activemodel 3.1.12 → 3.2.0.rc1

data/lib/active_model/mass_assignment_security/sanitizer.rb

@@ -1,9 +1,14 @@
+require 'active_support/core_ext/module/delegation'
+
 module ActiveModel
   module MassAssignmentSecurity
-    module Sanitizer
+    class Sanitizer
+      def initialize(target=nil)
+      end
+
       # Returns all attributes not denied by the authorizer.
-      def sanitize(attributes)
-        sanitized_attributes = attributes.reject { |key, value| deny?(key) }
+      def sanitize(attributes, authorizer)
+        sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
         debug_protected_attribute_removal(attributes, sanitized_attributes)
         sanitized_attributes
       end
@@ -12,12 +17,43 @@ module ActiveModel
 
       def debug_protected_attribute_removal(attributes, sanitized_attributes)
         removed_keys = attributes.keys - sanitized_attributes.keys
-        warn!(removed_keys) if removed_keys.any?
+        process_removed_attributes(removed_keys) if removed_keys.any?
+      end
+
+      def process_removed_attributes(attrs)
+        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+      end
+    end
+
+    class LoggerSanitizer < Sanitizer
+      delegate :logger, :to => :@target
+
+      def initialize(target)
+        @target = target
+        super
       end
 
-      def warn!(attrs)
-        self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if self.logger
+      def logger?
+        @target.respond_to?(:logger) && @target.logger
       end
+
+      def process_removed_attributes(attrs)
+        logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
+      end
+    end
+
+    class StrictSanitizer < Sanitizer
+      def process_removed_attributes(attrs)
+        return if (attrs - insensitive_attributes).empty?
+        raise ActiveModel::MassAssignmentSecurity::Error, "Can't mass-assign protected attributes: #{attrs.join(', ')}"
+      end
+
+      def insensitive_attributes
+        ['id']
+      end
+    end
+
+    class Error < StandardError
     end
   end
 end

data/lib/active_model/naming.rb

@@ -1,6 +1,7 @@
 require 'active_support/inflector'
 require 'active_support/core_ext/hash/except'
 require 'active_support/core_ext/module/introspection'
+require 'active_support/core_ext/module/deprecation'
 
 module ActiveModel
   class Name < String
@@ -9,17 +10,22 @@ module ActiveModel
 
     alias_method :cache_key, :collection
 
+    deprecate :partial_path => "ActiveModel::Name#partial_path is deprecated. Call #to_partial_path on model instances directly instead."
+
     def initialize(klass, namespace = nil, name = nil)
       name ||= klass.name
+
+      raise ArgumentError, "Class name cannot be blank. You need to supply a name argument when anonymous class given" if name.blank?
+
       super(name)
-      @unnamespaced = self.sub(/^#{namespace.name}::/, '') if namespace
 
-      @klass = klass
-      @singular = _singularize(self).freeze
-      @plural = ActiveSupport::Inflector.pluralize(@singular).freeze
-      @element = ActiveSupport::Inflector.underscore(ActiveSupport::Inflector.demodulize(self)).freeze
-      @human = ActiveSupport::Inflector.humanize(@element).freeze
-      @collection = ActiveSupport::Inflector.tableize(self).freeze
+      @unnamespaced = self.sub(/^#{namespace.name}::/, '') if namespace
+      @klass        = klass
+      @singular     = _singularize(self).freeze
+      @plural       = ActiveSupport::Inflector.pluralize(@singular).freeze
+      @element      = ActiveSupport::Inflector.underscore(ActiveSupport::Inflector.demodulize(self)).freeze
+      @human        = ActiveSupport::Inflector.humanize(@element).freeze
+      @collection   = ActiveSupport::Inflector.tableize(self).freeze
       @partial_path = "#{@collection}/#{@element}".freeze
       @param_key    = (namespace ? _singularize(@unnamespaced) : @singular).freeze
       @i18n_key     = self.underscore.to_sym
@@ -71,8 +77,8 @@ module ActiveModel
   #   BookCover.model_name        # => "BookCover"
   #   BookCover.model_name.human  # => "Book cover"
   #
-  #   BookCover.model_name.i18n_key              # => "book_cover"
-  #   BookModule::BookCover.model_name.i18n_key  # => "book_module.book_cover"
+  #   BookCover.model_name.i18n_key              # => :book_cover
+  #   BookModule::BookCover.model_name.i18n_key  # => :"book_module/book_cover"
   #
   # Providing the functionality that ActiveModel::Naming provides in your object
   # is required to pass the Active Model Lint test. So either extending the provided
@@ -82,7 +88,9 @@ module ActiveModel
     # used to retrieve all kinds of naming-related information.
     def model_name
       @_model_name ||= begin
-        namespace = self.parents.detect { |n| n.respond_to?(:_railtie) }
+        namespace = self.parents.detect do |n|
+          n.respond_to?(:use_relative_model_naming?) && n.use_relative_model_naming?
+        end
         ActiveModel::Name.new(self, namespace)
       end
     end

data/lib/active_model/observer_array.rb

@@ -15,7 +15,7 @@ module ActiveModel
       disabled_observers.include?(observer.class)
     end
 
-    # Disables one or more observers.  This supports multiple forms:
+    # Disables one or more observers. This supports multiple forms:
     #
     #   ORM.observers.disable :user_observer
     #     # => disables the UserObserver
@@ -38,7 +38,7 @@ module ActiveModel
       set_enablement(false, observers, &block)
     end
 
-    # Enables one or more observers.  This supports multiple forms:
+    # Enables one or more observers. This supports multiple forms:
     #
     #   ORM.observers.enable :user_observer
     #     # => enables the UserObserver
@@ -59,7 +59,7 @@ module ActiveModel
     #     # just the duration of the block
     #   end
     #
-    # Note: all observers are enabled by default.  This method is only
+    # Note: all observers are enabled by default. This method is only
     # useful when you have previously disabled one or more observers.
     def enable(*observers, &block)
       set_enablement(true, observers, &block)

data/lib/active_model/observing.rb

@@ -187,8 +187,7 @@ module ActiveModel
       def observe(*models)
         models.flatten!
         models.collect! { |model| model.respond_to?(:to_sym) ? model.to_s.camelize.constantize : model }
-        remove_possible_method(:observed_classes)
-        define_method(:observed_classes) { models }
+        redefine_method(:observed_classes) { models }
       end
 
       # Returns an array of Classes to observe.

data/lib/active_model/secure_password.rb

@@ -32,8 +32,8 @@ module ActiveModel
       #   User.find_by_name("david").try(:authenticate, "notright")      # => nil
       #   User.find_by_name("david").try(:authenticate, "mUc3m00RsqyRe") # => user
       def has_secure_password
-        # Load bcrypt-ruby only when has_secured_password is used to avoid make ActiveModel
-        # (and by extension the entire framework) dependent on a binary library.
+        # Load bcrypt-ruby only when has_secure_password is used.
+        # This is to avoid ActiveModel (and by extension the entire framework) being dependent on a binary library.
         gem 'bcrypt-ruby', '~> 3.0.0'
         require 'bcrypt'
 

data/lib/active_model/serialization.rb

@@ -33,7 +33,7 @@ module ActiveModel
   # you want to serialize and their current value.
   #
   # Most of the time though, you will want to include the JSON or XML
-  # serializations.  Both of these modules automatically include the
+  # serializations. Both of these modules automatically include the
   # ActiveModel::Serialization module, so there is no need to explicitly
   # include it.
   #
@@ -71,18 +71,69 @@ module ActiveModel
     def serializable_hash(options = nil)
       options ||= {}
 
-      only   = Array.wrap(options[:only]).map(&:to_s)
-      except = Array.wrap(options[:except]).map(&:to_s)
-
       attribute_names = attributes.keys.sort
-      if only.any?
-        attribute_names &= only
-      elsif except.any?
-        attribute_names -= except
+      if only = options[:only]
+        attribute_names &= Array.wrap(only).map(&:to_s)
+      elsif except = options[:except]
+        attribute_names -= Array.wrap(except).map(&:to_s)
+      end
+
+      hash = {}
+      attribute_names.each { |n| hash[n] = read_attribute_for_serialization(n) }
+
+      method_names = Array.wrap(options[:methods]).select { |n| respond_to?(n) }
+      method_names.each { |n| hash[n] = send(n) }
+
+      serializable_add_includes(options) do |association, records, opts|
+        hash[association] = if records.is_a?(Enumerable)
+          records.map { |a| a.serializable_hash(opts) }
+        else
+          records.serializable_hash(opts)
+        end
       end
 
-      method_names = Array.wrap(options[:methods]).map { |n| n if respond_to?(n.to_s) }.compact
-      Hash[(attribute_names + method_names).map { |n| [n, send(n)] }]
+      hash
     end
+
+    private
+
+      # Hook method defining how an attribute value should be retrieved for
+      # serialization. By default this is assumed to be an instance named after
+      # the attribute. Override this method in subclasses should you need to
+      # retrieve the value for a given attribute differently:
+      #
+      #   class MyClass
+      #     include ActiveModel::Validations
+      #
+      #     def initialize(data = {})
+      #       @data = data
+      #     end
+      #
+      #     def read_attribute_for_serialization(key)
+      #       @data[key]
+      #     end
+      #   end
+      #
+      alias :read_attribute_for_serialization :send
+
+      # Add associations specified via the <tt>:include</tt> option.
+      #
+      # Expects a block that takes as arguments:
+      #   +association+ - name of the association
+      #   +records+     - the association record(s) to be serialized
+      #   +opts+        - options for the association records
+      def serializable_add_includes(options = {}) #:nodoc:
+        return unless include = options[:include]
+
+        unless include.is_a?(Hash)
+          include = Hash[Array.wrap(include).map { |n| n.is_a?(Hash) ? n.to_a.first : [n, {}] }]
+        end
+
+        include.each do |association, opts|
+          if records = send(association)
+            yield association, records, opts
+          end
+        end
+      end
   end
 end

data/lib/active_model/serializers/json.rb

@@ -15,7 +15,7 @@ module ActiveModel
         self.include_root_in_json = true
       end
 
-      # Returns a JSON string representing the model. Some configuration can be
+      # Returns a hash representing the model. Some configuration can be
       # passed through +options+.
       #
       # The option <tt>include_root_in_json</tt> controls the top-level behavior
@@ -32,10 +32,17 @@ module ActiveModel
       #   # => {"id": 1, "name": "Konata Izumi", "age": 16,
       #         "created_at": "2006/08/01", "awesome": true}
       #
-      # The remainder of the examples in this section assume +include_root_in_json+
-      # is false.
+      # This behavior can also be achieved by setting the <tt>:root</tt> option to +false+ as in:
       #
-      # Without any +options+, the returned JSON string will include all the model's
+      #   user = User.find(1)
+      #   user.as_json(root: false)
+      #   # =>  {"id": 1, "name": "Konata Izumi", "age": 16,
+      #          "created_at": "2006/08/01", "awesome": true}
+      #
+      # The remainder of the examples in this section assume include_root_in_json is set to
+      # <tt>false</tt>.
+      #
+      # Without any +options+, the returned Hash will include all the model's
       # attributes. For example:
       #
       #   user = User.find(1)
@@ -79,21 +86,20 @@ module ActiveModel
       #                    "title": "Welcome to the weblog"},
       #                   {"comments": [{"body": "Don't think too hard"}],
       #                    "title": "So I was thinking"}]}
-
       def as_json(options = nil)
-        hash = serializable_hash(options)
-
-        if include_root_in_json
-          custom_root = options && options[:root]
-          hash = { custom_root || self.class.model_name.element => hash }
+        root = include_root_in_json
+        root = options[:root] if options.try(:key?, :root)
+        if root
+          root = self.class.model_name.element if root == true
+          { root => serializable_hash(options) }
+        else
+          serializable_hash(options)
         end
-
-        hash
       end
 
-      def from_json(json)
+      def from_json(json, include_root=include_root_in_json)
         hash = ActiveSupport::JSON.decode(json)
-        hash = hash.values.first if include_root_in_json
+        hash = hash.values.first if include_root
         self.attributes = hash
         self
       end

data/lib/active_model/serializers/xml.rb

@@ -15,10 +15,10 @@ module ActiveModel
         class Attribute #:nodoc:
           attr_reader :name, :value, :type
 
-          def initialize(name, serializable, raw_value=nil)
+          def initialize(name, serializable, value)
             @name, @serializable = name, serializable
-            raw_value = raw_value.in_time_zone if raw_value.respond_to?(:in_time_zone)
-            @value = raw_value || @serializable.send(name)
+            value  = value.in_time_zone if value.respond_to?(:in_time_zone)
+            @value = value
             @type  = compute_type
           end
 
@@ -49,40 +49,24 @@ module ActiveModel
         def initialize(serializable, options = nil)
           @serializable = serializable
           @options = options ? options.dup : {}
-
-          @options[:only] = Array.wrap(@options[:only]).map { |n| n.to_s }
-          @options[:except] = Array.wrap(@options[:except]).map { |n| n.to_s }
         end
 
-        # To replicate the behavior in ActiveRecord#attributes, <tt>:except</tt>
-        # takes precedence over <tt>:only</tt>.  If <tt>:only</tt> is not set
-        # for a N level model but is set for the N+1 level models,
-        # then because <tt>:except</tt> is set to a default value, the second
-        # level model can have both <tt>:except</tt> and <tt>:only</tt> set.  So if
-        # <tt>:only</tt> is set, always delete <tt>:except</tt>.
-        def attributes_hash
-          attributes = @serializable.attributes
-          if options[:only].any?
-            attributes.slice(*options[:only])
-          elsif options[:except].any?
-            attributes.except(*options[:except])
-          else
-            attributes
-          end
+        def serializable_hash
+          @serializable.serializable_hash(@options.except(:include))
         end
 
-        def serializable_attributes
-          attributes_hash.map do |name, value|
-            self.class::Attribute.new(name, @serializable, value)
+        def serializable_collection
+          methods = Array.wrap(options[:methods]).map(&:to_s)
+          serializable_hash.map do |name, value|
+            name = name.to_s
+            if methods.include?(name)
+              self.class::MethodAttribute.new(name, @serializable, value)
+            else
+              self.class::Attribute.new(name, @serializable, value)
+            end
           end
         end
 
-        def serializable_methods
-          Array.wrap(options[:methods]).map do |name|
-            self.class::MethodAttribute.new(name.to_s, @serializable) if @serializable.respond_to?(name.to_s)
-          end.compact
-        end
-
         def serialize
           require 'builder' unless defined? ::Builder
 
@@ -101,6 +85,7 @@ module ActiveModel
 
           @builder.tag!(*args) do
             add_attributes_and_methods
+            add_includes
             add_extra_behavior
             add_procs
             yield @builder if block_given?
@@ -113,13 +98,52 @@ module ActiveModel
         end
 
         def add_attributes_and_methods
-          (serializable_attributes + serializable_methods).each do |attribute|
+          serializable_collection.each do |attribute|
             key = ActiveSupport::XmlMini.rename_key(attribute.name, options)
             ActiveSupport::XmlMini.to_tag(key, attribute.value,
               options.merge(attribute.decorations))
           end
         end
 
+        def add_includes
+          @serializable.send(:serializable_add_includes, options) do |association, records, opts|
+            add_associations(association, records, opts)
+          end
+        end
+
+        # TODO This can likely be cleaned up to simple use ActiveSupport::XmlMini.to_tag as well.
+        def add_associations(association, records, opts)
+          merged_options = opts.merge(options.slice(:builder, :indent))
+          merged_options[:skip_instruct] = true
+
+          if records.is_a?(Enumerable)
+            tag  = ActiveSupport::XmlMini.rename_key(association.to_s, options)
+            type = options[:skip_types] ? { } : {:type => "array"}
+            association_name = association.to_s.singularize
+            merged_options[:root] = association_name
+
+            if records.empty?
+              @builder.tag!(tag, type)
+            else
+              @builder.tag!(tag, type) do
+                records.each do |record|
+                  if options[:skip_types]
+                    record_type = {}
+                  else
+                    record_class = (record.class.to_s.underscore == association_name) ? nil : record.class.name
+                    record_type = {:type => record_class}
+                  end
+
+                  record.to_xml merged_options.merge(record_type)
+                end
+              end
+            end
+          else
+            merged_options[:root] = association.to_s
+            records.to_xml(merged_options)
+          end
+        end
+
         def add_procs
           if procs = options.delete(:procs)
             Array.wrap(procs).each do |proc|