activerecord 3.0.4 → 3.0.5.rc1

data/CHANGELOG

@@ -1,4 +1,36 @@
-*Rails 3.0.4 (unreleased)*
+*Rails 3.0.5 (unreleased)*
+
+* Model.where(:column => 1).where(:column => 2) will always produce an AND
+query.
+
+  [Aaron Patterson]
+
+* Deprecated support for interpolated association conditions in the form of :conditions => 'foo = #{bar}'.
+
+  Instead, you should use a proc, like so:
+
+  Before:
+
+    has_many :things, :conditions => 'foo = #{bar}'
+
+  After:
+
+    has_many :things, :conditions => proc { "foo = #{bar}" }
+
+  Inside the proc, 'self' is the object which is the owner of the association, unless you are
+  eager loading the association, in which case 'self' is the class which the association is within.
+
+  You can have any "normal" conditions inside the proc, so the following will work too:
+
+    has_many :things, :conditions => proc { ["foo = ?", bar] }
+
+  Previously :insert_sql and :delete_sql on has_and_belongs_to_many association allowed you to call
+  'record' to get the record being inserted or deleted. This is now passed as an argument to
+  the proc.
+
+  [Jon Leighton]
+
+*Rails 3.0.4*
 
 * Added deprecation warning for has_and_belongs_to_many associations where the join table has
   additional attributes other than the keys. Access to these attributes is removed in 3.1.

data/lib/active_record/association_preload.rb

@@ -387,15 +387,27 @@ module ActiveRecord
         end
       end
 
-
-      def interpolate_sql_for_preload(sql)
-        instance_eval("%@#{sql.gsub('@', '\@')}@", __FILE__, __LINE__)
+      def process_conditions_for_preload(conditions, klass = self)
+        sanitized = klass.send(:sanitize_sql, conditions)
+
+        if sanitized =~ /\#\{.*\}/
+          ActiveSupport::Deprecation.warn(
+            'String-based interpolation of association conditions is deprecated. Please use a ' \
+            'proc instead. So, for example, has_many :older_friends, :conditions => \'age > #{age}\' ' \
+            'should be changed to has_many :older_friends, :conditions => proc { "age > #{age}" }.'
+          )
+          instance_eval("%@#{sanitized.gsub('@', '\@')}@", __FILE__, __LINE__)
+        elsif conditions.respond_to?(:to_proc)
+          klass.send(:sanitize_sql, instance_eval(&conditions))
+        else
+          sanitized
+        end
       end
 
       def append_conditions(reflection, preload_options)
         sql = ""
-        sql << " AND (#{interpolate_sql_for_preload(reflection.sanitized_conditions)})" if reflection.sanitized_conditions
-        sql << " AND (#{sanitize_sql preload_options[:conditions]})" if preload_options[:conditions]
+        sql << " AND (#{process_conditions_for_preload(reflection.options[:conditions], reflection.klass)})" if reflection.options[:conditions]
+        sql << " AND (#{process_conditions_for_preload(preload_options[:conditions])})" if preload_options[:conditions]
         sql
       end
 

data/lib/active_record/associations.rb

@@ -1416,8 +1416,8 @@ module ActiveRecord
         include Module.new {
           class_eval <<-RUBY, __FILE__, __LINE__ + 1
             def destroy                     # def destroy
-              #{reflection.name}.clear      #   posts.clear
               super                         #   super
+              #{reflection.name}.clear      #   posts.clear
             end                             # end
           RUBY
         }
@@ -2221,7 +2221,7 @@ module ActiveRecord
 
               [through_reflection, reflection].each do |ref|
                 if ref && ref.options[:conditions]
-                  @join << interpolate_sql(sanitize_sql(ref.options[:conditions], aliased_table_name))
+                  @join << process_conditions(ref.options[:conditions], aliased_table_name)
                 end
               end
 
@@ -2282,8 +2282,21 @@ module ActiveRecord
                 table_alias_for table_name, @aliased_table_name
               end
 
-              def interpolate_sql(sql)
-                instance_eval("%@#{sql.gsub('@', '\@')}@", __FILE__, __LINE__)
+              def process_conditions(conditions, table_name)
+                sanitized = sanitize_sql(conditions, table_name)
+
+                if sanitized =~ /\#\{.*\}/
+                  ActiveSupport::Deprecation.warn(
+                    'String-based interpolation of association conditions is deprecated. Please use a ' \
+                    'proc instead. So, for example, has_many :older_friends, :conditions => \'age > #{age}\' ' \
+                    'should be changed to has_many :older_friends, :conditions => proc { "age > #{age}" }.'
+                  )
+                  instance_eval("%@#{sanitized.gsub('@', '\@')}@", __FILE__, __LINE__)
+                elsif conditions.respond_to?(:to_proc)
+                  conditions = sanitize_sql(instance_eval(&conditions), table_name)
+                else
+                  sanitized
+                end
               end
           end
         end

data/lib/active_record/associations/association_collection.rb

@@ -185,9 +185,11 @@ module ActiveRecord
       def count(column_name = nil, options = {})
         column_name, options = nil, column_name if column_name.is_a?(Hash)
 
-        if @reflection.options[:counter_sql] && !options.blank?
-          raise ArgumentError, "If finder_sql/counter_sql is used then options cannot be passed"
-        elsif @reflection.options[:counter_sql]
+        if @reflection.options[:finder_sql] || @reflection.options[:counter_sql]
+          unless options.blank?
+            raise ArgumentError, "If finder_sql/counter_sql is used then options cannot be passed"
+          end
+
           @reflection.klass.count_by_sql(@counter_sql)
         else
 
@@ -379,11 +381,10 @@ module ActiveRecord
 
         def construct_counter_sql
           if @reflection.options[:counter_sql]
-            @counter_sql = interpolate_sql(@reflection.options[:counter_sql])
+            @counter_sql = interpolate_and_sanitize_sql(@reflection.options[:counter_sql])
           elsif @reflection.options[:finder_sql]
             # replace the SELECT clause with COUNT(*), preserving any hints within /* ... */
-            @reflection.options[:counter_sql] = @reflection.options[:finder_sql].sub(/SELECT\b(\/\*.*?\*\/ )?(.*)\bFROM\b/im) { "SELECT #{$1}COUNT(*) FROM" }
-            @counter_sql = interpolate_sql(@reflection.options[:counter_sql])
+            @counter_sql = interpolate_and_sanitize_sql(@reflection.options[:finder_sql]).sub(/SELECT\b(\/\*.*?\*\/ )?(.*)\bFROM\b/im) { "SELECT #{$1}COUNT(*) FROM" }
           else
             @counter_sql = @finder_sql
           end

data/lib/active_record/associations/association_proxy.rb

@@ -102,7 +102,7 @@ module ActiveRecord
       # Returns the SQL string that corresponds to the <tt>:conditions</tt>
       # option of the macro, if given, or +nil+ otherwise.
       def conditions
-        @conditions ||= interpolate_sql(@reflection.sanitized_conditions) if @reflection.sanitized_conditions
+        @conditions ||= @reflection.options[:conditions] && interpolate_and_sanitize_sql(@reflection.options[:conditions])
       end
       alias :sql_conditions :conditions
 
@@ -161,8 +161,8 @@ module ActiveRecord
           @reflection.options[:dependent]
         end
 
-        def interpolate_sql(sql, record = nil)
-          @owner.send(:interpolate_sql, sql, record)
+        def interpolate_and_sanitize_sql(sql, record = nil, sanitize_klass = @reflection.klass)
+          @owner.send(:interpolate_and_sanitize_sql, sql, record, sanitize_klass)
         end
 
         # Forwards the call to the reflection class.

data/lib/active_record/associations/belongs_to_polymorphic_association.rb

@@ -24,7 +24,7 @@ module ActiveRecord
       end
 
       def conditions
-       	@conditions ||= interpolate_sql(association_class.send(:sanitize_sql, @reflection.options[:conditions])) if @reflection.options[:conditions]
+        @conditions ||= @reflection.options[:conditions] && interpolate_and_sanitize_sql(@reflection.options[:conditions], nil, association_class)
       end
 
       private

data/lib/active_record/associations/has_and_belongs_to_many_association.rb

@@ -52,7 +52,7 @@ module ActiveRecord
           end
 
           if @reflection.options[:insert_sql]
-            @owner.connection.insert(interpolate_sql(@reflection.options[:insert_sql], record))
+            @owner.connection.insert(interpolate_and_sanitize_sql(@reflection.options[:insert_sql], record))
           else
             relation   = Arel::Table.new(@reflection.options[:join_table])
             timestamps = record_timestamp_columns(record)
@@ -81,7 +81,7 @@ module ActiveRecord
 
         def delete_records(records)
           if sql = @reflection.options[:delete_sql]
-            records.each { |record| @owner.connection.delete(interpolate_sql(sql, record)) }
+            records.each { |record| @owner.connection.delete(interpolate_and_sanitize_sql(sql, record)) }
           else
             relation = Arel::Table.new(@reflection.options[:join_table])
             relation.where(relation[@reflection.primary_key_name].eq(@owner.id).
@@ -92,7 +92,7 @@ module ActiveRecord
 
         def construct_sql
           if @reflection.options[:finder_sql]
-            @finder_sql = interpolate_sql(@reflection.options[:finder_sql])
+            @finder_sql = interpolate_and_sanitize_sql(@reflection.options[:finder_sql])
           else
             @finder_sql = "#{@owner.connection.quote_table_name @reflection.options[:join_table]}.#{@reflection.primary_key_name} = #{owner_quoted_id} "
             @finder_sql << " AND (#{conditions})" if conditions

data/lib/active_record/associations/has_many_association.rb

@@ -35,7 +35,7 @@ module ActiveRecord
         def count_records
           count = if has_cached_counter?
             @owner.send(:read_attribute, cached_counter_attribute_name)
-          elsif @reflection.options[:counter_sql]
+          elsif @reflection.options[:finder_sql] || @reflection.options[:counter_sql]
             @reflection.klass.count_by_sql(@counter_sql)
           else
             @reflection.klass.count(:conditions => @counter_sql, :include => @reflection.options[:include])
@@ -90,7 +90,7 @@ module ActiveRecord
         def construct_sql
           case
             when @reflection.options[:finder_sql]
-              @finder_sql = interpolate_sql(@reflection.options[:finder_sql])
+              @finder_sql = interpolate_and_sanitize_sql(@reflection.options[:finder_sql])
 
             when @reflection.options[:as]
               @finder_sql =

data/lib/active_record/associations/has_many_through_association.rb

@@ -87,7 +87,7 @@ module ActiveRecord
         def construct_sql
           case
             when @reflection.options[:finder_sql]
-              @finder_sql = interpolate_sql(@reflection.options[:finder_sql])
+              @finder_sql = interpolate_and_sanitize_sql(@reflection.options[:finder_sql])
 
               @finder_sql = "#{@reflection.quoted_table_name}.#{@reflection.primary_key_name} = #{owner_quoted_id}"
               @finder_sql << " AND (#{conditions})" if conditions

data/lib/active_record/associations/through_association_scope.rb

@@ -123,7 +123,7 @@ module ActiveRecord
           all = []
 
           [association_conditions, source_conditions].each do |conditions|
-            all << interpolate_sql(sanitize_sql(conditions)) if conditions
+            all << interpolate_and_sanitize_sql(conditions) if conditions
           end
 
           all << through_conditions  if through_conditions
@@ -136,11 +136,11 @@ module ActiveRecord
       def build_through_conditions
         conditions = @reflection.through_reflection.options[:conditions]
         if conditions.is_a?(Hash)
-          interpolate_sql(@reflection.through_reflection.klass.send(:sanitize_sql, conditions)).gsub(
+          interpolate_and_sanitize_sql(conditions, nil, @reflection.through_reflection.klass).gsub(
             @reflection.quoted_table_name,
             @reflection.through_reflection.quoted_table_name)
         elsif conditions
-          interpolate_sql(sanitize_sql(conditions))
+          interpolate_and_sanitize_sql(conditions)
         end
       end
 

data/lib/active_record/attribute_methods/time_zone_conversion.rb

@@ -37,12 +37,13 @@ module ActiveRecord
           def define_method_attribute=(attr_name)
             if create_time_zone_conversion_attribute?(attr_name, columns_hash[attr_name])
               method_body, line = <<-EOV, __LINE__ + 1
-                def #{attr_name}=(time)
+                def #{attr_name}=(original_time)
+                  time = original_time.dup unless original_time.nil?
                   unless time.acts_like?(:time)
                     time = time.is_a?(String) ? Time.zone.parse(time) : time.to_time rescue time
                   end
                   time = time.in_time_zone rescue nil if time
-                  write_attribute(:#{attr_name}, time)
+                  write_attribute(:#{attr_name}, (time || original_time))
                 end
               EOV
               generated_attribute_methods.module_eval(method_body, __FILE__, line)

data/lib/active_record/base.rb

@@ -879,8 +879,8 @@ module ActiveRecord #:nodoc:
       # It is recommended to use block form of unscoped because chaining unscoped with <tt>named_scope</tt>
       # does not work. Assuming that <tt>published</tt> is a <tt>named_scope</tt> following two statements are same.
       #
-      # Post.unscoped.published 
-      # Post.published 
+      # Post.unscoped.published
+      # Post.published
       def unscoped #:nodoc:
         block_given? ? relation.scoping { yield } : relation
       end
@@ -1606,7 +1606,7 @@ MSG
         self.class.columns_hash[name.to_s]
       end
 
-      # Returns true if +comparison_object+ is the same exact object, or +comparison_object+ 
+      # Returns true if +comparison_object+ is the same exact object, or +comparison_object+
       # is of the same type and +self+ has an ID and it is equal to +comparison_object.id+.
       #
       # Note that new records are different from any other record by definition, unless the
@@ -1730,10 +1730,21 @@ MSG
         self.class.connection.quote(value, column)
       end
 
-      # Interpolate custom SQL string in instance context.
-      # Optional record argument is meant for custom insert_sql.
-      def interpolate_sql(sql, record = nil)
-        instance_eval("%@#{sql.gsub('@', '\@')}@", __FILE__, __LINE__)
+      def interpolate_and_sanitize_sql(sql, record = nil, sanitize_klass = self.class)
+        sanitized = sanitize_klass.send(:sanitize_sql, sql)
+
+        if sanitized =~ /\#\{.*\}/
+          ActiveSupport::Deprecation.warn(
+            'String-based interpolation of association conditions is deprecated. Please use a ' \
+            'proc instead. So, for example, has_many :older_friends, :conditions => \'age > #{age}\' ' \
+            'should be changed to has_many :older_friends, :conditions => proc { "age > #{age}" }.'
+          )
+          instance_eval("%@#{sanitized.gsub('@', '\@')}@", __FILE__, __LINE__)
+        elsif sql.respond_to?(:to_proc)
+          sanitize_klass.send(:sanitize_sql, instance_exec(record, &sql))
+        else
+          sanitized
+        end
       end
 
       # Instantiates objects for all attribute classes that needs more than one constructor parameter. This is done

data/lib/active_record/connection_adapters/abstract/database_statements.rb

@@ -253,13 +253,17 @@ module ActiveRecord
 
       # Sanitizes the given LIMIT parameter in order to prevent SQL injection.
       #
-      # +limit+ may be anything that can evaluate to a string via #to_s. It
-      # should look like an integer, or a comma-delimited list of integers.
+      # The +limit+ may be anything that can evaluate to a string via #to_s. It
+      # should look like an integer, or a comma-delimited list of integers, or 
+      # an Arel SQL literal.
       #
+      # Returns Integer and Arel::Nodes::SqlLiteral limits as is. 
       # Returns the sanitized limit parameter, either as an integer, or as a
       # string which contains a comma-delimited list of integers.
       def sanitize_limit(limit)
-        if limit.to_s =~ /,/
+        if limit.is_a?(Integer) || limit.is_a?(Arel::Nodes::SqlLiteral)
+          limit
+        elsif limit.to_s =~ /,/
           Arel.sql limit.to_s.split(',').map{ |i| Integer(i) }.join(',')
         else
           Integer(limit)

data/lib/active_record/locking/pessimistic.rb

@@ -40,7 +40,7 @@ module ActiveRecord
     #
     # Database-specific information on row locking:
     #   MySQL: http://dev.mysql.com/doc/refman/5.1/en/innodb-locking-reads.html
-    #   PostgreSQL: http://www.postgresql.org/docs/8.1/interactive/sql-select.html#SQL-FOR-UPDATE-SHARE
+    #   PostgreSQL: http://www.postgresql.org/docs/current/interactive/sql-select.html#SQL-FOR-UPDATE-SHARE
     module Pessimistic
       # Obtain a row lock on this record. Reloads the record to obtain the requested
       # lock. Pass an SQL locking clause to append the end of the SELECT statement

data/lib/active_record/observer.rb

@@ -108,10 +108,17 @@ module ActiveRecord
 
       def define_callbacks(klass)
         observer = self
+        observer_name = observer.class.name.underscore.gsub('/', '__')
 
         ActiveRecord::Callbacks::CALLBACKS.each do |callback|
           next unless respond_to?(callback)
-          klass.send(callback){|record| observer.send(callback, record)}
+          callback_meth = :"_notify_#{observer_name}_for_#{callback}"
+          unless klass.respond_to?(callback_meth)
+            klass.send(:define_method, callback_meth) do
+              observer.send(callback, self)
+            end
+            klass.send(callback, callback_meth)
+          end
         end
       end
   end

data/lib/active_record/relation/calculations.rb

@@ -276,7 +276,7 @@ module ActiveRecord
       case operation
         when 'count'   then value.to_i
         when 'sum'     then type_cast_using_column(value || '0', column)
-        when 'average' then value.try(:to_d)
+        when 'average' then value.respond_to?(:to_d) ? value.to_d : value
         else type_cast_using_column(value, column)
       end
     end

data/lib/active_record/relation/query_methods.rb

@@ -206,7 +206,7 @@ module ActiveRecord
 
       groups.each do |_, eqls|
         test = eqls.inject(eqls.shift) do |memo, expr|
-          memo.or(expr)
+          memo.and(expr)
         end
         arel = arel.where(test)
       end

data/lib/active_record/relation/spawn_methods.rb

@@ -67,7 +67,10 @@ module ActiveRecord
       merged_relation
     end
 
-    alias :& :merge
+    def &(r)
+      ActiveSupport::Deprecation.warn "Using & to merge relations has been deprecated and will be removed in Rails 3.1. Please use the relation's merge method, instead"
+      merge(r)
+    end
 
     def except(*skips)
       result = self.class.new(@klass, table)

data/lib/active_record/version.rb

@@ -2,8 +2,8 @@ module ActiveRecord
   module VERSION #:nodoc:
     MAJOR = 3
     MINOR = 0
-    TINY  = 4
-    PRE   = nil
+    TINY  = 5
+    PRE   = "rc1"
 
     STRING = [MAJOR, MINOR, TINY, PRE].compact.join('.')
   end

metadata

@@ -1,13 +1,15 @@
 --- !ruby/object:Gem::Specification 
 name: activerecord
 version: !ruby/object:Gem::Version 
-  hash: 15
-  prerelease: false
+  hash: 15424095
+  prerelease: 6
   segments: 
   - 3
   - 0
-  - 4
-  version: 3.0.4
+  - 5
+  - rc
+  - 1
+  version: 3.0.5.rc1
 platform: ruby
 authors: 
 - David Heinemeier Hansson
@@ -15,7 +17,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-02-09 00:00:00 +13:00
+date: 2011-02-22 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -26,12 +28,14 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 15
+        hash: 15424095
         segments: 
         - 3
         - 0
-        - 4
-        version: 3.0.4
+        - 5
+        - rc
+        - 1
+        version: 3.0.5.rc1
   type: :runtime
   version_requirements: *id001
 - !ruby/object:Gem::Dependency 
@@ -42,12 +46,14 @@ dependencies:
     requirements: 
     - - "="
       - !ruby/object:Gem::Version 
-        hash: 15
+        hash: 15424095
         segments: 
         - 3
         - 0
-        - 4
-        version: 3.0.4
+        - 5
+        - rc
+        - 1
+        version: 3.0.5.rc1
   type: :runtime
   version_requirements: *id002
 - !ruby/object:Gem::Dependency 
@@ -208,16 +214,18 @@ required_ruby_version: !ruby/object:Gem::Requirement
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version 
-      hash: 3
+      hash: 25
       segments: 
-      - 0
-      version: "0"
+      - 1
+      - 3
+      - 1
+      version: 1.3.1
 requirements: []
 
 rubyforge_project: activerecord
-rubygems_version: 1.3.7
+rubygems_version: 1.5.2
 signing_key: 
 specification_version: 3
 summary: Object-relational mapper framework (part of Rails).