accessible_for 0.3.1 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +4 -4
- data/lib/accessible_for.rb +7 -10
- data/lib/mass_assignment_backport.rb +1 -1
- data/test/accessible_for_test.rb +2 -2
- metadata +2 -2
data/README.markdown
CHANGED
@@ -37,11 +37,11 @@ accessible_for API (to avoid name conflicts).
|
|
37
37
|
# and specify a single value instead of an array
|
38
38
|
accessible_for :manager => :promotion
|
39
39
|
|
40
|
-
# If that's not DRY enough can compose access lists from other roles
|
41
|
-
# using the class method
|
40
|
+
# If that's not DRY enough you can compose access lists from other roles
|
41
|
+
# using the class method accessible_by
|
42
42
|
accessible_for :common => [ :filling, :topping ]
|
43
|
-
accessible_for :customer =>
|
44
|
-
accessible_for :manager =>
|
43
|
+
accessible_for :customer => accessible_by(:common) + [ :rating ]
|
44
|
+
accessible_for :manager => accessible_by(:common) + [ :price, :promotion ]
|
45
45
|
|
46
46
|
def update
|
47
47
|
Taco.find(params[:id]).update_attributes!(taco_params)
|
data/lib/accessible_for.rb
CHANGED
@@ -1,37 +1,34 @@
|
|
1
1
|
require 'mass_assignment_backport'
|
2
2
|
|
3
3
|
module AccessibleFor
|
4
|
-
VERSION = "0.
|
4
|
+
VERSION = "0.4.0"
|
5
5
|
|
6
6
|
def self.included(mod)
|
7
7
|
mod.extend ClassMethods
|
8
8
|
end
|
9
9
|
|
10
10
|
module ClassMethods
|
11
|
-
attr_accessor :
|
11
|
+
attr_accessor :_accessible_by
|
12
12
|
|
13
13
|
def accessible_for params
|
14
14
|
params.each do |role, attrs|
|
15
|
-
self.
|
15
|
+
self._accessible_by ||= {}
|
16
16
|
[role].flatten.each do |name|
|
17
|
-
self.
|
17
|
+
self._accessible_by[name] = accessible_by(name) + [attrs].flatten
|
18
18
|
end
|
19
19
|
end
|
20
20
|
end
|
21
21
|
|
22
|
-
def
|
23
|
-
|
22
|
+
def accessible_by role
|
23
|
+
_accessible_by && _accessible_by[role] || []
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
27
|
def sanitize_for role, values
|
28
28
|
return nil if values.nil?
|
29
|
-
if !self.class._accessible_attributes || self.class._accessible_attributes[role].nil?
|
30
|
-
return {}
|
31
|
-
end
|
32
29
|
result = block_given? ? nil : {}
|
33
30
|
values.each do |k, v|
|
34
|
-
if self.class.
|
31
|
+
if self.class.accessible_by(role).include?(k.to_sym)
|
35
32
|
if block_given?
|
36
33
|
yield k, v
|
37
34
|
else
|
data/test/accessible_for_test.rb
CHANGED
@@ -3,7 +3,7 @@ require 'accessible_for'
|
|
3
3
|
class AccessibleForTest < MiniTest::Unit::TestCase
|
4
4
|
include AccessibleFor
|
5
5
|
accessible_for :default => :topping
|
6
|
-
accessible_for :manager =>
|
6
|
+
accessible_for :manager => accessible_by(:default) + [:price]
|
7
7
|
|
8
8
|
def test_nil_params
|
9
9
|
assert_nil sanitize_for(:default, nil)
|
@@ -33,7 +33,7 @@ class AccessibleForTest < MiniTest::Unit::TestCase
|
|
33
33
|
end
|
34
34
|
|
35
35
|
class UnspecifiedTest
|
36
|
-
include
|
36
|
+
include AccessibleFor
|
37
37
|
end
|
38
38
|
|
39
39
|
def test_unspecified_strips_values
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: accessible_for
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-03-
|
12
|
+
date: 2012-03-08 00:00:00.000000000Z
|
13
13
|
dependencies: []
|
14
14
|
description: ! " This is a simple mass-assignment security module loosely based
|
15
15
|
on\n ActiveModel::MassAssignmentSecurity. It attempts to steal the good ideas\n
|