activemodel 3.0.20 → 3.1.0.beta1

data/lib/active_model/errors.rb

@@ -60,11 +60,13 @@ module ActiveModel
   #   p.validate!             # => ["can not be nil"]
   #   p.errors.full_messages  # => ["name can not be nil"]
   #   # etc..
-  class Errors < ActiveSupport::OrderedHash
-    include DeprecatedErrorMethods
+  class Errors
+    include Enumerable
 
     CALLBACKS_OPTIONS = [:if, :unless, :on, :allow_nil, :allow_blank]
 
+    attr_reader :messages
+
     # Pass in the instance of the object that is using the errors object.
     #
     #   class Person
@@ -73,12 +75,29 @@ module ActiveModel
     #     end
     #   end
     def initialize(base)
-      @base = base
-      super()
+      @base     = base
+      @messages = ActiveSupport::OrderedHash.new
+    end
+
+    # Clear the messages
+    def clear
+      messages.clear
+    end
+
+    # Do the error messages include an error with key +error+?
+    def include?(error)
+      messages.include? error
+    end
+
+    # Get messages for +key+
+    def get(key)
+      messages[key]
     end
 
-    alias_method :get, :[]
-    alias_method :set, :[]=
+    # Set messages for +key+ to +value+
+    def set(key, value)
+      messages[key] = value
+    end
 
     # When passed a symbol or a name of a method, returns an array of errors
     # for the method.
@@ -112,7 +131,7 @@ module ActiveModel
     #     # then yield :name and "must be specified"
     #   end
     def each
-      each_key do |attribute|
+      messages.each_key do |attribute|
         self[attribute].each { |error| yield attribute, error }
       end
     end
@@ -127,6 +146,16 @@ module ActiveModel
       values.flatten.size
     end
 
+    # Returns all message values
+    def values
+      messages.values
+    end
+
+    # Returns all message keys
+    def keys
+      messages.keys
+    end
+
     # Returns an array of error messages, with the attribute name included
     #
     #   p.errors.add(:name, "can't be blank")
@@ -171,9 +200,7 @@ module ActiveModel
     end
 
     def to_hash
-      hash = ActiveSupport::OrderedHash.new
-      each { |k, v| (hash[k] ||= []) << v }
-      hash
+      messages.dup
     end
 
     # Adds +message+ to the error messages on +attribute+, which will be returned on a call to
@@ -197,13 +224,6 @@ module ActiveModel
 
     # Will add an error message to each of the attributes in +attributes+ that is empty.
     def add_on_empty(attributes, options = {})
-      if options && !options.is_a?(Hash)
-        options = { :message => options }
-        ActiveSupport::Deprecation.warn \
-          "ActiveModel::Errors#add_on_empty(attributes, custom_message) has been deprecated.\n" +
-          "Instead of passing a custom_message pass an options Hash { :message => custom_message }."
-      end
-
       [attributes].flatten.each do |attribute|
         value = @base.send(:read_attribute_for_validation, attribute)
         is_empty = value.respond_to?(:empty?) ? value.empty? : false
@@ -213,13 +233,6 @@ module ActiveModel
 
     # Will add an error message to each of the attributes in +attributes+ that is blank (using Object#blank?).
     def add_on_blank(attributes, options = {})
-      if options && !options.is_a?(Hash)
-        options = { :message => options }
-        ActiveSupport::Deprecation.warn \
-          "ActiveModel::Errors#add_on_blank(attributes, custom_message) has been deprecated.\n" +
-          "Instead of passing a custom_message pass an options Hash { :message => custom_message }."
-      end
-
       [attributes].flatten.each do |attribute|
         value = @base.send(:read_attribute_for_validation, attribute)
         add(attribute, :blank, options) if value.blank?
@@ -237,26 +250,20 @@ module ActiveModel
     #   company.errors.full_messages # =>
     #     ["Name is too short (minimum is 5 characters)", "Name can't be blank", "Address can't be blank"]
     def full_messages
-      full_messages = []
-
-      each do |attribute, messages|
-        messages = Array.wrap(messages)
-        next if messages.empty?
-
+      map { |attribute, message|
         if attribute == :base
-          messages.each {|m| full_messages << m }
+          message
         else
           attr_name = attribute.to_s.gsub('.', '_').humanize
           attr_name = @base.class.human_attribute_name(attribute, :default => attr_name)
-          options = { :default => "%{attribute} %{message}", :attribute => attr_name }
 
-          messages.each do |m|
-            full_messages << I18n.t(:"errors.format", options.merge(:message => m))
-          end
+          I18n.t(:"errors.format", {
+            :default   => "%{attribute} %{message}",
+            :attribute => attr_name,
+            :message   => message
+          })
         end
-      end
-
-      full_messages
+      }
     end
 
     # Translates an error message in its default scope
@@ -271,29 +278,21 @@ module ActiveModel
     # When using inheritance in your models, it will check all the inherited
     # models too, but only if the model itself hasn't been found. Say you have
     # <tt>class Admin < User; end</tt> and you wanted the translation for
-    # the <tt>:blank</tt> error +message+ for the <tt>title</tt> +attribute+,
+    # the <tt>:blank</tt> error message for the <tt>title</tt> attribute,
     # it looks for these translations:
     #
-    # <ol>
-    # <li><tt>activemodel.errors.models.admin.attributes.title.blank</tt></li>
-    # <li><tt>activemodel.errors.models.admin.blank</tt></li>
-    # <li><tt>activemodel.errors.models.user.attributes.title.blank</tt></li>
-    # <li><tt>activemodel.errors.models.user.blank</tt></li>
-    # <li>any default you provided through the +options+ hash (in the activemodel.errors scope)</li>
-    # <li><tt>activemodel.errors.messages.blank</tt></li>
-    # <li><tt>errors.attributes.title.blank</tt></li>
-    # <li><tt>errors.messages.blank</tt></li>
-    # </ol>
+    # * <tt>activemodel.errors.models.admin.attributes.title.blank</tt>
+    # * <tt>activemodel.errors.models.admin.blank</tt>
+    # * <tt>activemodel.errors.models.user.attributes.title.blank</tt>
+    # * <tt>activemodel.errors.models.user.blank</tt>
+    # * any default you provided through the +options+ hash (in the <tt>activemodel.errors</tt> scope)
+    # * <tt>activemodel.errors.messages.blank</tt>
+    # * <tt>errors.attributes.title.blank</tt>
+    # * <tt>errors.messages.blank</tt>
+    #
     def generate_message(attribute, type = :invalid, options = {})
       type = options.delete(:message) if options[:message].is_a?(Symbol)
 
-      if options[:default]
-        ActiveSupport::Deprecation.warn \
-          "Giving :default as validation option to errors.add has been deprecated.\n" +
-          "Please use :message instead."
-        options[:message] = options.delete(:default)
-      end
-
       defaults = @base.class.lookup_ancestors.map do |klass|
         [ :"#{@base.class.i18n_scope}.errors.models.#{klass.model_name.i18n_key}.attributes.#{attribute}.#{type}",
           :"#{@base.class.i18n_scope}.errors.models.#{klass.model_name.i18n_key}.#{type}" ]

data/lib/active_model/lint.rb

@@ -23,7 +23,7 @@ module ActiveModel
       def test_to_key
         assert model.respond_to?(:to_key), "The model should respond to to_key"
         def model.persisted?() false end
-        assert model.to_key.nil?
+        assert model.to_key.nil?, "to_key should return nil when `persisted?` returns false"
       end
 
       # == Responds to <tt>to_param</tt>
@@ -40,7 +40,7 @@ module ActiveModel
         assert model.respond_to?(:to_param), "The model should respond to to_param"
         def model.to_key() [1] end
         def model.persisted?() false end
-        assert model.to_param.nil?
+        assert model.to_param.nil?, "to_param should return nil when `persisted?` returns false"
       end
 
       # == Responds to <tt>valid?</tt>

data/lib/active_model/mass_assignment_security.rb

@@ -20,78 +20,94 @@ module ActiveModel
     # For example, a logged in user may need to assign additional attributes depending
     # on their role:
     #
-    # class AccountsController < ApplicationController
-    #   include ActiveModel::MassAssignmentSecurity
+    #   class AccountsController < ApplicationController
+    #     include ActiveModel::MassAssignmentSecurity
     #
-    #   attr_accessible :first_name, :last_name
+    #     attr_accessible :first_name, :last_name
+    #     attr_accessible :first_name, :last_name, :plan_id, :as => :admin
     #
-    #   def self.admin_accessible_attributes
-    #     accessible_attributes + [ :plan_id ]
-    #   end
-    #
-    #   def update
-    #     ...
-    #     @account.update_attributes(account_params)
-    #     ...
-    #   end
+    #     def update
+    #       ...
+    #       @account.update_attributes(account_params)
+    #       ...
+    #     end
     #
-    #   protected
+    #     protected
     #
-    #   def account_params
-    #     sanitize_for_mass_assignment(params[:account])
-    #   end
+    #     def account_params
+    #       scope = admin ? :admin : :default
+    #       sanitize_for_mass_assignment(params[:account], scope)
+    #     end
     #
-    #   def mass_assignment_authorizer
-    #     admin ? admin_accessible_attributes : super
     #   end
     #
-    # end
-    #
     module ClassMethods
       # Attributes named in this macro are protected from mass-assignment
-      # whenever attributes are sanitized before assignment.
+      # whenever attributes are sanitized before assignment. A scope for the
+      # attributes is optional, if no scope is provided then :default is used.
+      # A scope can be defined by using the :as option.
       #
       # Mass-assignment to these attributes will simply be ignored, to assign
       # to them you can use direct writer methods. This is meant to protect
       # sensitive attributes from being overwritten by malicious users
-      # tampering with URLs or forms.
-      #
-      # == Example
+      # tampering with URLs or forms. Example:
       #
       #   class Customer
       #     include ActiveModel::MassAssignmentSecurity
       #
       #     attr_accessor :name, :credit_rating
-      #     attr_protected :credit_rating
       #
-      #     def attributes=(values)
-      #       sanitize_for_mass_assignment(values).each do |k, v|
+      #     attr_protected :credit_rating, :last_login
+      #     attr_protected :last_login, :as => :admin
+      #
+      #     def assign_attributes(values, options = {})
+      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
       #         send("#{k}=", v)
       #       end
       #     end
       #   end
       #
+      # When using a :default scope :
+      #
       #   customer = Customer.new
-      #   customer.attributes = { "name" => "David", "credit_rating" => "Excellent" }
+      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
       #   customer.name          # => "David"
       #   customer.credit_rating # => nil
+      #   customer.last_login    # => nil
       #
       #   customer.credit_rating = "Average"
       #   customer.credit_rating # => "Average"
       #
+      # And using the :admin scope :
+      #
+      #   customer = Customer.new
+      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
+      #   customer.name          # => "David"
+      #   customer.credit_rating # => "Excellent"
+      #   customer.last_login    # => nil
+      #
       # To start from an all-closed default and enable attributes as needed,
       # have a look at +attr_accessible+.
       #
       # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_protected+
       # to sanitize attributes won't provide sufficient protection.
-      def attr_protected(*names)
-        self._protected_attributes = self.protected_attributes + names
+      def attr_protected(*args)
+        options = args.extract_options!
+        scope = options[:as] || :default
+
+        self._protected_attributes        = protected_attributes_configs.dup
+        self._protected_attributes[scope] = self.protected_attributes(scope) + args
+
         self._active_authorizer = self._protected_attributes
       end
 
       # Specifies a white list of model attributes that can be set via
       # mass-assignment.
       #
+      # Like +attr_protected+, a scope for the attributes is optional,
+      # if no scope is provided then :default is used. A scope can be defined by
+      # using the :as option.
+      #
       # This is the opposite of the +attr_protected+ macro: Mass-assignment
       # will only set attributes in this list, to assign to the rest of
       # attributes you can use direct writer methods. This is meant to protect
@@ -104,57 +120,90 @@ module ActiveModel
       #     include ActiveModel::MassAssignmentSecurity
       #
       #     attr_accessor :name, :credit_rating
+      #
       #     attr_accessible :name
+      #     attr_accessible :name, :credit_rating, :as => :admin
       #
-      #     def attributes=(values)
-      #       sanitize_for_mass_assignment(values).each do |k, v|
+      #     def assign_attributes(values, options = {})
+      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
       #         send("#{k}=", v)
       #       end
       #     end
       #   end
       #
+      # When using a :default scope :
+      #
       #   customer = Customer.new
-      #   customer.attributes = { :name => "David", :credit_rating => "Excellent" }
+      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
       #   customer.name          # => "David"
       #   customer.credit_rating # => nil
       #
       #   customer.credit_rating = "Average"
       #   customer.credit_rating # => "Average"
       #
+      # And using the :admin scope :
+      #
+      #   customer = Customer.new
+      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
+      #   customer.name          # => "David"
+      #   customer.credit_rating # => "Excellent"
+      #
       # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of +attr_accessible+
       # to sanitize attributes won't provide sufficient protection.
-      def attr_accessible(*names)
-        self._accessible_attributes = self.accessible_attributes + names
+      def attr_accessible(*args)
+        options = args.extract_options!
+        scope = options[:as] || :default
+
+        self._accessible_attributes        = accessible_attributes_configs.dup
+        self._accessible_attributes[scope] = self.accessible_attributes(scope) + args
+
         self._active_authorizer = self._accessible_attributes
       end
 
-      def protected_attributes
-        self._protected_attributes ||= BlackList.new(attributes_protected_by_default).tap do |w|
-          w.logger = self.logger if self.respond_to?(:logger)
-        end
+      def protected_attributes(scope = :default)
+        protected_attributes_configs[scope]
       end
 
-      def accessible_attributes
-        self._accessible_attributes ||= WhiteList.new.tap { |w| w.logger = self.logger if self.respond_to?(:logger) }
+      def accessible_attributes(scope = :default)
+        accessible_attributes_configs[scope]
       end
 
-      def active_authorizer
-        self._active_authorizer ||= protected_attributes
+      def active_authorizers
+        self._active_authorizer ||= protected_attributes_configs
       end
+      alias active_authorizer active_authorizers
 
       def attributes_protected_by_default
         []
       end
+
+      private
+
+      def protected_attributes_configs
+        self._protected_attributes ||= begin
+          default_black_list = BlackList.new(attributes_protected_by_default).tap do |w|
+            w.logger = self.logger if self.respond_to?(:logger)
+          end
+          Hash.new(default_black_list)
+        end
+      end
+
+      def accessible_attributes_configs
+        self._accessible_attributes ||= begin
+          default_white_list = WhiteList.new.tap { |w| w.logger = self.logger if self.respond_to?(:logger) }
+          Hash.new(default_white_list)
+        end
+      end
     end
 
   protected
 
-    def sanitize_for_mass_assignment(attributes)
-      mass_assignment_authorizer.sanitize(attributes)
+    def sanitize_for_mass_assignment(attributes, scope = :default)
+      mass_assignment_authorizer(scope).sanitize(attributes)
     end
 
-    def mass_assignment_authorizer
-      self.class.active_authorizer
+    def mass_assignment_authorizer(scope = :default)
+      self.class.active_authorizer[scope]
     end
   end
 end

data/lib/active_model/naming.rb

@@ -1,20 +1,26 @@
 require 'active_support/inflector'
+require 'active_support/core_ext/hash/except'
+require 'active_support/core_ext/module/introspection'
 
 module ActiveModel
   class Name < String
-    attr_reader :singular, :plural, :element, :collection, :partial_path, :i18n_key
+    attr_reader :singular, :plural, :element, :collection, :partial_path, :route_key, :param_key, :i18n_key
     alias_method :cache_key, :collection
 
-    def initialize(klass)
+    def initialize(klass, namespace = nil)
       super(klass.name)
+      @unnamespaced = self.sub(/^#{namespace.name}::/, '') if namespace
+
       @klass = klass
-      @singular = ActiveSupport::Inflector.underscore(self).tr('/', '_').freeze
+      @singular = _singularize(self).freeze
       @plural = ActiveSupport::Inflector.pluralize(@singular).freeze
       @element = ActiveSupport::Inflector.underscore(ActiveSupport::Inflector.demodulize(self)).freeze
       @human = ActiveSupport::Inflector.humanize(@element).freeze
       @collection = ActiveSupport::Inflector.tableize(self).freeze
       @partial_path = "#{@collection}/#{@element}".freeze
-      @i18n_key = ActiveSupport::Inflector.underscore(self).tr('/', '.').to_sym
+      @param_key = (namespace ? _singularize(@unnamespaced) : @singular).freeze
+      @route_key = (namespace ? ActiveSupport::Inflector.pluralize(@param_key) : @plural).freeze
+      @i18n_key = self.underscore.to_sym
     end
 
     # Transform the model name into a more humane format, using I18n. By default,
@@ -28,16 +34,21 @@ module ActiveModel
                            @klass.respond_to?(:i18n_scope)
 
       defaults = @klass.lookup_ancestors.map do |klass|
-        [klass.model_name.i18n_key,
-         klass.model_name.i18n_key.to_s.tr('.', '/').to_sym]
-      end.flatten
+        klass.model_name.i18n_key
+      end
 
-      defaults << options.delete(:default) if options[:default]
+      defaults << options[:default] if options[:default]
       defaults << @human
 
-      options.reverse_merge! :scope => [@klass.i18n_scope, :models], :count => 1, :default => defaults
+      options = {:scope => [@klass.i18n_scope, :models], :count => 1, :default => defaults}.merge(options.except(:default))
       I18n.translate(defaults.shift, options)
     end
+
+    private
+
+    def _singularize(string, replacement='_')
+      ActiveSupport::Inflector.underscore(string).tr('/', replacement)
+    end
   end
 
   # == Active Model Naming
@@ -57,13 +68,16 @@ module ActiveModel
   #   BookModule::BookCover.model_name.i18n_key  # => "book_module.book_cover"
   #
   # Providing the functionality that ActiveModel::Naming provides in your object
-  # is required to pass the Active Model Lint test.  So either extending the provided
-  # method below, or rolling your own is required..
+  # is required to pass the Active Model Lint test. So either extending the provided
+  # method below, or rolling your own is required.
   module Naming
     # Returns an ActiveModel::Name object for module. It can be
     # used to retrieve all kinds of naming-related information.
     def model_name
-      @_model_name ||= ActiveModel::Name.new(self)
+      @_model_name ||= begin
+        namespace = self.parents.detect { |n| n.respond_to?(:_railtie) }
+        ActiveModel::Name.new(self, namespace)
+      end
     end
 
     # Returns the plural class name of a record or class. Examples:
@@ -90,9 +104,37 @@ module ActiveModel
       plural(record_or_class) == singular(record_or_class)
     end
 
+    # Returns string to use while generating route names. It differs for
+    # namespaced models regarding whether it's inside isolated engine.
+    #
+    # For isolated engine:
+    # ActiveModel::Naming.route_key(Blog::Post) #=> posts
+    #
+    # For shared engine:
+    # ActiveModel::Naming.route_key(Blog::Post) #=> blog_posts
+    def self.route_key(record_or_class)
+      model_name_from_record_or_class(record_or_class).route_key
+    end
+
+    # Returns string to use for params names. It differs for
+    # namespaced models regarding whether it's inside isolated engine.
+    #
+    # For isolated engine:
+    # ActiveModel::Naming.param_key(Blog::Post) #=> post
+    #
+    # For shared engine:
+    # ActiveModel::Naming.param_key(Blog::Post) #=> blog_post
+    def self.param_key(record_or_class)
+      model_name_from_record_or_class(record_or_class).param_key
+    end
+
     private
       def self.model_name_from_record_or_class(record_or_class)
-        (record_or_class.is_a?(Class) ? record_or_class : record_or_class.class).model_name
+        (record_or_class.is_a?(Class) ? record_or_class : convert_to_model(record_or_class).class).model_name
+      end
+
+      def self.convert_to_model(object)
+        object.respond_to?(:to_model) ? object.to_model : object
       end
   end