Merge branch 'edge' of github.com:hyperstack-org/hyperstack into edge

Author: catmando

docs/dsl-client/hyper-component.md

@@ -1,6 +1,7 @@
 # Stores
 
 **Work in progress - ALPHA (docs and code)**
+**These docs are out of date**
 
 Hyperstack **Stores** are implemented in the **HyperStore Gem**.
 

docs/dsl-client/hyper-store.md

@@ -2,113 +2,6 @@
 
 **WORK IN PROGRESS DOCS**
 
-First as you say to explicitly send stuff to all applicants. Policies work "backwards" to how you might think in a controller. In a controller you might check something like acting_user.chatrooms.include?(message.chatroom) whereas Hyperloop starts from the other end, it'll effectively do something like this message.chatroom.participants.include?(acting_user). Your job in a policy is to start with the actual record, then traverse the relationships to return the user or users it belongs to. Think in terms of "I have a thing, who are all the people who are allowed to see it?".
-Now that may or may not work in your case. If you have anonymous accounts for applicants but they all still have user records and thus IDs then it will work — job_posting.hiring_manager.applicants. But if applicants didn't have any record then you couldn't use this style of "instance channel policy". Instance == ids == non-public. So if something is public you can use a class channel. send_all.to(Applicant).
-Finally you can have many channels or just a few. In our app I've gone with a user instance channel, and a user class channel. That's just what works for my mental model. But you could have other instance and class channels to make dividing things up easier, your scope chains shorter, etc.
-Hopefully you can look at the docs now and see instance, class, channel, broadcast, etc. and come up with a way that works for you. Mitch's snippet looks good, I just tried to give some surrounding color.
-
-The policy send all bit is about once you've got a record/records, are you allowed to see it and what attributes are you allowed to see (in that case all, but you can permit a subset).
-The regulate bit is about what relations are you allowed to access. It may seem redundant as without regulations event if you loaded the relation you still wouldn't be able see any of the record attributes without a policy. So even without regulations there's no risk of exposing private information. BUT what would leak is lists IDs and counts. A count doesn't instantiate any records so there's nothing to run a policy on. Leaking counts and IDs is metadata that may or may not be sensitive, aka you wouldn't want an insurance company to be able to do patient.diseases.count. And if you're using UUIDs so you don't sequentially leak all of your public pages, again you'd want a regulation to protect that. They can also prevent denial of service attacks loading big expensive relations.
-So, broadcast policies are about who can see the attributes of an individual record (or collection but it's still run on each record individually). Regulations are about preventing business data leakage.
-
-------------
-
-from Mitch...
-
-These work very similar to pundit, and by design you can even mix pundit and hyperloop policies.
-Here is an example pundit policy from the pundit tutorial:
-
-# app/policies/article_policy.rb
-class ArticlePolicy < ApplicationPolicy
-  def index?
-    true
-  end
-
-  def create?
-    user.present?
-  end
-
-  def update?
-    return true if user.present? && user == article.user
-  end
-
-  def destroy?
-    return true if user.present? && user == article.user
-  end
-
-  private
-
-    def article
-      record
-    end
-end
-
---------------
-
-class ArticlePolicy < ApplicationPolicy
-  # def index?
-  #   true
-  # end
-
-  # read policies are defined as part of broadcast policies.  (if you can receive
-  # it in a broadcast then you can read it)
-  # There is no controller in hyperloop so broadcast/read policies
-  # are defined in terms of what data is sent to what channel
-
-  regulate_broadcast do |policy|
-    policy.send_all.to Application
-  end
-
-  # def create?
-  #   user.present? <- create is okay if user is not nil
-  # end
-
-  allow_create { acting_user }  # <- create is okay if acting_user is  not nil
-
-  # def update?
-  #   return true if user.present? && user == article.user
-  # end
-
-  # only difference is hyperloop makes it easier by
-  # 1) running the block with self == the the record
-  # 2) adding the acting_user method to self
-  # 3) treating exceptions as the same as nil
-
-  allow_update { acting_user == user }
-
-  # def destroy?
-  #   return true if user.present? && user == article.user
-  # end
-
-  allow_destroy { acting_user == user }
-
-  # the above two regulations are the same and so can be dried up like this:
-
-  allow_change(on: [:update, :destroy]) { acting_user == user }
-
-  # private
-  #
-  #   def article
-  #     record
-  #   end
-end
-
-without comments....
-
-class ArticlePolicy < ApplicationPolicy
-  regulate_broadcast { |policy| policy.send_all.to Application }
-
-  allow_create { acting_user }  # <- create is okay if acting_user is  not nil
-
-  allow_change(on: [:update, :destroy]) { acting_user == user }
-end
-
-BTW what if you want to restrict what data is broadcast? In Hyperloop you just update the regulation. In pundit you may have to edit both the index controller method and
-Policy class.
-
-
-**Work in progress - ALPHA (docs and code)**
-
 ## Authorization
 
 Access to your Isomorphic Models is controlled by *Policies* that describe how the current *acting_user* and *channels* may access your Models.
@@ -596,3 +489,110 @@ class ProductionCenterPolicy < MyPolicyClass
   ...
 end
 ```  
+
+---------------------------
+TODO: rewrite the following:
+
+First as you say to explicitly send stuff to all applicants. Policies work "backwards" to how you might think in a controller. In a controller you might check something like acting_user.chatrooms.include?(message.chatroom) whereas Hyperloop starts from the other end, it'll effectively do something like this message.chatroom.participants.include?(acting_user). Your job in a policy is to start with the actual record, then traverse the relationships to return the user or users it belongs to. Think in terms of "I have a thing, who are all the people who are allowed to see it?".
+Now that may or may not work in your case. If you have anonymous accounts for applicants but they all still have user records and thus IDs then it will work — job_posting.hiring_manager.applicants. But if applicants didn't have any record then you couldn't use this style of "instance channel policy". Instance == ids == non-public. So if something is public you can use a class channel. send_all.to(Applicant).
+Finally you can have many channels or just a few. In our app I've gone with a user instance channel, and a user class channel. That's just what works for my mental model. But you could have other instance and class channels to make dividing things up easier, your scope chains shorter, etc.
+Hopefully you can look at the docs now and see instance, class, channel, broadcast, etc. and come up with a way that works for you. Mitch's snippet looks good, I just tried to give some surrounding color.
+
+The policy send all bit is about once you've got a record/records, are you allowed to see it and what attributes are you allowed to see (in that case all, but you can permit a subset).
+The regulate bit is about what relations are you allowed to access. It may seem redundant as without regulations event if you loaded the relation you still wouldn't be able see any of the record attributes without a policy. So even without regulations there's no risk of exposing private information. BUT what would leak is lists IDs and counts. A count doesn't instantiate any records so there's nothing to run a policy on. Leaking counts and IDs is metadata that may or may not be sensitive, aka you wouldn't want an insurance company to be able to do patient.diseases.count. And if you're using UUIDs so you don't sequentially leak all of your public pages, again you'd want a regulation to protect that. They can also prevent denial of service attacks loading big expensive relations.
+So, broadcast policies are about who can see the attributes of an individual record (or collection but it's still run on each record individually). Regulations are about preventing business data leakage.
+
+------------
+
+from Mitch...
+
+These work very similar to pundit, and by design you can even mix pundit and hyperloop policies.
+Here is an example pundit policy from the pundit tutorial:
+
+# app/policies/article_policy.rb
+class ArticlePolicy < ApplicationPolicy
+  def index?
+    true
+  end
+
+  def create?
+    user.present?
+  end
+
+  def update?
+    return true if user.present? && user == article.user
+  end
+
+  def destroy?
+    return true if user.present? && user == article.user
+  end
+
+  private
+
+    def article
+      record
+    end
+end
+
+--------------
+
+class ArticlePolicy < ApplicationPolicy
+  # def index?
+  #   true
+  # end
+
+  # read policies are defined as part of broadcast policies.  (if you can receive
+  # it in a broadcast then you can read it)
+  # There is no controller in hyperloop so broadcast/read policies
+  # are defined in terms of what data is sent to what channel
+
+  regulate_broadcast do |policy|
+    policy.send_all.to Application
+  end
+
+  # def create?
+  #   user.present? <- create is okay if user is not nil
+  # end
+
+  allow_create { acting_user }  # <- create is okay if acting_user is  not nil
+
+  # def update?
+  #   return true if user.present? && user == article.user
+  # end
+
+  # only difference is hyperloop makes it easier by
+  # 1) running the block with self == the the record
+  # 2) adding the acting_user method to self
+  # 3) treating exceptions as the same as nil
+
+  allow_update { acting_user == user }
+
+  # def destroy?
+  #   return true if user.present? && user == article.user
+  # end
+
+  allow_destroy { acting_user == user }
+
+  # the above two regulations are the same and so can be dried up like this:
+
+  allow_change(on: [:update, :destroy]) { acting_user == user }
+
+  # private
+  #
+  #   def article
+  #     record
+  #   end
+end
+
+without comments....
+
+class ArticlePolicy < ApplicationPolicy
+  regulate_broadcast { |policy| policy.send_all.to Application }
+
+  allow_create { acting_user }  # <- create is okay if acting_user is  not nil
+
+  allow_change(on: [:update, :destroy]) { acting_user == user }
+end
+
+BTW what if you want to restrict what data is broadcast? In Hyperloop you just update the regulation. In pundit you may have to edit both the index controller method and
+Policy class.

docs/dsl-isomorphic/hyper-policy.md

@@ -1,18 +1,72 @@
 # Welcome to Hyperstack!
 
-We are in the process of renaming Hyperloop to Hyperstack, so these docs will reference Hyperstack while the code uses Hyperloop.
+## Hyperstack
 
-Alfie is about to finish his bone.
+Hyperstack is a Ruby-based DSL and modern web toolkit for building spectacular, interactive web applications fast!
 
-## Hyperstack
++ **One language** throughout the client and server. All Ruby code is compiled by [Opal](https://opalrb.com/) into JavaScript automatically.
++ Webpacker and Yarn tooling for a **modern, fast hot-reloader build environment with Ruby source maps**.
++ A well documented and stable Ruby DSL for wrapping **React** and **ReactRouter** as well as **any** JavaScript library or component. No need to learn JavaScript!
++ **Isomorphic Models with bi-directional data** so you can access your models as if they were on the client.
+
+All that means you can write simple front-end code like this:
+
+```ruby
+class GoodBooksToRead < Hyperstack::Component
+  render(UL) do
+    Book.good_books.each do |book|
+      LI { "Read #{book.name}" }.on(:click) { display book } if book.available?
+    end
+  end
+end
+```
+
+In the code above, if the `good_books` scope changed (even on the server), the UI would update automatically. That's the magic of React and Isomorphic Models with bi-directional data at work!
+
+## Website and documentation
+
++ Website: [hyperstack.org](https://hyperstack.org)
+
+Our website serves as a Hyperstack example application. All the doc content is loaded dynamically from this repo and converted to HTML on the fly. It uses React Semantic UI and a client-side JavaScript full-text search engine. Its a Rails app hosted on Heroku.
+
+## Setup and installation
+
+You can be up and running in **less than 5 minutes**. Just follow the simple setup guide for a new Rails application all correctly configured and ready to go with Hyperstack.
+
++ Setup and Installation: [https://hyperstack.org/edge/docs/installation)
+
+## Community and support
+
+Hyperstack is supported by a friendly, helpful community, both for users, and contributors. We welcome new people, please reach out and say hello.
+
++ Reach us at: [Gitter chat](https://gitter.im/ruby-hyperloop/chat)
+
+## Roadmap
+
+Hyperstack is evolving; we are improving it all the time. As much as we love Ruby today, we see ourselves embracing new languages in the future. [Crystal](https://crystal-lang.org/) perhaps? We are also watching [Wasm](https://webassembly.org/) carefully.
+
+Please see the [ROADMAP](https://github.com/hyperstack-org/hyperstack/blob/edge/ROADMAP.md) for more information.
+
+## Contributing
+
+If you would like to help, please read the [CONTRIBUTING](https://github.com/hyperstack-org/hyperstack/blob/edge/CONTRIBUTING.md) file for suggestions.
+
+## Links
+
++ Rubygems: https://rubygems.org/profiles/hyperstack
++ Travis: https://travis-ci.org/hyperstack-org
++ Website edge: https://edge.hyperstack.org/
++ Website master: https://hyperstack.org/
+
+## License
+
+Released under the MIT License. See the [LICENSE][https://github.com/hyperstack-org/hyperstack/blob/edge/LICENSE] file for further details.
 
-+ Webiste: https://hyperstack.org/
-+ Github: https://github.com/hyperstack-org
+## History
 
-## RubyHyperloop legacy
+Hyperstack is an evolution of [Ruby-Hyperloop](https://github.com/ruby-hyperloop). We decided to rename the project to drop the Ruby suffix and also took the opportunity to simplify the repos and project overall.
 
-+ RubyHyperloop (legacy version 0.99.x) is production ready and very stable
-+ This hyperloop-legacy branch will only contain critical bug fixes
-+ The original website is here: http://ruby-hyperloop.org/
-+ The final stable branch is https://github.com/hyperstack-org/hyperstack/tree/hyperloop-legacy
-  
++ Old website: http://ruby-hyperloop.org/
++ Old Github: https://github.com/ruby-hyperloop
++ Legacy branch: https://github.com/hyperstack-org/hyperstack/tree/hyperloop-legacy
++ Legacy install script: https://github.com/hyperstack-org/hyperstack/tree/hyperloop-legacy/install