search

hyperstack-org / hyperstack

Hyperstack ALPHA https://hyperstack.org
https://docs.hyperstack.org
MIT License
540 stars 41 forks source link

alternative server_method api #351

Open catmando opened 3 years ago

catmando commented 3 years ago

given you have an existing model, which needs some of the methods to be defined as server_methods, it would be nice to say something like:

remote_access_to(:foo, :bar) { acting_user.admin? }

where foo and bar are existing instance methods.

or

remote_access_to(:foo, bar: 12) ...

which will give a default value of 12 to bar.

This is nice not only because it allows for existing methods to be declared as server methods without modification, but it also allows for a common security block to be provided, instead of repeating it. It also is a nicer separation of concerns.

Basic implementation is straight forward: On the client methods :foo and :bar are defined like any other server method, and will call the method with the security name prefix. On the server, the secured method calls the block, and if successfully returns true, continues on and calls the method.

There are complexities:

  1. if the remote_access_to declaration is placed BEFORE the definition of foo and bar, you have to make sure that those definitions are server only. It might be possible by redefining define_method, to check for this case...

  2. If foo and bar are server side only, then it would be nice if they could be declared in a file that is in app/models. This can be done by putting the server and client defs in app/hyperstack/models, and then putting server only defs in app/models and adding a require Rails.root.join('app', 'models', 'sample.rb') unless RUBY_ENGINE == 'opal' at the start of the file, and maybe with some hacking we could make a method called require_server_definitions that would automatically figure out the file being loaded, and then load the same file from app/models.

And a nice feature:

server_methods by default assume that they are returning a value, and thus will cache the value on the client once its retrieved. You can force a re-retrieval of the value by adding a ! to the method name. But in many cases you just want the method to be run on the server every time its called, anyway. So how about a no_cache parameter added to the server method args.

catmando commented 3 years ago

This really needs some more thought. what we need is a way to perform an operation on the server have any models related to the operation be setup in the server context (like save does during validation) and then return the value like a normal operation. Lots of thinking to do