[Jifty-commit] r4935 - in jifty/trunk: . lib/Jifty/Action lib/Jifty/Action/Record lib/Jifty/Manual lib/Jifty/Plugin/REST

jifty-commit at lists.jifty.org jifty-commit at lists.jifty.org
Thu Jan 24 16:12:16 EST 2008 

Author: alexmv
Date: Thu Jan 24 16:12:16 2008
New Revision: 4935

Modified:
   jifty/trunk/   (props changed)
   jifty/trunk/META.yml
   jifty/trunk/lib/Jifty/Action/Record.pm
   jifty/trunk/lib/Jifty/Action/Record/Create.pm
   jifty/trunk/lib/Jifty/Action/Record/Update.pm
   jifty/trunk/lib/Jifty/ClassLoader.pm
   jifty/trunk/lib/Jifty/Manual/AccessControl.pod
   jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
   jifty/trunk/lib/Jifty/Record.pm

Log:
 r27030 at zoq-fot-pik:  chmrr | 2008-01-24 16:11:14 -0500
  * Protected and private columns and models
  * Force values in REST handler, so we get real values


Modified: jifty/trunk/META.yml
==============================================================================
--- jifty/trunk/META.yml	(original)
+++ jifty/trunk/META.yml	Thu Jan 24 16:12:16 2008
@@ -28,6 +28,7 @@
   Class::Accessor::Named: 0
   Crypt::OpenSSL::RSA: 0
   DBD::SQLite: 0
+  Data::Dump::Streamer: 0
   Devel::Cover: 0
   Devel::EvalContext: 0
   Devel::Events::Objects: 0.02
@@ -42,12 +43,13 @@
   Module::Install::Admin: 0.50
   Module::Refresh: 0.09
   Net::LDAP: 0
-  Net::OAuth::Request: 0.04
+  Net::OAuth::Request: 0.05
   Net::OpenID::Consumer: 0
   Net::Server::Fork: 0
   Net::Server::PreFork: 0
   PAR::Dist::FromCPAN: 0
   Proc::ProcessTable: 0
+  Template::Declare: 0.28
   Test::Base: 0.44
   Test::HTML::Lint: 0
   Test::HTTP::Server::Simple: 0.02

Modified: jifty/trunk/lib/Jifty/Action/Record.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Action/Record.pm	(original)
+++ jifty/trunk/lib/Jifty/Action/Record.pm	Thu Jan 24 16:12:16 2008
@@ -497,13 +497,13 @@
 =head2 possible_fields
 
 Returns the list of fields on the object that the action can update.
-This defaults to all of the fields of the object.
+This defaults to all of the non-C<private> fields of the object.
 
 =cut
 
 sub possible_fields {
     my $self = shift;
-    return map { $_->name } grep { $_->container || $_->type ne "serial" } $self->record->columns;
+    return map { $_->name } grep { $_->container || $_->type ne "serial" and not $_->private and not $_->virtual } $self->record->columns;
 }
 
 =head2 take_action

Modified: jifty/trunk/lib/Jifty/Action/Record/Create.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Action/Record/Create.pm	(original)
+++ jifty/trunk/lib/Jifty/Action/Record/Create.pm	Thu Jan 24 16:12:16 2008
@@ -120,6 +120,19 @@
     $self->result->message(_("Created"))
 }
 
+=head2 possible_fields
+
+Create actions do not provide fields for columns marked as C<private>
+or C<protected>.
+
+=cut
+
+sub possible_fields {
+    my $self = shift;
+    my @names = $self->SUPER::possible_fields;
+    return map {$_->name} grep {not $_->protected} map {$self->record->column($_)} @names;
+}
+
 =head1 SEE ALSO
 
 L<Jifty::Action::Record>, L<Jifty::Record>

Modified: jifty/trunk/lib/Jifty/Action/Record/Update.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Action/Record/Update.pm	(original)
+++ jifty/trunk/lib/Jifty/Action/Record/Update.pm	Thu Jan 24 16:12:16 2008
@@ -36,7 +36,7 @@
     my $arguments = $self->SUPER::arguments(@_);
 
     # Mark read-only columns for read-only display
-    for my $column ( $self->record->columns ) {
+    for my $column ( map {$self->record->column($_)} $self->possible_fields ) {
         if ( not $column->writable and $column->readable ) {
             $arguments->{$column->name}{'render_mode'} = 'read';
         }
@@ -205,6 +205,20 @@
     $self->result->message(_("Updated"))
 }
 
+
+=head2 possible_fields
+
+Update actions do not provide fields for columns marked as C<private>
+or C<protected>.
+
+=cut
+
+sub possible_fields {
+    my $self = shift;
+    my @names = $self->SUPER::possible_fields;
+    return map {$_->name} grep {not $_->protected} map {$self->record->column($_)} @names;
+}
+
 =head1 SEE ALSO
 
 L<Jifty::Action::Record>, L<Jifty::Record>

Modified: jifty/trunk/lib/Jifty/ClassLoader.pm
==============================================================================
--- jifty/trunk/lib/Jifty/ClassLoader.pm	(original)
+++ jifty/trunk/lib/Jifty/ClassLoader.pm	Thu Jan 24 16:12:16 2008
@@ -67,7 +67,7 @@
 
 =item I<Application>::Action::I<[Verb]>I<[Something]>
 
-If I<Application>::Model::I<Something> is a valid model class and I<Verb> is one of "Create", "Search", "Update", or "Delete", then it creates a subclass of I<Application>::Action::Record::I<Verb>
+If I<Application>::Model::I<Something> is a valid model class and I<Verb> is one of "Create", "Search", "Update", or "Delete", then it creates a subclass of I<Application>::Action::Record::I<Verb>  Models can control which actions are generated by overriding L<Jifty::Record/autogenerate_action>.  See also L<Jifty::Record/is_private> and L<Jifty::Record/is_protected>.
 
 =item I<Application>::Action::I<Something>
 
@@ -226,13 +226,14 @@
 
         # Don't generate the action unless it really is a model
         if ( eval { $modelclass->isa('Jifty::Record') } ) {
-
-            $AUTOGENERATED{$module} = 1;
-            return $self->return_class(
-                  "package $module;\n"
-                . "use base qw/$base\::Action::Record::$1/;\n"
-                . "sub record_class { '$modelclass' };\n"
-            );
+            if ($modelclass->autogenerate_action($1)) {
+                $AUTOGENERATED{$module} = 1;
+                return $self->return_class(
+                      "package $module;\n"
+                    . "use base qw/$base\::Action::Record::$1/;\n"
+                    . "sub record_class { '$modelclass' };\n"
+                );
+            }
         }
 
     }
@@ -373,7 +374,7 @@
     my($short) = $full =~ /::Model::(\w*)/;
     Jifty::Util->require($full . "Collection");
     Jifty::Util->require($base . "::Action::" . $_ . $short)
-        for qw/Create Update Delete Search/;
+        for grep {$full->autogenerate_action($_)} qw/Create Update Delete Search/;
 }
 
 

Modified: jifty/trunk/lib/Jifty/Manual/AccessControl.pod
==============================================================================
--- jifty/trunk/lib/Jifty/Manual/AccessControl.pod	(original)
+++ jifty/trunk/lib/Jifty/Manual/AccessControl.pod	Thu Jan 24 16:12:16 2008
@@ -21,7 +21,7 @@
 if C<current_user_can('write')> returns false.
 
 
-On C<delete()>, we reject the operation  if C<current_user_can('delete')>
+On C<delete()>, we reject the operation if C<current_user_can('delete')>
 returns false.
 
 Out of the box, C<current_user_can> returns 1. When you want to actually 

Modified: jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	(original)
+++ jifty/trunk/lib/Jifty/Plugin/REST/Dispatcher.pm	Thu Jan 24 16:12:16 2008
@@ -94,7 +94,7 @@
 
 HTML is output only if the Accept: header or an extension does not request a
 specific format.
-    };
+};
     last_rule;
 }
 
@@ -387,7 +387,7 @@
 
 =cut
 
-sub model  { _resolve($_[0], 'Jifty::Record', Jifty->class_loader->models) }
+sub model  { _resolve($_[0], 'Jifty::Record', grep {not $_->is_private} Jifty->class_loader->models) }
 
 sub _resolve {
     my $name = shift;
@@ -416,9 +416,15 @@
 =cut
 
 sub list_models {
-    list(['model'], map { s/::/./g; $_ } Jifty->class_loader->models);
+    list(['model'], map { s/::/./g; $_ } grep {not $_->is_private} Jifty->class_loader->models);
 }
 
+=head2 valid_column
+
+Returns true if the column is a valid column to observe on the model
+
+=cut
+
 our @column_attrs = 
 qw( name
     type
@@ -435,6 +441,10 @@
     valid_values
 );
 
+sub valid_column {
+    my ( $model, $column ) = @_;
+    return scalar grep { $_->name eq $column and not $_->virtual and not $_->private } $model->new->columns;
+}
 
 =head2 list_model_columns
 
@@ -448,12 +458,14 @@
 
     my %cols;
     for my $col ( $model->new->columns ) {
+        next if $col->private or $col->virtual;
         $cols{ $col->name } = { };
         for ( @column_attrs ) {
             my $val = $col->$_();
-            $cols{ $col->name }->{ $_ } = $val
+            $cols{ $col->name }->{ $_ } = Scalar::Defer::force($val)
                 if defined $val and length $val;
         }
+        $cols{ $col->name }{writable} = 0 if exists $cols{$col->name}{writable} and $col->protected;
     }
 
     outs( [ 'model', $model ], \%cols );
@@ -472,6 +484,9 @@
     my $col = $model->new->collection_class->new;
     $col->unlimit;
 
+    # Check that the field is actually a column
+    abort(404) unless valid_column($model, $column);
+
     # If we don't load the PK, we won't get data
     $col->columns("id", $column);
     $col->order_by( column => $column );
@@ -497,7 +512,7 @@
     $rec->can($field) or abort(404);
 
     # Check that the field is actually a column (and not some other method)
-    abort(404) if not scalar grep { $_->name eq $field } $rec->columns;
+    abort(404) unless valid_column($model, $column);
 
     outs( [ 'model', $model, $column, $key, $field ],
           Jifty::Util->stringify($rec->$field()) );
@@ -514,6 +529,10 @@
 sub show_item {
     my ($model, $column, $key) = (model($1), $2, $3);
     my $rec = $model->new;
+
+    # Check that the field is actually a column
+    abort(404) unless valid_column($model, $column);
+
     $rec->load_by_cols( $column => $key );
     $rec->id or abort(404);
     outs( ['model', $model, $column, $key], $rec->jifty_serialize_format );
@@ -658,9 +677,8 @@
         my $item = $collection->first
             or return outs($ret, []);
 
-        # make sure $field exists and is a real column
-        $item->can($field)    or abort(404);
-        $item->column($field) or abort(404);
+        # Check that the field is actually a column
+        abort(404) unless valid_column($model, $field);
 
         my @values;
 

Modified: jifty/trunk/lib/Jifty/Record.pm
==============================================================================
--- jifty/trunk/lib/Jifty/Record.pm	(original)
+++ jifty/trunk/lib/Jifty/Record.pm	Thu Jan 24 16:12:16 2008
@@ -853,4 +853,46 @@
     return \%data;
 }
 
+=head2 autogenerate_action
+
+Controls which of the L<Jifty::Action::Record> subclasses are
+automatically set up for this model; this subroutine is passed one of
+the strings C<Create>, C<Update>, C<Delete> or C<Search>, and should
+return a true value if that action should be autogenerated.
+
+The default method returns 0 for all action classes if the model is
+marked as L</is_private>.  It returns 0 for all actions that are not
+C<Search> if the model is marked as L</is_protected>; otherwise, it
+returns true.
+
+=cut
+
+sub autogenerate_action {
+    my $class = shift;
+    my($action) = @_;
+
+    return 0 if $class->is_private;
+    return 0 if $class->is_protected and $action ne "Search";
+
+    return 1;
+}
+
+=head2 is_private
+
+Override this method to return true to not generate any actions for
+this model, and to hide it from REST introspection.
+
+=cut
+
+sub is_private { 0 }
+
+=head2 is_protected
+
+Override this method to return true to only generate Search actions
+for this model.
+
+=cut
+
+sub is_protected { return shift->is_private }
+
 1;

More information about the Jifty-commit mailing list