accessible_for 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +24 -5
- data/lib/accessible_for.rb +13 -7
- data/lib/mass_assignment_backport.rb +1 -2
- data/test/accessible_for_test.rb +2 -2
- data/test/mass_assignment_test.rb +8 -0
- metadata +1 -1
data/README.markdown
CHANGED
|
@@ -28,14 +28,25 @@ accessible_for API (to avoid name conflicts).
|
|
|
28
28
|
class TacoShop < Controller
|
|
29
29
|
include AccessibleFor
|
|
30
30
|
|
|
31
|
-
# there are no implicit roles and
|
|
32
|
-
|
|
31
|
+
# there are no implicit roles and
|
|
32
|
+
# you can declare only one role for each set of attributes
|
|
33
|
+
accessible_for :customer => [ :filling, :topping, :rating ]
|
|
33
34
|
accessible_for :manager => [ :filling, :topping, :price ]
|
|
34
|
-
|
|
35
|
+
|
|
36
|
+
# you can declare a role multiple times to add attributes,
|
|
37
|
+
# and specify a single value instead of an array
|
|
38
|
+
accessible_for :manager => :promotion
|
|
39
|
+
|
|
40
|
+
# If that's not DRY enough can compose access lists from other roles
|
|
41
|
+
# using the class method accessible_attributes
|
|
42
|
+
accessible_for :common => [ :filling, :topping ]
|
|
43
|
+
accessible_for :customer => accessible_attributes(:common) + [ :rating ]
|
|
44
|
+
accessible_for :manager => accessible_attributes(:common) + [ :price, :promotion ]
|
|
45
|
+
|
|
35
46
|
def update
|
|
36
47
|
Taco.find(params[:id]).update_attributes!(taco_params)
|
|
37
48
|
end
|
|
38
|
-
|
|
49
|
+
|
|
39
50
|
protected
|
|
40
51
|
|
|
41
52
|
def taco_params
|
|
@@ -44,11 +55,19 @@ accessible_for API (to avoid name conflicts).
|
|
|
44
55
|
if current_user.manager?
|
|
45
56
|
sanitize_for :manager, params[:taco]
|
|
46
57
|
else
|
|
47
|
-
sanitize_for :
|
|
58
|
+
sanitize_for :customer, params[:taco]
|
|
48
59
|
end
|
|
49
60
|
end
|
|
50
61
|
end
|
|
51
62
|
|
|
63
|
+
|
|
64
|
+
It's also possible to call sanitize_for with a block to loop over the
|
|
65
|
+
accessible name/value pairs:
|
|
66
|
+
|
|
67
|
+
sanitize_for(:default, params[:taco]) do |name, value|
|
|
68
|
+
puts "#{name}: #{value}"
|
|
69
|
+
end
|
|
70
|
+
|
|
52
71
|
## ActiveModel-workalike API
|
|
53
72
|
|
|
54
73
|
require 'mass_assignment_backport'
|
data/lib/accessible_for.rb
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
require 'mass_assignment_backport'
|
|
2
2
|
|
|
3
3
|
module AccessibleFor
|
|
4
|
-
VERSION = "0.3.
|
|
4
|
+
VERSION = "0.3.1"
|
|
5
5
|
|
|
6
6
|
def self.included(mod)
|
|
7
7
|
mod.extend ClassMethods
|
|
@@ -14,11 +14,14 @@ module AccessibleFor
|
|
|
14
14
|
params.each do |role, attrs|
|
|
15
15
|
self._accessible_attributes ||= {}
|
|
16
16
|
[role].flatten.each do |name|
|
|
17
|
-
self._accessible_attributes[name]
|
|
18
|
-
self._accessible_attributes[name] += [attrs].flatten
|
|
17
|
+
self._accessible_attributes[name] = accessible_attributes(name) + [attrs].flatten
|
|
19
18
|
end
|
|
20
19
|
end
|
|
21
20
|
end
|
|
21
|
+
|
|
22
|
+
def accessible_attributes role
|
|
23
|
+
_accessible_attributes[role] || []
|
|
24
|
+
end
|
|
22
25
|
end
|
|
23
26
|
|
|
24
27
|
def sanitize_for role, values
|
|
@@ -26,14 +29,17 @@ module AccessibleFor
|
|
|
26
29
|
if !self.class._accessible_attributes || self.class._accessible_attributes[role].nil?
|
|
27
30
|
return {}
|
|
28
31
|
end
|
|
29
|
-
{}
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
32
|
+
result = block_given? ? nil : {}
|
|
33
|
+
values.each do |k, v|
|
|
34
|
+
if self.class._accessible_attributes[role].include?(k.to_sym)
|
|
35
|
+
if block_given?
|
|
36
|
+
yield k, v
|
|
37
|
+
else
|
|
33
38
|
result[k] = v
|
|
34
39
|
end
|
|
35
40
|
end
|
|
36
41
|
end
|
|
42
|
+
result
|
|
37
43
|
end
|
|
38
44
|
end
|
|
39
45
|
|
|
@@ -5,7 +5,6 @@ module MassAssignmentBackport
|
|
|
5
5
|
end
|
|
6
6
|
|
|
7
7
|
module ClassMethods
|
|
8
|
-
|
|
9
8
|
def attr_accessible *args
|
|
10
9
|
options = args.last.kind_of?(Hash) ? args.pop : {}
|
|
11
10
|
role = options[:as] || :default
|
|
@@ -13,7 +12,7 @@ module MassAssignmentBackport
|
|
|
13
12
|
end
|
|
14
13
|
|
|
15
14
|
def accessible_attributes role=:default
|
|
16
|
-
|
|
15
|
+
super role
|
|
17
16
|
end
|
|
18
17
|
end
|
|
19
18
|
|
data/test/accessible_for_test.rb
CHANGED
|
@@ -3,7 +3,7 @@ require 'accessible_for'
|
|
|
3
3
|
class AccessibleForTest < MiniTest::Unit::TestCase
|
|
4
4
|
include AccessibleFor
|
|
5
5
|
accessible_for :default => :topping
|
|
6
|
-
accessible_for :manager => [:price
|
|
6
|
+
accessible_for :manager => accessible_attributes(:default) + [:price]
|
|
7
7
|
|
|
8
8
|
def test_nil_params
|
|
9
9
|
assert_nil sanitize_for(:default, nil)
|
|
@@ -27,7 +27,7 @@ class AccessibleForTest < MiniTest::Unit::TestCase
|
|
|
27
27
|
|
|
28
28
|
def test_accessible_role
|
|
29
29
|
manager = sanitize_for :manager, :topping => 'salsa', :price => 123, :extra => 'foo'
|
|
30
|
-
assert manager.has_key?(:topping), "role gets accessible key"
|
|
30
|
+
assert manager.has_key?(:topping), "role gets accessible key by querying another role"
|
|
31
31
|
assert manager.has_key?(:price), "role gets second accessible key"
|
|
32
32
|
assert !manager.has_key?(:extra), "role does not get extra key"
|
|
33
33
|
end
|
|
@@ -9,6 +9,14 @@ class MassAssignmentTest < MiniTest::Unit::TestCase
|
|
|
9
9
|
assert_nil sanitize_for_mass_assignment(nil)
|
|
10
10
|
end
|
|
11
11
|
|
|
12
|
+
def test_accessible_attributes_default
|
|
13
|
+
assert_equal [:topping], self.class.accessible_attributes
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def test_accessible_attributes_role
|
|
17
|
+
assert_equal [:topping, :price], self.class.accessible_attributes(:manager)
|
|
18
|
+
end
|
|
19
|
+
|
|
12
20
|
def test_block_form
|
|
13
21
|
result = {}
|
|
14
22
|
sanitize_for_mass_assignment(:topping => 'salsa', :price => 123, :extra => 'foo') do |k,v|
|