ardm-rails 1.3.0 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -3
- data/ardm-rails.gemspec +3 -3
- data/lib/dm-rails/mass_assignment_security.rb +32 -7
- data/lib/dm-rails/multiparameter_attributes.rb +1 -1
- data/lib/dm-rails/version.rb +1 -1
- data/spec/spec_helper.rb +1 -0
- data/spec/unit/mass_assignment_security_spec.rb +14 -3
- data/spec/unit/multiparameter_attributes_spec.rb +2 -2
- metadata +11 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ab5215b9fd21d7a6f1fd98851112a1bdbdd01fe
|
4
|
+
data.tar.gz: 73cf4db29e9fd2b938fb514d04c8026ff5954165
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1919cc87c17b6f0552142e4d65dbd80ec53cde582d1c752979133d28c22ae23dec35ba31dac256dbfa39a861c4ab33718ed0483113a098b069aab48007e533d2
|
7
|
+
data.tar.gz: 8695b359d9ddbad6bdc96965ed268e257c8e09bf4e93d20ff54e6e3a59a85c3e85f2ca44f92f44f32fa3fdf1bc89b26fda57166de2f934793de47f8f58583fce
|
data/Gemfile
CHANGED
@@ -7,9 +7,9 @@ gemspec
|
|
7
7
|
SOURCE = ENV.fetch('SOURCE', :git).to_sym
|
8
8
|
REPO_POSTFIX = SOURCE == :path ? '' : '.git'
|
9
9
|
DATAMAPPER = SOURCE == :path ? Pathname(__FILE__).dirname.parent : 'http://github.com/ar-dm'
|
10
|
-
DM_VERSION = '~> 1.2
|
10
|
+
DM_VERSION = '~> 1.2'
|
11
11
|
DO_VERSION = '~> 0.10.12'
|
12
|
-
RAILS_VERSION =
|
12
|
+
RAILS_VERSION = '~> 4.0'
|
13
13
|
DM_DO_ADAPTERS = %w[ sqlite postgres mysql oracle sqlserver ]
|
14
14
|
CURRENT_BRANCH = ENV.fetch('GIT_BRANCH', 'master')
|
15
15
|
|
@@ -20,7 +20,10 @@ gem 'ardm-active_model', DM_VERSION, SOURCE => "#{DATAMAPPER}/ardm-active_model#
|
|
20
20
|
# Rails dependencies
|
21
21
|
gem 'actionpack', RAILS_VERSION, :require => 'action_pack'
|
22
22
|
gem 'railties', RAILS_VERSION, :require => 'rails'
|
23
|
-
|
23
|
+
|
24
|
+
group :protected_attributes do
|
25
|
+
gem 'protected_attributes'
|
26
|
+
end
|
24
27
|
|
25
28
|
group :datamapper do
|
26
29
|
adapters = ENV['ADAPTER'] || ENV['ADAPTERS']
|
data/ardm-rails.gemspec
CHANGED
@@ -18,9 +18,9 @@ Gem::Specification.new do |gem|
|
|
18
18
|
gem.require_paths = ["lib"]
|
19
19
|
|
20
20
|
gem.add_runtime_dependency 'ardm-core', '~> 1.2'
|
21
|
-
gem.add_runtime_dependency 'ardm-active_model', '~> 1.
|
22
|
-
gem.add_runtime_dependency 'actionpack', '
|
23
|
-
gem.add_runtime_dependency 'railties', '
|
21
|
+
gem.add_runtime_dependency 'ardm-active_model', '~> 1.3'
|
22
|
+
gem.add_runtime_dependency 'actionpack', '~> 4.0'
|
23
|
+
gem.add_runtime_dependency 'railties', '~> 4.0'
|
24
24
|
|
25
25
|
gem.add_development_dependency 'rake', '~> 0.9'
|
26
26
|
gem.add_development_dependency 'rspec', '~> 1.3'
|
@@ -3,25 +3,50 @@ require 'active_support/core_ext/class/attribute'
|
|
3
3
|
require 'active_support/concern'
|
4
4
|
require 'active_model'
|
5
5
|
|
6
|
-
|
6
|
+
begin
|
7
|
+
require 'protected_attributes'
|
8
|
+
rescue LoadError
|
9
|
+
module DataMapper
|
10
|
+
# In rails ~> 4.0, protected_attributes must be required to use this feature.
|
11
|
+
# By requiring it here, we avoid gem load order problems that would cause
|
12
|
+
# the module to not exist if protected attributes was loaded after dm-rails.
|
13
|
+
#
|
14
|
+
# Also this dummy module is inserted to avoid throwing a useless error when the
|
15
|
+
# module would otherwise not exist. This is less mysterious than some part of
|
16
|
+
# the DataMapper code just going missing because you didn't add
|
17
|
+
# protected_attributes to your Gemfile.
|
18
|
+
module MassAssignmentSecurity
|
19
|
+
extend ::ActiveSupport::Concern
|
20
|
+
|
21
|
+
included do
|
22
|
+
raise "Add 'protected_attributes' to your Gemfile to use DataMapper::MassAssignmentSecurity"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
else
|
7
27
|
module ActiveModel
|
8
28
|
module MassAssignmentSecurity
|
9
|
-
# Provides a patched version of the Sanitizer used in
|
10
|
-
# and relationship objects as keys. There is no way to inject
|
11
|
-
# without reimplementing the permission sets.
|
29
|
+
# Provides a patched version of the Sanitizer used in protected_attributes to
|
30
|
+
# handle property and relationship objects as keys. There is no way to inject
|
31
|
+
# a custom sanitizer without reimplementing the permission sets.
|
12
32
|
Sanitizer.send(Sanitizer.is_a?(Module) ? :module_eval : :class_eval) do
|
13
33
|
# Returns all attributes not denied by the authorizer.
|
14
34
|
#
|
35
|
+
# @param [Class] klass
|
36
|
+
# Model class
|
15
37
|
# @param [Hash{Symbol,String,::DataMapper::Property,::DataMapper::Relationship=>Object}] attributes
|
16
38
|
# Names and values of attributes to sanitize.
|
39
|
+
# @param [#deny?] authorizer
|
40
|
+
# Usually a ActiveModel::MassAssignmentSecurity::PermissionSet responding to deny?
|
17
41
|
# @return [Hash]
|
18
42
|
# Sanitized hash of attributes.
|
19
|
-
def sanitize(attributes, authorizer
|
43
|
+
def sanitize(klass, attributes, authorizer)
|
44
|
+
rejected = []
|
20
45
|
sanitized_attributes = attributes.reject do |key, value|
|
21
46
|
key_name = key.name rescue key
|
22
|
-
|
47
|
+
rejected << key_name if authorizer.deny?(key_name)
|
23
48
|
end
|
24
|
-
|
49
|
+
process_removed_attributes(klass, rejected) unless rejected.empty?
|
25
50
|
sanitized_attributes
|
26
51
|
end
|
27
52
|
end
|
data/lib/dm-rails/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
@@ -5,9 +5,10 @@ begin
|
|
5
5
|
rescue LoadError
|
6
6
|
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
# Unfortunately, the only way to test both branches of this code is to
|
9
|
+
# bundle --without protected_attributes
|
10
|
+
# and then run the spec again.
|
11
|
+
if defined?(ActiveModel::MassAssignmentSecurity)
|
11
12
|
# Because mass-assignment security is based on ActiveModel we just have to
|
12
13
|
# ensure that ActiveModel is called.
|
13
14
|
describe DataMapper::MassAssignmentSecurity do
|
@@ -48,4 +49,14 @@ if defined?(DataMapper::MassAssignmentSecurity)
|
|
48
49
|
end
|
49
50
|
end
|
50
51
|
end
|
52
|
+
else
|
53
|
+
describe DataMapper::MassAssignmentSecurity do
|
54
|
+
it "raises if the DataMapper::MassAssignmentSecurity is included" do
|
55
|
+
expect {
|
56
|
+
class Fake
|
57
|
+
include ::DataMapper::MassAssignmentSecurity
|
58
|
+
end
|
59
|
+
}.to raise_error("Add 'protected_attributes' to your Gemfile to use DataMapper::MassAssignmentSecurity")
|
60
|
+
end
|
61
|
+
end
|
51
62
|
end
|
@@ -108,7 +108,7 @@ describe Rails::DataMapper::MultiparameterAttributes do
|
|
108
108
|
and_return(attributes['composite'])
|
109
109
|
|
110
110
|
composite_property = mock(::DataMapper::Property)
|
111
|
-
composite_property.stub!(:
|
111
|
+
composite_property.stub!(:primitive).and_return(::Rails::DataMapper::Models::Composite)
|
112
112
|
|
113
113
|
resource = ::Rails::DataMapper::Models::Fake.new
|
114
114
|
resource.stub!(:properties).and_return('composite' => composite_property)
|
@@ -127,7 +127,7 @@ describe Rails::DataMapper::MultiparameterAttributes do
|
|
127
127
|
should_receive(:new).with('a string').and_raise(composite_exception)
|
128
128
|
|
129
129
|
composite_property = mock(::DataMapper::Property)
|
130
|
-
composite_property.stub!(:
|
130
|
+
composite_property.stub!(:primitive).and_return(::Rails::DataMapper::Models::Composite)
|
131
131
|
|
132
132
|
resource = ::Rails::DataMapper::Models::Fake.new
|
133
133
|
resource.stub!(:properties).and_return('composite' => composite_property)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ardm-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Emde
|
@@ -32,54 +32,42 @@ dependencies:
|
|
32
32
|
requirements:
|
33
33
|
- - "~>"
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: '1.
|
35
|
+
version: '1.3'
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '1.
|
42
|
+
version: '1.3'
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: actionpack
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
|
-
- - "
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: '3.0'
|
50
|
-
- - "<"
|
47
|
+
- - "~>"
|
51
48
|
- !ruby/object:Gem::Version
|
52
|
-
version: '
|
49
|
+
version: '4.0'
|
53
50
|
type: :runtime
|
54
51
|
prerelease: false
|
55
52
|
version_requirements: !ruby/object:Gem::Requirement
|
56
53
|
requirements:
|
57
|
-
- - "
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '3.0'
|
60
|
-
- - "<"
|
54
|
+
- - "~>"
|
61
55
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
56
|
+
version: '4.0'
|
63
57
|
- !ruby/object:Gem::Dependency
|
64
58
|
name: railties
|
65
59
|
requirement: !ruby/object:Gem::Requirement
|
66
60
|
requirements:
|
67
|
-
- - "
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '3.0'
|
70
|
-
- - "<"
|
61
|
+
- - "~>"
|
71
62
|
- !ruby/object:Gem::Version
|
72
|
-
version: '
|
63
|
+
version: '4.0'
|
73
64
|
type: :runtime
|
74
65
|
prerelease: false
|
75
66
|
version_requirements: !ruby/object:Gem::Requirement
|
76
67
|
requirements:
|
77
|
-
- - "
|
78
|
-
- !ruby/object:Gem::Version
|
79
|
-
version: '3.0'
|
80
|
-
- - "<"
|
68
|
+
- - "~>"
|
81
69
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
70
|
+
version: '4.0'
|
83
71
|
- !ruby/object:Gem::Dependency
|
84
72
|
name: rake
|
85
73
|
requirement: !ruby/object:Gem::Requirement
|