diff --git a/app/lib/presenters.rb b/app/lib/presenters.rb index 7e1bb077..ba997c8d 100644 --- a/app/lib/presenters.rb +++ b/app/lib/presenters.rb @@ -2,10 +2,8 @@ module Presenters # This is work in progress we're releasing early so # that it can be used in forwarding to send the current # values as they're received. - # TODO: add presenter tests, finish refactor following - # spec in your spreadsheet, remove unneeded options, - # use in appropriate views, add unauthorized_fields logic - # delete unneeded code in models and views. + # TODO: add presenter tests + # use in appropriate views, delete unneeded code in models and views. PRESENTERS = { Device => Presenters::DevicePresenter, User => Presenters::UserPresenter, diff --git a/app/lib/presenters/base_presenter.rb b/app/lib/presenters/base_presenter.rb index 27674423..cd6cbb2a 100644 --- a/app/lib/presenters/base_presenter.rb +++ b/app/lib/presenters/base_presenter.rb @@ -13,14 +13,23 @@ def initialize(model, current_user=nil, render_context=nil, options={}) @model = model @current_user = current_user @render_context = render_context + @unauthorized_fields = [] @options = self.default_options.merge(options) end def as_json(_opts=nil) - self.exposed_fields.inject({}) { |hash, field| + values = self.exposed_fields.inject({}) { |hash, field| value = self.send(field) value.nil? ? hash : hash.merge(field => value) } + unauthorized_fields.each do |field_path| + parent_path = field_path.dup + field_name = parent_path.pop + parent = parent_path.inject(values) { |vals, key| vals[key] } + parent[:unauthorized_fields] ||= [] + parent[:unauthorized_fields] << field_name + end + values end def method_missing(method, *args, &block) @@ -35,8 +44,21 @@ def present(other_model, options={}) Presenters.present(other_model, current_user, render_context, options) end + def authorized? + true + end + + def authorize!(*field_path, &block) + if authorized? + block.call + else + unauthorized_fields << field_path + nil + end + end + private - attr_reader :model, :current_user, :options, :render_context + attr_reader :model, :current_user, :options, :render_context, :unauthorized_fields end end diff --git a/app/lib/presenters/device_presenter.rb b/app/lib/presenters/device_presenter.rb index f6a4456a..7b6584aa 100644 --- a/app/lib/presenters/device_presenter.rb +++ b/app/lib/presenters/device_presenter.rb @@ -5,10 +5,8 @@ class DevicePresenter < BasePresenter def default_options { with_owner: true, - with_data: true, with_postprocessing: true, with_location: true, - slim_owner: false, never_authorized: false, readings: nil } @@ -41,11 +39,13 @@ def location end def data_policy - { - is_private: authorized? ? device.is_private : "[FILTERED]", - enable_forwarding: authorized? ? device.enable_forwarding : "[FILTERED]", - precise_location: authorized? ? device.precise_location : "[FILTERED]" - } + authorize!(:data_policy) do + { + is_private: device.is_private, + enable_forwarding: device.enable_forwarding, + precise_location: device.precise_location + } + end end def hardware @@ -54,7 +54,7 @@ def hardware type: device.hardware_type, version: device.hardware_version, slug: device.hardware_slug, - last_status_message: authorized? ? device.hardware_info : "[FILTERED]", + last_status_message: authorize!(:hardware, :last_status_message) { device.hardware_info }, } end @@ -69,11 +69,11 @@ def postprocessing end def device_token - authorized? ? device.device_token : "[FILTERED]" + authorize!(:device_token) { device.device_token } end def mac_address - authorized? ? device.mac_address : "[FILTERED]" + authorize!(:mac_address) { device.mac_address } end def components diff --git a/app/lib/presenters/user_presenter.rb b/app/lib/presenters/user_presenter.rb index e8991bb8..351db598 100644 --- a/app/lib/presenters/user_presenter.rb +++ b/app/lib/presenters/user_presenter.rb @@ -18,11 +18,11 @@ def profile_picture end def email - user.email if authorized? + authorize!(:email) { user.email } end def legacy_api_key - user.legacy_api_key if authorized? + authorize!(:legacy_api_key) { user.legacy_api_key } end def devices