closes #117

Author: catmando

ruby/hyper-model/Rakefile

@@ -1,20 +1,33 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
 
+def run_batches(batches)
+  failed = false
+  batches.each do |batch|
+    begin
+      Rake::Task["spec:batch#{batch}"].invoke
+    rescue SystemExit
+      failed = true
+    end
+  end
+  exit 1 if failed
+end
+
+
 task :part1 do
-  (1..2).each { |batch| Rake::Task["spec:batch#{batch}"].invoke rescue nil }
+  run_batches(1..2)
 end
 
 task :part2 do
-  (3..4).each { |batch| Rake::Task["spec:batch#{batch}"].invoke rescue nil }
+  run_batches(3..4)
 end
 
 task :part3 do
-  (5..7).each { |batch| Rake::Task["spec:batch#{batch}"].invoke rescue nil }
+  run_batches(5..7)
 end
 
 task :spec do
-  (1..7).each { |batch| Rake::Task["spec:batch#{batch}"].invoke rescue nil }
+  run_batches(1..7)
 end
 
 namespace :spec do
@@ -23,7 +36,6 @@ namespace :spec do
   end
   (1..7).each do |batch|
     RSpec::Core::RakeTask.new(:"batch#{batch}") do |t|
-      t.fail_on_error = false unless batch == 7
       t.pattern = "spec/batch#{batch}/**/*_spec.rb"
     end
   end

ruby/hyper-model/lib/active_record_base.rb

@@ -255,20 +255,6 @@ def has_many(name, *args, &block)
           pre_syncromesh_has_many name, *args, opts.except(:regulate), &block
         end
 
-        # add secure access for find, find_by, and belongs_to and has_one relations.
-        # No explicit security checks are needed here, as the data returned by these objects
-        # will be further processedand checked before returning.  I.e. it is not possible to
-        # simply return `find(1)` but if you try returning `find(1).name` the permission system
-        # will check to see if the name attribute can be legally sent to the current acting user.
-
-        def __secure_remote_access_to_find(_self, _acting_user, *args)
-          find(*args)
-        end
-
-        def __secure_remote_access_to_find_by(_self, _acting_user, *args)
-          find_by(*args)
-        end
-
         %i[belongs_to has_one].each do |macro|
           alias_method :"pre_syncromesh_#{macro}", macro
           define_method(macro) do |name, *aargs, &block|
@@ -330,8 +316,35 @@ def __hyperstack_secure_attributes(acting_user)
         regulate_scope(scope) {}
       end
 
-      finder_method :__hyperstack_internal_scoped_find_by do |hash|
-        find_by(hash)
+      finder_method :__hyperstack_internal_scoped_last do
+        last
+      end
+
+      scope :__hyperstack_internal_scoped_last_n, ->(n) { last(n) }
+
+      # implements find_by inside of scopes.  For security reasons we return nil
+      # if we cannot view at least the id of found record.  Otherwise a hacker
+      # could tell if a record exists depending on whether an access violation
+      # (i.e. it exists) or nil (it doesn't exist is returned.)  Note that
+      # view of id is permitted as long as any attribute of the record is
+      # accessible.
+      finder_method :__hyperstack_internal_scoped_find_by do |attrs|
+        begin
+          found = find_by(attrs)
+          found && found.check_permission_with_acting_user(acting_user, :view_permitted?, :id)
+        rescue Hyperstack::AccessViolation => e
+          message = []
+          message << Pastel.new.red("\n\nHYPERSTACK Access violation during find_by operation.")
+          message << Pastel.new.red("Access to the found record's id is not permitted. nil will be returned")
+          message << "    #{self.name}.find_by("
+          message << attrs.collect do |attr, value|
+            "      #{attr}: '#{value.inspect.truncate(120, separator: '...')}'"
+          end.join(",\n")
+          message << "    )"
+          message << "\n#{e.details}\n"
+          Hyperstack.on_error('find_by', self, attrs, message.join("\n"))
+          nil
+        end
       end
     end
   end

ruby/hyper-model/lib/reactive_record/active_record/base.rb

@@ -7,6 +7,21 @@ class Base
     scope :limit, ->() {}
     scope :offset, ->() {}
 
-    finder_method :__hyperstack_internal_scoped_find_by
+    finder_method :__hyperstack_internal_scoped_last
+    scope :__hyperstack_internal_scoped_last_n, ->(n) { last(n) }
+
+    ReactiveRecord::ScopeDescription.new(
+      self, :___hyperstack_internal_scoped_find_by,
+      client: ->(attrs) { !attrs.detect { |attr, value| attributes[attr] != value } }
+    )
+
+    def self.__hyperstack_internal_scoped_find_by(attrs)
+      collection = all.apply_scope(:___hyperstack_internal_scoped_find_by, attrs)
+      if !collection.collection
+        collection._find_by_initializer(self, attrs)
+      else
+        collection.first
+      end
+    end
   end
 end

ruby/hyper-model/lib/reactive_record/active_record/class_methods.rb

@@ -51,14 +51,24 @@ def model_name
       @model_name ||= ActiveModel::Name.new(self)
     end
 
+    def __hyperstack_preprocess_attrs(attrs)
+      if inheritance_column && self < base_class && !attrs.key?(inheritance_column)
+        attrs = attrs.merge(inheritance_column => model_name.to_s)
+      end
+      dealiased_attrs = {}
+      attrs.each { |attr, value| dealiased_attrs[_dealias_attribute(attr)] = value }
+    end
+
     def find(id)
-      ReactiveRecord::Base.find(self, primary_key => id)
+      find_by(primary_key => id)
     end
 
-    def find_by(opts = {})
-      dealiased_opts = {}
-      opts.each { |attr, value| dealiased_opts[_dealias_attribute(attr)] = value }
-      ReactiveRecord::Base.find(self, dealiased_opts)
+    def find_by(attrs = {})
+      attrs = __hyperstack_preprocess_attrs(attrs)
+      # r = ReactiveRecord::Base.find_locally(self, attrs, new_only: true)
+      # return r.ar_instance if r
+      (r = __hyperstack_internal_scoped_find_by(attrs)) || return
+      r.backing_record.sync_attributes(attrs).set_ar_instance!
     end
 
     def enum(*args)
@@ -176,7 +186,7 @@ def alias_attribute(new_name, old_name)
 
     def method_missing(name, *args, &block)
       if args.count == 1 && name.start_with?("find_by_") && !block
-        find_by(_dealias_attribute(name.sub(/^find_by_/, "")) => args[0])
+        find_by(name.sub(/^find_by_/, '') => args[0])
       elsif [].respond_to?(name)
         all.send(name, *args, &block)
       elsif name.end_with?('!')
@@ -193,16 +203,6 @@ def method_missing(name, *args, &block)
     # Any method ending with ! just means apply the method after forcing a reload
     # from the DB.
 
-    # alias pre_synchromesh_method_missing method_missing
-    #
-    # def method_missing(name, *args, &block)
-    #   return all.send(name, *args, &block) if [].respond_to?(name)
-    #   if name.end_with?('!')
-    #     return send(name.chop, *args, &block).send(:reload_from_db) rescue nil
-    #   end
-    #   pre_synchromesh_method_missing(name, *args, &block)
-    # end
-
     def create(*args, &block)
       new(*args).save(&block)
     end
@@ -246,10 +246,6 @@ def _all_filter
       end
     end
 
-    # def all=(_collection)
-    #   raise "NO LONGER IMPLEMENTED DOESNT PLAY WELL WITH SYNCHROMESH"
-    # end
-
     def unscoped
       ReactiveRecord::Base.unscoped[self] ||=
         ReactiveRecord::Collection
@@ -261,7 +257,8 @@ def finder_method(name)
       ReactiveRecord::ScopeDescription.new(self, "_#{name}", {})
       [name, "#{name}!"].each do |method|
         singleton_class.send(:define_method, method) do |*vargs|
-          all.apply_scope("_#{method}", *vargs).first
+          collection = all.apply_scope("_#{method}", *vargs)
+          collection.first
         end
       end
     end
@@ -367,7 +364,9 @@ def _react_param_conversion(param, opt = nil)
             # TODO: changed values as changes while just updating the synced values.
             target =
               if param[primary_key]
-                find(param[primary_key])
+                ReactiveRecord::Base.find(self, primary_key => param[primary_key]).tap do |r|
+                  r.backing_record.loaded_id = param[primary_key]
+                end
               else
                 new
               end

ruby/hyper-model/lib/reactive_record/active_record/instance_methods.rb

@@ -144,10 +144,12 @@ def destroyed?
       @backing_record.destroyed
     end
 
-    def new?
+    def new_record?
       @backing_record.new?
     end
 
+    alias new? new_record?
+
     def errors
       Hyperstack::Internal::State::Variable.get(@backing_record, @backing_record)
       @backing_record.errors

ruby/hyper-model/lib/reactive_record/active_record/reactive_record/backing_record_inspector.rb

@@ -26,11 +26,28 @@ def destroyed_details
     end
 
     def loading_details
-      "[loading #{vector}]"
+      "[loading #{pretty_vector}]"
     end
 
     def dirty_details
       "[changed id: #{id} #{changes}]"
     end
+
+    def pretty_vector
+      v = []
+      i = 0
+      while i < vector.length
+        if vector[i] == 'all' && vector[i + 1].is_a?(Array) &&
+           vector[i + 1][0] == '___hyperstack_internal_scoped_find_by' &&
+           vector[i + 2] == '*0'
+          v << ['find_by', vector[i + 1][1]]
+          i += 3
+        else
+          v << vector[i]
+          i += 1
+        end
+      end
+      v
+    end
   end
 end

ruby/hyper-model/lib/reactive_record/active_record/reactive_record/base.rb

@@ -67,30 +67,35 @@ def self.load_from_json(json, target = nil)
       load_data { ServerDataCache.load_from_json(json, target) }
     end
 
+    def self.find_locally(model, attrs, new_only: nil)
+      if (id_to_find = attrs[model.primary_key])
+        !new_only && lookup_by_id(model, id_to_find)
+      else
+        @records[model].detect do |r|
+          (r.new? || !new_only) &&
+            !attrs.detect { |attr, value| r.synced_attributes[attr] != value }
+        end
+      end
+    end
+
+    def self.find_by_id(model, id)
+      find(model, model.primary_key => id)
+    end
+
     def self.find(model, attrs)
       # will return the unique record with this attribute-value pair
       # value cannot be an association or aggregation
 
       # add the inheritance column if this is an STI subclass
 
-      inher_col = model.inheritance_column
-      if inher_col && model < model.base_class && !attrs.key?(inher_col)
-        attrs = attrs.merge(inher_col => model.model_name.to_s)
-      end
+      attrs = model.__hyperstack_preprocess_attrs(attrs)
 
       model = model.base_class
       primary_key = model.primary_key
 
       # already have a record with these attribute-value pairs?
 
-      record =
-        if (id_to_find = attrs[primary_key])
-          lookup_by_id(model, id_to_find)
-        else
-          @records[model].detect do |r|
-            !attrs.detect { |attr, value| r.synced_attributes[attr] != value }
-          end
-        end
+      record = find_locally(model, attrs)
 
       unless record
         # if not, and then the record may be loaded, but not have this attribute set yet,
@@ -102,10 +107,8 @@ def self.find(model, attrs)
           attrs = attrs.merge primary_key => id
         end
         # if we don't have a record then create one
-        # (record = new(model)).vector = [model, [:find_by, attribute => value]] unless record
-        record ||= set_vector_lookup(new(model), [model, [:find_by, attrs]])
-        # and set the values
-        attrs.each { |attr, value| record.sync_attribute(attr, value) }
+        record ||= set_vector_lookup(new(model), [model, *find_by_vector(attrs)])
+        record.sync_attributes(attrs)
       end
       # finally initialize and return the ar_instance
       record.set_ar_instance!
@@ -122,7 +125,6 @@ def self.new_from_vector(model, aggregate_owner, *vector)
       # record = @records[model].detect { |record| record.vector == vector }
       record = lookup_by_vector(vector)
       unless record
-
         record = new model
         set_vector_lookup(record, vector)
       end
@@ -175,6 +177,7 @@ def id=(value)
         @ar_instance.instance_variable_set(:@backing_record, existing_record)
         existing_record.attributes.merge!(attributes) { |key, v1, v2| v1 }
       end
+      @id = value
       value
     end
 
@@ -211,7 +214,7 @@ def errors
 
     def initialize_collections
       if (!vector || vector.empty?) && id && id != ''
-        Base.set_vector_lookup(self, [@model, [:find_by, @model.primary_key => id]])
+        Base.set_vector_lookup(self, [@model, *find_by_vector(@model.primary_key => id)])
       end
       Base.load_data do
         @model.reflect_on_all_associations.each do |assoc|
@@ -251,16 +254,20 @@ def sync_unscoped_collection!
       @synced_with_unscoped = !@synced_with_unscoped
     end
 
-    def sync_attribute(attribute, value)
+    def sync_attributes(attrs)
+      attrs.each { |attr, value| sync_attribute(attr, value) }
+      self
+    end
 
+    def sync_attribute(attribute, value)
       @synced_attributes[attribute] = @attributes[attribute] = value
       Base.set_id_lookup(self) if attribute == primary_key
 
       #@synced_attributes[attribute] = value.dup if value.is_a? ReactiveRecord::Collection
 
       if value.is_a? Collection
         @synced_attributes[attribute] = value.dup_for_sync
-      elsif aggregation = model.reflect_on_aggregation(attribute) and (aggregation.klass < ActiveRecord::Base)
+      elsif (aggregation = model.reflect_on_aggregation(attribute)) && (aggregation.klass < ActiveRecord::Base)
         value.backing_record.sync!
       elsif aggregation
         @synced_attributes[attribute] = aggregation.deserialize(aggregation.serialize(value))
@@ -278,6 +285,14 @@ def self.exists?(model, id)
       Base.lookup_by_id(model, id)
     end
 
+    def id_loaded?
+      @id
+    end
+
+    def loaded_id=(id)
+      @id = id
+    end
+
     def revert
       @changed_attributes.dup.each do |attribute|
         @ar_instance.send("#{attribute}=", @synced_attributes[attribute])