     # @return [Hash] field value paired hash that user's allowed to assign
     def attributes_for(action, subject)
-      policy = Pundit.policy! user, subject
+      policy = Pundit.policy!(user, subject)
       policy.try("attributes_for_#{action}") || policy.try('attributes_for') || {}
     end
 
@@ -63,7 +77,7 @@ module Wallaby
     # @param subject [Object]
     # @return [Array] field list that user's allowed to change.
     def permit_params(action, subject)
-      policy = Pundit.policy! user, subject
+      policy = Pundit.policy!(user, subject)
       # @see https://github.com/varvet/pundit/blob/master/lib/pundit.rb#L258
       policy.try("permitted_attributes_for_#{action}") || policy.try('permitted_attributes')
     end

data/lib/concerns/wallaby/application_concern.rb

@@ -6,105 +6,75 @@ module Wallaby
   module ApplicationConcern
     extend ActiveSupport::Concern
 
-    # @!parse
-    #   extend Engineable::ClassMethods
-    #   include Engineable
-    #   include SharedHelpers
+    include Engineable
+    include Urlable
+
+    included do
+      rescue_from NotFound, with: :not_found
+      rescue_from ::ActionController::ParameterMissing, with: :bad_request
+      rescue_from ::ActiveRecord::StatementInvalid, with: :unprocessable_entity
+      rescue_from NotImplemented, with: :not_implemented
+      rescue_from UnprocessableEntity, with: :unprocessable_entity
+
+      delegate(:configuration, to: Wallaby)
+    end
 
-    # @!method healthy
     # Health check page
+    def healthy
+      render plain: 'healthy'
+    end
 
-    # @!method not_found(exception = nil)
     # Not found page
     # @param exception [Exception] comes from **rescue_from**
+    def not_found(exception = nil)
+      render_error exception, __callee__
+    end
 
-    # @!method bad_request(exception = nil)
     # Bad request page
     # @param exception [Exception] comes from **rescue_from**
+    def bad_request(exception = nil)
+      render_error exception, __callee__
+    end
 
-    # @!method unprocessable_entity(exception = nil)
     # Unprocessable entity page
     # @param exception [Exception] comes from **rescue_from**
+    def unprocessable_entity(exception = nil)
+      render_error exception, __callee__
+    end
 
-    # @!method internal_server_error(exception = nil)
     # Internal server error page
     # @param exception [Exception] comes from **rescue_from**
+    def internal_server_error(exception = nil)
+      render_error exception, __callee__
+    end
 
-    # @!method not_implemented(exception = nil)
     # Not implemented
     # @param exception [Exception] comes from **rescue_from**
+    def not_implemented(exception = nil)
+      render_error exception, __callee__
+    end
 
-    # @!method helpers
     # {https://api.rubyonrails.org/classes/ActionController/Helpers.html#method-i-helpers helpers}
     # exists since Rails 5.0, need to mimic this to support Rails 4.2.
     # @see https://api.rubyonrails.org/classes/ActionController/Helpers.html#method-i-helpers
     #   ActionController::Helpers#helpers
     # @see https://github.com/rails/rails/blob/5-0-stable/actionpack/lib/action_controller/metal/helpers.rb#L118
+    def helpers
+      @helpers ||= defined?(super) ? super : try(:view_context)
+    end
+
+    protected
 
-    # @!method render_error(exception, symbol)
     # Capture exceptions and display the error using error template.
     # @param exception [Exception]
     # @param symbol [Symbol] http status symbol
+    def render_error(exception, symbol)
+      Logger.error exception
 
-    included do # rubocop:disable Metrics/BlockLength
-      extend Engineable::ClassMethods
-      include Engineable
-      include SharedHelpers
-
-      rescue_from NotFound, with: :not_found
-      rescue_from ::ActionController::ParameterMissing, with: :bad_request
-      rescue_from ::ActiveRecord::StatementInvalid, with: :unprocessable_entity
-      rescue_from NotImplemented, with: :not_implemented
-      rescue_from UnprocessableEntity, with: :unprocessable_entity
-
-      delegate(*ConfigurationHelper.instance_methods(false), :url_for, to: :helpers)
-
-      # (see #healthy)
-      def healthy
-        render plain: 'healthy'
-      end
-
-      # (see #not_found)
-      def not_found(exception = nil)
-        render_error exception, __callee__
-      end
-
-      # (see #bad_request)
-      def bad_request(exception = nil)
-        render_error exception, __callee__
-      end
-
-      # (see #unprocessable_entity)
-      def unprocessable_entity(exception = nil)
-        render_error exception, __callee__
-      end
-
-      # (see #internal_server_error)
-      def internal_server_error(exception = nil)
-        render_error exception, __callee__
-      end
-
-      # (see #not_implemented)
-      def not_implemented(exception = nil)
-        render_error exception, __callee__
-      end
-
-      # (see #helpers)
-      def helpers
-        @helpers ||= defined?(super) ? super : view_context
-      end
-
-      protected
-
-      # (see #render_error)
-      def render_error(exception, symbol)
-        Logger.error exception
-
-        @exception = exception
-        @symbol = symbol
-        @code = Rack::Utils::SYMBOL_TO_STATUS_CODE[symbol].to_i
-        respond_with @exception, status: @code, template: ERROR_PATH, prefixes: _prefixes
-      end
+      @exception = exception
+      @symbol = symbol
+      @code = Rack::Utils::SYMBOL_TO_STATUS_CODE[symbol].to_i
+      respond_with @exception, status: @code, template: ERROR_PATH, prefixes: _prefixes
     end
   end
 end