accessible_attributes 0.0.1

data/spec/dummy/public/javascripts/rails.js

@@ -0,0 +1,175 @@
+(function() {
+  // Technique from Juriy Zaytsev
+  // http://thinkweb2.com/projects/prototype/detecting-event-support-without-browser-sniffing/
+  function isEventSupported(eventName) {
+    var el = document.createElement('div');
+    eventName = 'on' + eventName;
+    var isSupported = (eventName in el);
+    if (!isSupported) {
+      el.setAttribute(eventName, 'return;');
+      isSupported = typeof el[eventName] == 'function';
+    }
+    el = null;
+    return isSupported;
+  }
+
+  function isForm(element) {
+    return Object.isElement(element) && element.nodeName.toUpperCase() == 'FORM'
+  }
+
+  function isInput(element) {
+    if (Object.isElement(element)) {
+      var name = element.nodeName.toUpperCase()
+      return name == 'INPUT' || name == 'SELECT' || name == 'TEXTAREA'
+    }
+    else return false
+  }
+
+  var submitBubbles = isEventSupported('submit'),
+      changeBubbles = isEventSupported('change')
+
+  if (!submitBubbles || !changeBubbles) {
+    // augment the Event.Handler class to observe custom events when needed
+    Event.Handler.prototype.initialize = Event.Handler.prototype.initialize.wrap(
+      function(init, element, eventName, selector, callback) {
+        init(element, eventName, selector, callback)
+        // is the handler being attached to an element that doesn't support this event?
+        if ( (!submitBubbles && this.eventName == 'submit' && !isForm(this.element)) ||
+             (!changeBubbles && this.eventName == 'change' && !isInput(this.element)) ) {
+          // "submit" => "emulated:submit"
+          this.eventName = 'emulated:' + this.eventName
+        }
+      }
+    )
+  }
+
+  if (!submitBubbles) {
+    // discover forms on the page by observing focus events which always bubble
+    document.on('focusin', 'form', function(focusEvent, form) {
+      // special handler for the real "submit" event (one-time operation)
+      if (!form.retrieve('emulated:submit')) {
+        form.on('submit', function(submitEvent) {
+          var emulated = form.fire('emulated:submit', submitEvent, true)
+          // if custom event received preventDefault, cancel the real one too
+          if (emulated.returnValue === false) submitEvent.preventDefault()
+        })
+        form.store('emulated:submit', true)
+      }
+    })
+  }
+
+  if (!changeBubbles) {
+    // discover form inputs on the page
+    document.on('focusin', 'input, select, texarea', function(focusEvent, input) {
+      // special handler for real "change" events
+      if (!input.retrieve('emulated:change')) {
+        input.on('change', function(changeEvent) {
+          input.fire('emulated:change', changeEvent, true)
+        })
+        input.store('emulated:change', true)
+      }
+    })
+  }
+
+  function handleRemote(element) {
+    var method, url, params;
+
+    var event = element.fire("ajax:before");
+    if (event.stopped) return false;
+
+    if (element.tagName.toLowerCase() === 'form') {
+      method = element.readAttribute('method') || 'post';
+      url    = element.readAttribute('action');
+      params = element.serialize();
+    } else {
+      method = element.readAttribute('data-method') || 'get';
+      url    = element.readAttribute('href');
+      params = {};
+    }
+
+    new Ajax.Request(url, {
+      method: method,
+      parameters: params,
+      evalScripts: true,
+
+      onComplete:    function(request) { element.fire("ajax:complete", request); },
+      onSuccess:     function(request) { element.fire("ajax:success",  request); },
+      onFailure:     function(request) { element.fire("ajax:failure",  request); }
+    });
+
+    element.fire("ajax:after");
+  }
+
+  function handleMethod(element) {
+    var method = element.readAttribute('data-method'),
+        url = element.readAttribute('href'),
+        csrf_param = $$('meta[name=csrf-param]')[0],
+        csrf_token = $$('meta[name=csrf-token]')[0];
+
+    var form = new Element('form', { method: "POST", action: url, style: "display: none;" });
+    element.parentNode.insert(form);
+
+    if (method !== 'post') {
+      var field = new Element('input', { type: 'hidden', name: '_method', value: method });
+      form.insert(field);
+    }
+
+    if (csrf_param) {
+      var param = csrf_param.readAttribute('content'),
+          token = csrf_token.readAttribute('content'),
+          field = new Element('input', { type: 'hidden', name: param, value: token });
+      form.insert(field);
+    }
+
+    form.submit();
+  }
+
+
+  document.on("click", "*[data-confirm]", function(event, element) {
+    var message = element.readAttribute('data-confirm');
+    if (!confirm(message)) event.stop();
+  });
+
+  document.on("click", "a[data-remote]", function(event, element) {
+    if (event.stopped) return;
+    handleRemote(element);
+    event.stop();
+  });
+
+  document.on("click", "a[data-method]", function(event, element) {
+    if (event.stopped) return;
+    handleMethod(element);
+    event.stop();
+  });
+
+  document.on("submit", function(event) {
+    var element = event.findElement(),
+        message = element.readAttribute('data-confirm');
+    if (message && !confirm(message)) {
+      event.stop();
+      return false;
+    }
+
+    var inputs = element.select("input[type=submit][data-disable-with]");
+    inputs.each(function(input) {
+      input.disabled = true;
+      input.writeAttribute('data-original-value', input.value);
+      input.value = input.readAttribute('data-disable-with');
+    });
+
+    var element = event.findElement("form[data-remote]");
+    if (element) {
+      handleRemote(element);
+      event.stop();
+    }
+  });
+
+  document.on("ajax:after", "form", function(event, element) {
+    var inputs = element.select("input[type=submit][disabled=true][data-disable-with]");
+    inputs.each(function(input) {
+      input.value = input.readAttribute('data-original-value');
+      input.removeAttribute('data-original-value');
+      input.disabled = false;
+    });
+  });
+})();

data/spec/dummy/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../config/application',  __FILE__)
+require File.expand_path('../../config/boot',  __FILE__)
+require 'rails/commands'

data/spec/models/session_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe ActiveRecord::SessionStore::Session do
+  it "should mass-assign session_id" do
+    s = ActiveRecord::SessionStore::Session.new(:session_id => "abc123")
+    s.session_id.should_not be_blank
+    s.session_id.should == "abc123"
+  end
+end

data/spec/models/user_spec.rb

@@ -0,0 +1,37 @@
+require 'spec_helper'
+
+describe User do
+  before(:each) do
+    @attrs = {
+      :email => 'test@example.com',
+      :password => 'password',
+      :role => 'admin'
+    }
+  end
+
+  describe 'when creating a user' do
+    it "should not mass-assign role" do
+      u = User.new(@attrs)
+      u.role.should be_blank
+    end
+  end
+
+  describe 'when updating attributes' do
+    it "should not mass-assign role" do
+      u = User.new
+      u.update_attributes(@attrs)
+      u.role.should be_blank
+    end
+  end
+
+  describe 'with accessible :all' do
+    it "should mass-assign role" do
+      u = User.new
+      u.accessible = :all
+      u.update_attributes(@attrs)
+      u.role.should_not be_blank
+      u.role.should == "admin"
+    end
+  end
+end
+

data/spec/spec_helper.rb

@@ -0,0 +1,31 @@
+# Configure Rails Envinronment
+ENV["RAILS_ENV"] = "test"
+
+require File.expand_path("../dummy/config/environment.rb",  __FILE__)
+require 'active_record'
+require 'active_record/session_store'
+require "rails/test_help"
+require "rspec/rails"
+
+Rails.backtrace_cleaner.remove_silencers!
+
+# Configure capybara for integration testing
+#require "capybara/rails"
+#Capybara.default_driver   = :rack_test
+#Capybara.default_selector = :css
+
+# Run any available migration
+ActiveRecord::Migrator.migrate File.expand_path("../dummy/db/migrate/", __FILE__)
+
+# Load support files
+Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each { |f| require f }
+
+RSpec.configure do |config|
+  # Remove this line if you don't want Rspec's should and should_not
+  # methods or matchers
+  require 'rspec/expectations'
+  config.include Rspec::Matchers
+
+  # == Mock Framework
+  config.mock_with :rspec
+end

metadata

@@ -0,0 +1,214 @@
+--- !ruby/object:Gem::Specification 
+name: accessible_attributes
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 0
+  - 0
+  - 1
+  version: 0.0.1
+platform: ruby
+authors: 
+- Steven Hancock
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-12-12 00:00:00 -08:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: rails
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 3
+        - 0
+        - 3
+        version: 3.0.3
+  type: :runtime
+  prerelease: false
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bundler
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 0
+        - 3
+        version: 1.0.3
+  type: :development
+  prerelease: false
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rspec
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 2
+        - 0
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: *id003
+- !ruby/object:Gem::Dependency 
+  name: rspec-rails
+  requirement: &id004 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 2
+        - 2
+        - 0
+        version: 2.2.0
+  type: :development
+  prerelease: false
+  version_requirements: *id004
+- !ruby/object:Gem::Dependency 
+  name: sqlite3-ruby
+  requirement: &id005 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id005
+- !ruby/object:Gem::Dependency 
+  name: rdoc
+  requirement: &id006 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id006
+- !ruby/object:Gem::Dependency 
+  name: rake
+  requirement: &id007 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  prerelease: false
+  version_requirements: *id007
+description: Dynamic attr_accessible for Active Record, inspired by Ryan Bates Railscasts episode 237
+email: 
+- stevenh512@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- .gitignore
+- .rspec
+- Gemfile
+- Gemfile.lock
+- MIT-LICENSE
+- README.rdoc
+- Rakefile
+- accessible_attributes.gemspec
+- lib/accessible_attributes.rb
+- lib/accessible_attributes/version.rb
+- spec/accessible_attributes_spec.rb
+- spec/dummy/Rakefile
+- spec/dummy/app/controllers/application_controller.rb
+- spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/app/models/user.rb
+- spec/dummy/app/views/layouts/application.html.erb
+- spec/dummy/config.ru
+- spec/dummy/config/application.rb
+- spec/dummy/config/boot.rb
+- spec/dummy/config/database.yml
+- spec/dummy/config/environment.rb
+- spec/dummy/config/environments/development.rb
+- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environments/test.rb
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/inflections.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/secret_token.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/routes.rb
+- spec/dummy/db/migrate/20101213021505_add_sessions_table.rb
+- spec/dummy/db/migrate/20101213021620_create_users.rb
+- spec/dummy/db/test.sqlite3
+- spec/dummy/public/404.html
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/favicon.ico
+- spec/dummy/public/javascripts/application.js
+- spec/dummy/public/javascripts/controls.js
+- spec/dummy/public/javascripts/dragdrop.js
+- spec/dummy/public/javascripts/effects.js
+- spec/dummy/public/javascripts/prototype.js
+- spec/dummy/public/javascripts/rails.js
+- spec/dummy/public/stylesheets/.gitkeep
+- spec/dummy/script/rails
+- spec/models/session_spec.rb
+- spec/models/user_spec.rb
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/stevenh512/accessible_attributes
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 120110193
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">"
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 6
+      version: 1.3.6
+requirements: []
+
+rubyforge_project: accessible_attributes
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Dynamic attr_accessible for Active Record
+test_files: []
+