activemodel 3.2.22.5 → 4.0.0.beta1

data/lib/active_model/validations/with.rb

@@ -3,12 +3,14 @@ module ActiveModel
     module HelperMethods
       private
         def _merge_attributes(attr_names)
-          options = attr_names.extract_options!
-          options.merge(:attributes => attr_names.flatten)
+          options = attr_names.extract_options!.symbolize_keys
+          attr_names.flatten!
+          options[:attributes] = attr_names
+          options
         end
     end
 
-    class WithValidator < EachValidator
+    class WithValidator < EachValidator # :nodoc:
       def validate_each(record, attr, val)
         method_name = options[:with]
 
@@ -32,7 +34,7 @@ module ActiveModel
       #   class MyValidator < ActiveModel::Validator
       #     def validate(record)
       #       if some_complex_logic
-      #         record.errors.add :base, "This record is invalid"
+      #         record.errors.add :base, 'This record is invalid'
       #       end
       #     end
       #
@@ -46,29 +48,32 @@ module ActiveModel
       #
       #   class Person
       #     include ActiveModel::Validations
-      #     validates_with MyValidator, MyOtherValidator, :on => :create
+      #     validates_with MyValidator, MyOtherValidator, on: :create
       #   end
       #
       # Configuration options:
       # * <tt>:on</tt> - Specifies when this validation is active
-      #   (<tt>:create</tt> or <tt>:update</tt>
+      #   (<tt>:create</tt> or <tt>:update</tt>.
       # * <tt>:if</tt> - Specifies a method, proc or string to call to determine
-      #   if the validation should occur (e.g. <tt>:if => :allow_validation</tt>,
-      #   or <tt>:if => Proc.new { |user| user.signup_step > 2 }</tt>). The method,
-      #   proc or string should return or evaluate to a true or false value.
-      # * <tt>:unless</tt> - Specifies a method, proc or string to call to determine
-      #   if the validation should not occur (e.g. <tt>:unless => :skip_validation</tt>,
-      #   or <tt>:unless => Proc.new { |user| user.signup_step <= 2 }</tt>). The method,
-      #   proc or string should return or evaluate to a true or false value.
-      # * <tt>:strict</tt> - Specifies whether validation should be strict. 
+      #   if the validation should occur (e.g. <tt>if: :allow_validation</tt>,
+      #   or <tt>if: Proc.new { |user| user.signup_step > 2 }</tt>).
+      #   The method, proc or string should return or evaluate to a +true+ or
+      #   +false+ value.
+      # * <tt>:unless</tt> - Specifies a method, proc or string to call to
+      #   determine if the validation should not occur
+      #   (e.g. <tt>unless: :skip_validation</tt>, or
+      #   <tt>unless: Proc.new { |user| user.signup_step <= 2 }</tt>).
+      #   The method, proc or string should return or evaluate to a +true+ or
+      #   +false+ value.
+      # * <tt>:strict</tt> - Specifies whether validation should be strict.
       #   See <tt>ActiveModel::Validation#validates!</tt> for more information.
-
+      #
       # If you pass any additional configuration options, they will be passed
-      # to the class and available as <tt>options</tt>:
+      # to the class and available as +options+:
       #
       #   class Person
       #     include ActiveModel::Validations
-      #     validates_with MyValidator, :my_custom_key => "my custom value"
+      #     validates_with MyValidator, my_custom_key: 'my custom value'
       #   end
       #
       #   class MyValidator < ActiveModel::Validator
@@ -116,20 +121,20 @@ module ActiveModel
     #   class Person
     #     include ActiveModel::Validations
     #
-    #     validate :instance_validations, :on => :create
+    #     validate :instance_validations, on: :create
     #
     #     def instance_validations
     #       validates_with MyValidator, MyOtherValidator
     #     end
     #   end
     #
-    # Standard configuration options (:on, :if and :unless), which are
-    # available on the class version of validates_with, should instead be
-    # placed on the <tt>validates</tt> method as these are applied and tested
-    # in the callback.
+    # Standard configuration options (<tt>:on</tt>, <tt>:if</tt> and
+    # <tt>:unless</tt>), which are available on the class version of
+    # +validates_with+, should instead be placed on the +validates+ method
+    # as these are applied and tested in the callback.
     #
     # If you pass any additional configuration options, they will be passed
-    # to the class and available as <tt>options</tt>, please refer to the
+    # to the class and available as +options+, please refer to the
     # class version of this method for more information.
     def validates_with(*args, &block)
       options = args.extract_options!

data/lib/active_model/validator.rb

@@ -1,11 +1,8 @@
-require 'active_support/core_ext/array/wrap'
 require "active_support/core_ext/module/anonymous"
-require 'active_support/core_ext/object/blank'
-require 'active_support/core_ext/object/inclusion'
 
-module ActiveModel #:nodoc:
+module ActiveModel
 
-  # == Active Model Validator
+  # == Active \Model \Validator
   #
   # A simple base class that can be used along with
   # ActiveModel::Validations::ClassMethods.validates_with
@@ -29,7 +26,7 @@ module ActiveModel #:nodoc:
   #   end
   #
   # Any class that inherits from ActiveModel::Validator must implement a method
-  # called <tt>validate</tt> which accepts a <tt>record</tt>.
+  # called +validate+ which accepts a +record+.
   #
   #   class Person
   #     include ActiveModel::Validations
@@ -43,8 +40,8 @@ module ActiveModel #:nodoc:
   #     end
   #   end
   #
-  # To cause a validation error, you must add to the <tt>record</tt>'s errors directly
-  # from within the validators message
+  # To cause a validation error, you must add to the +record+'s errors directly
+  # from within the validators message.
   #
   #   class MyValidator < ActiveModel::Validator
   #     def validate(record)
@@ -63,29 +60,31 @@ module ActiveModel #:nodoc:
   #     end
   #   end
   #
+  # Note that the validator is initialized only once for the whole application
+  # lifecycle, and not on each validation run.
+  #
   # The easiest way to add custom validators for validating individual attributes
-  # is with the convenient <tt>ActiveModel::EachValidator</tt>. For example:
+  # is with the convenient <tt>ActiveModel::EachValidator</tt>.
   #
   #   class TitleValidator < ActiveModel::EachValidator
   #     def validate_each(record, attribute, value)
-  #       record.errors.add attribute, 'must be Mr. Mrs. or Dr.' unless value.in?(['Mr.', 'Mrs.', 'Dr.'])
+  #       record.errors.add attribute, 'must be Mr., Mrs., or Dr.' unless %w(Mr. Mrs. Dr.).include?(value)
   #     end
   #   end
   #
   # This can now be used in combination with the +validates+ method
-  # (see <tt>ActiveModel::Validations::ClassMethods.validates</tt> for more on this)
+  # (see <tt>ActiveModel::Validations::ClassMethods.validates</tt> for more on this).
   #
   #   class Person
   #     include ActiveModel::Validations
   #     attr_accessor :title
   #
-  #     validates :title, :presence => true
+  #     validates :title, presence: true
   #   end
   #
   # Validator may also define a +setup+ instance method which will get called
   # with the class that using that validator as its argument. This can be
-  # useful when there are prerequisites such as an +attr_accessor+ being present
-  # for example:
+  # useful when there are prerequisites such as an +attr_accessor+ being present.
   #
   #   class MyValidator < ActiveModel::Validator
   #     def setup(klass)
@@ -95,25 +94,26 @@ module ActiveModel #:nodoc:
   #
   # This setup method is only called when used with validation macros or the
   # class level <tt>validates_with</tt> method.
-  #
   class Validator
     attr_reader :options
 
-    # Returns the kind of the validator. Examples:
+    # Returns the kind of the validator.
     #
     #   PresenceValidator.kind   # => :presence
     #   UniquenessValidator.kind # => :uniqueness
-    #
     def self.kind
       @kind ||= name.split('::').last.underscore.sub(/_validator$/, '').to_sym unless anonymous?
     end
 
     # Accepts options that will be made available through the +options+ reader.
-    def initialize(options)
+    def initialize(options = {})
       @options = options.freeze
     end
 
     # Return the kind for this validator.
+    #
+    #   PresenceValidator.new.kind   # => :presence
+    #   UniquenessValidator.new.kind # => :uniqueness
     def kind
       self.class.kind
     end
@@ -130,15 +130,15 @@ module ActiveModel #:nodoc:
   # record, attribute and value.
   #
   # All Active Model validations are built on top of this validator.
-  class EachValidator < Validator
+  class EachValidator < Validator #:nodoc:
     attr_reader :attributes
 
     # Returns a new validator instance. All options will be available via the
     # +options+ reader, however the <tt>:attributes</tt> option will be removed
     # and instead be made available through the +attributes+ reader.
     def initialize(options)
-      @attributes = Array.wrap(options.delete(:attributes))
-      raise ":attributes cannot be blank" if @attributes.empty?
+      @attributes = Array(options.delete(:attributes))
+      raise ArgumentError, ":attributes cannot be blank" if @attributes.empty?
       super
       check_validity!
     end
@@ -169,7 +169,7 @@ module ActiveModel #:nodoc:
 
   # +BlockValidator+ is a special +EachValidator+ which receives a block on initialization
   # and call this block for each attribute being validated. +validates_each+ uses this validator.
-  class BlockValidator < EachValidator
+  class BlockValidator < EachValidator #:nodoc:
     def initialize(options, &block)
       @block = block
       super

data/lib/active_model/version.rb

@@ -1,9 +1,9 @@
 module ActiveModel
   module VERSION #:nodoc:
-    MAJOR = 3
-    MINOR = 2
-    TINY  = 22
-    PRE   = "5"
+    MAJOR = 4
+    MINOR = 0
+    TINY  = 0
+    PRE   = "beta1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: activemodel
 version: !ruby/object:Gem::Version
-  version: 3.2.22.5
+  version: 4.0.0.beta1
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-14 00:00:00.000000000 Z
+date: 2013-02-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -16,31 +16,31 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.22.5
+        version: 4.0.0.beta1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 3.2.22.5
+        version: 4.0.0.beta1
 - !ruby/object:Gem::Dependency
   name: builder
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 3.0.0
+        version: 3.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ~>
       - !ruby/object:Gem::Version
-        version: 3.0.0
-description: A toolkit for building modeling frameworks like Active Record and Active
-  Resource. Rich support for attributes, callbacks, validations, observers, serialization,
-  internationalization, and testing.
+        version: 3.1.0
+description: A toolkit for building modeling frameworks like Active Record. Rich support
+  for attributes, callbacks, validations, observers, serialization, internationalization,
+  and testing.
 email: david@loudthinking.com
 executables: []
 extensions: []
@@ -49,20 +49,17 @@ files:
 - CHANGELOG.md
 - MIT-LICENSE
 - README.rdoc
-- lib/active_model.rb
 - lib/active_model/attribute_methods.rb
 - lib/active_model/callbacks.rb
 - lib/active_model/conversion.rb
+- lib/active_model/deprecated_mass_assignment_security.rb
 - lib/active_model/dirty.rb
 - lib/active_model/errors.rb
+- lib/active_model/forbidden_attributes_protection.rb
 - lib/active_model/lint.rb
 - lib/active_model/locale/en.yml
-- lib/active_model/mass_assignment_security.rb
-- lib/active_model/mass_assignment_security/permission_set.rb
-- lib/active_model/mass_assignment_security/sanitizer.rb
+- lib/active_model/model.rb
 - lib/active_model/naming.rb
-- lib/active_model/observer_array.rb
-- lib/active_model/observing.rb
 - lib/active_model/railtie.rb
 - lib/active_model/secure_password.rb
 - lib/active_model/serialization.rb
@@ -70,9 +67,10 @@ files:
 - lib/active_model/serializers/xml.rb
 - lib/active_model/test_case.rb
 - lib/active_model/translation.rb
-- lib/active_model/validations.rb
+- lib/active_model/validations/absence.rb
 - lib/active_model/validations/acceptance.rb
 - lib/active_model/validations/callbacks.rb
+- lib/active_model/validations/clusivity.rb
 - lib/active_model/validations/confirmation.rb
 - lib/active_model/validations/exclusion.rb
 - lib/active_model/validations/format.rb
@@ -82,8 +80,10 @@ files:
 - lib/active_model/validations/presence.rb
 - lib/active_model/validations/validates.rb
 - lib/active_model/validations/with.rb
+- lib/active_model/validations.rb
 - lib/active_model/validator.rb
 - lib/active_model/version.rb
+- lib/active_model.rb
 homepage: http://www.rubyonrails.org
 licenses:
 - MIT
@@ -94,19 +94,18 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>='
     - !ruby/object:Gem::Version
-      version: 1.8.7
+      version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.6
+rubygems_version: 2.0.0
 signing_key: 
 specification_version: 4
 summary: A toolkit for building modeling frameworks (part of Rails).
 test_files: []
-has_rdoc: 

data/lib/active_model/mass_assignment_security.rb

@@ -1,237 +0,0 @@
-require 'active_support/core_ext/class/attribute'
-require 'active_support/core_ext/string/inflections'
-require 'active_support/core_ext/array/wrap'
-require 'active_model/mass_assignment_security/permission_set'
-require 'active_model/mass_assignment_security/sanitizer'
-
-module ActiveModel
-  # = Active Model Mass-Assignment Security
-  module MassAssignmentSecurity
-    extend ActiveSupport::Concern
-
-    included do
-      class_attribute :_accessible_attributes
-      class_attribute :_protected_attributes
-      class_attribute :_active_authorizer
-
-      class_attribute :_mass_assignment_sanitizer
-      self.mass_assignment_sanitizer = :logger
-    end
-
-    # Mass assignment security provides an interface for protecting attributes
-    # from end-user assignment. For more complex permissions, mass assignment security
-    # may be handled outside the model by extending a non-ActiveRecord class,
-    # such as a controller, with this behavior.
-    #
-    # For example, a logged in user may need to assign additional attributes depending
-    # on their role:
-    #
-    #   class AccountsController < ApplicationController
-    #     include ActiveModel::MassAssignmentSecurity
-    #
-    #     attr_accessible :first_name, :last_name
-    #     attr_accessible :first_name, :last_name, :plan_id, :as => :admin
-    #
-    #     def update
-    #       ...
-    #       @account.update_attributes(account_params)
-    #       ...
-    #     end
-    #
-    #     protected
-    #
-    #     def account_params
-    #       role = admin ? :admin : :default
-    #       sanitize_for_mass_assignment(params[:account], role)
-    #     end
-    #
-    #   end
-    #
-    # = Configuration options
-    #
-    # * <tt>mass_assignment_sanitizer</tt> - Defines sanitize method. Possible values are:
-    #   * <tt>:logger</tt> (default) - writes filtered attributes to logger
-    #   * <tt>:strict</tt> - raise <tt>ActiveModel::MassAssignmentSecurity::Error</tt> on any protected attribute update
-    #
-    # You can specify your own sanitizer object eg. MySanitizer.new.
-    # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for example implementation.
-    #
-    # 
-    module ClassMethods
-      # Attributes named in this macro are protected from mass-assignment
-      # whenever attributes are sanitized before assignment. A role for the
-      # attributes is optional, if no role is provided then :default is used.
-      # A role can be defined by using the :as option.
-      #
-      # Mass-assignment to these attributes will simply be ignored, to assign
-      # to them you can use direct writer methods. This is meant to protect
-      # sensitive attributes from being overwritten by malicious users
-      # tampering with URLs or forms. Example:
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :credit_rating
-      #
-      #     attr_protected :credit_rating, :last_login
-      #     attr_protected :last_login, :as => :admin
-      #
-      #     def assign_attributes(values, options = {})
-      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
-      #         send("#{k}=", v)
-      #       end
-      #     end
-      #   end
-      #
-      # When using the :default role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => nil
-      #   customer.last_login    # => nil
-      #
-      #   customer.credit_rating = "Average"
-      #   customer.credit_rating # => "Average"
-      #
-      # And using the :admin role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => "Excellent"
-      #   customer.last_login    # => nil
-      #
-      # To start from an all-closed default and enable attributes as needed,
-      # have a look at +attr_accessible+.
-      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
-      # +attr_protected+ to sanitize attributes provides basically the same
-      # functionality, but it makes a bit tricky to deal with nested attributes.
-      def attr_protected(*args)
-        options = args.extract_options!
-        role = options[:as] || :default
-
-        self._protected_attributes = protected_attributes_configs.dup
-
-        Array.wrap(role).each do |name|
-          self._protected_attributes[name] = self.protected_attributes(name) + args
-        end
-
-        self._active_authorizer = self._protected_attributes
-      end
-
-      # Specifies a white list of model attributes that can be set via
-      # mass-assignment.
-      #
-      # Like +attr_protected+, a role for the attributes is optional,
-      # if no role is provided then :default is used. A role can be defined by
-      # using the :as option.
-      #
-      # This is the opposite of the +attr_protected+ macro: Mass-assignment
-      # will only set attributes in this list, to assign to the rest of
-      # attributes you can use direct writer methods. This is meant to protect
-      # sensitive attributes from being overwritten by malicious users
-      # tampering with URLs or forms. If you'd rather start from an all-open
-      # default and restrict attributes as needed, have a look at
-      # +attr_protected+.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :credit_rating
-      #
-      #     attr_accessible :name
-      #     attr_accessible :name, :credit_rating, :as => :admin
-      #
-      #     def assign_attributes(values, options = {})
-      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
-      #         send("#{k}=", v)
-      #       end
-      #     end
-      #   end
-      #
-      # When using the :default role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :default)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => nil
-      #
-      #   customer.credit_rating = "Average"
-      #   customer.credit_rating # => "Average"
-      #
-      # And using the :admin role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ "name" => "David", "credit_rating" => "Excellent", :last_login => 1.day.ago }, :as => :admin)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => "Excellent"
-      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
-      # +attr_accessible+ to sanitize attributes provides basically the same
-      # functionality, but it makes a bit tricky to deal with nested attributes.
-      def attr_accessible(*args)
-        options = args.extract_options!
-        role = options[:as] || :default
-
-        self._accessible_attributes = accessible_attributes_configs.dup
-
-        Array.wrap(role).each do |name|
-          self._accessible_attributes[name] = self.accessible_attributes(name) + args
-        end
-
-        self._active_authorizer = self._accessible_attributes
-      end
-
-      def protected_attributes(role = :default)
-        protected_attributes_configs[role]
-      end
-
-      def accessible_attributes(role = :default)
-        accessible_attributes_configs[role]
-      end
-
-      def active_authorizers
-        self._active_authorizer ||= protected_attributes_configs
-      end
-      alias active_authorizer active_authorizers
-
-      def attributes_protected_by_default
-        []
-      end
-
-      def mass_assignment_sanitizer=(value)
-        self._mass_assignment_sanitizer = if value.is_a?(Symbol)
-          const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
-        else
-          value
-        end
-      end
-
-      private
-
-      def protected_attributes_configs
-        self._protected_attributes ||= begin
-          Hash.new { |h,k| h[k] = BlackList.new(attributes_protected_by_default) }
-        end
-      end
-
-      def accessible_attributes_configs
-        self._accessible_attributes ||= begin
-          Hash.new { |h,k| h[k] = WhiteList.new }
-        end
-      end
-    end
-
-  protected
-
-    def sanitize_for_mass_assignment(attributes, role = nil)
-      _mass_assignment_sanitizer.sanitize(attributes, mass_assignment_authorizer(role))
-    end
-
-    def mass_assignment_authorizer(role)
-      self.class.active_authorizer[role || :default]
-    end
-  end
-end