ardm-rails 1.3.0 → 1.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +6 -3
- data/ardm-rails.gemspec +3 -3
- data/lib/dm-rails/mass_assignment_security.rb +32 -7
- data/lib/dm-rails/multiparameter_attributes.rb +1 -1
- data/lib/dm-rails/version.rb +1 -1
- data/spec/spec_helper.rb +1 -0
- data/spec/unit/mass_assignment_security_spec.rb +14 -3
- data/spec/unit/multiparameter_attributes_spec.rb +2 -2
- metadata +11 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1ab5215b9fd21d7a6f1fd98851112a1bdbdd01fe
|
4
|
+
data.tar.gz: 73cf4db29e9fd2b938fb514d04c8026ff5954165
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1919cc87c17b6f0552142e4d65dbd80ec53cde582d1c752979133d28c22ae23dec35ba31dac256dbfa39a861c4ab33718ed0483113a098b069aab48007e533d2
|
7
|
+
data.tar.gz: 8695b359d9ddbad6bdc96965ed268e257c8e09bf4e93d20ff54e6e3a59a85c3e85f2ca44f92f44f32fa3fdf1bc89b26fda57166de2f934793de47f8f58583fce
|
data/Gemfile
CHANGED
@@ -7,9 +7,9 @@ gemspec
|
|
7
7
|
SOURCE = ENV.fetch('SOURCE', :git).to_sym
|
8
8
|
REPO_POSTFIX = SOURCE == :path ? '' : '.git'
|
9
9
|
DATAMAPPER = SOURCE == :path ? Pathname(__FILE__).dirname.parent : 'http://github.com/ar-dm'
|
10
|
-
DM_VERSION = '~> 1.2
|
10
|
+
DM_VERSION = '~> 1.2'
|
11
11
|
DO_VERSION = '~> 0.10.12'
|
12
|
-
RAILS_VERSION =
|
12
|
+
RAILS_VERSION = '~> 4.0'
|
13
13
|
DM_DO_ADAPTERS = %w[ sqlite postgres mysql oracle sqlserver ]
|
14
14
|
CURRENT_BRANCH = ENV.fetch('GIT_BRANCH', 'master')
|
15
15
|
|
@@ -20,7 +20,10 @@ gem 'ardm-active_model', DM_VERSION, SOURCE => "#{DATAMAPPER}/ardm-active_model#
|
|
20
20
|
# Rails dependencies
|
21
21
|
gem 'actionpack', RAILS_VERSION, :require => 'action_pack'
|
22
22
|
gem 'railties', RAILS_VERSION, :require => 'rails'
|
23
|
-
|
23
|
+
|
24
|
+
group :protected_attributes do
|
25
|
+
gem 'protected_attributes'
|
26
|
+
end
|
24
27
|
|
25
28
|
group :datamapper do
|
26
29
|
adapters = ENV['ADAPTER'] || ENV['ADAPTERS']
|
data/ardm-rails.gemspec
CHANGED
@@ -18,9 +18,9 @@ Gem::Specification.new do |gem|
|
|
18
18
|
gem.require_paths = ["lib"]
|
19
19
|
|
20
20
|
gem.add_runtime_dependency 'ardm-core', '~> 1.2'
|
21
|
-
gem.add_runtime_dependency 'ardm-active_model', '~> 1.
|
22
|
-
gem.add_runtime_dependency 'actionpack', '
|
23
|
-
gem.add_runtime_dependency 'railties', '
|
21
|
+
gem.add_runtime_dependency 'ardm-active_model', '~> 1.3'
|
22
|
+
gem.add_runtime_dependency 'actionpack', '~> 4.0'
|
23
|
+
gem.add_runtime_dependency 'railties', '~> 4.0'
|
24
24
|
|
25
25
|
gem.add_development_dependency 'rake', '~> 0.9'
|
26
26
|
gem.add_development_dependency 'rspec', '~> 1.3'
|
@@ -3,25 +3,50 @@ require 'active_support/core_ext/class/attribute'
|
|
3
3
|
require 'active_support/concern'
|
4
4
|
require 'active_model'
|
5
5
|
|
6
|
-
|
6
|
+
begin
|
7
|
+
require 'protected_attributes'
|
8
|
+
rescue LoadError
|
9
|
+
module DataMapper
|
10
|
+
# In rails ~> 4.0, protected_attributes must be required to use this feature.
|
11
|
+
# By requiring it here, we avoid gem load order problems that would cause
|
12
|
+
# the module to not exist if protected attributes was loaded after dm-rails.
|
13
|
+
#
|
14
|
+
# Also this dummy module is inserted to avoid throwing a useless error when the
|
15
|
+
# module would otherwise not exist. This is less mysterious than some part of
|
16
|
+
# the DataMapper code just going missing because you didn't add
|
17
|
+
# protected_attributes to your Gemfile.
|
18
|
+
module MassAssignmentSecurity
|
19
|
+
extend ::ActiveSupport::Concern
|
20
|
+
|
21
|
+
included do
|
22
|
+
raise "Add 'protected_attributes' to your Gemfile to use DataMapper::MassAssignmentSecurity"
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
else
|
7
27
|
module ActiveModel
|
8
28
|
module MassAssignmentSecurity
|
9
|
-
# Provides a patched version of the Sanitizer used in
|
10
|
-
# and relationship objects as keys. There is no way to inject
|
11
|
-
# without reimplementing the permission sets.
|
29
|
+
# Provides a patched version of the Sanitizer used in protected_attributes to
|
30
|
+
# handle property and relationship objects as keys. There is no way to inject
|
31
|
+
# a custom sanitizer without reimplementing the permission sets.
|
12
32
|
Sanitizer.send(Sanitizer.is_a?(Module) ? :module_eval : :class_eval) do
|
13
33
|
# Returns all attributes not denied by the authorizer.
|
14
34
|
#
|
35
|
+
# @param [Class] klass
|
36
|
+
# Model class
|
15
37
|
# @param [Hash{Symbol,String,::DataMapper::Property,::DataMapper::Relationship=>Object}] attributes
|
16
38
|
# Names and values of attributes to sanitize.
|
39
|
+
# @param [#deny?] authorizer
|
40
|
+
# Usually a ActiveModel::MassAssignmentSecurity::PermissionSet responding to deny?
|
17
41
|
# @return [Hash]
|
18
42
|
# Sanitized hash of attributes.
|
19
|
-
def sanitize(attributes, authorizer
|
43
|
+
def sanitize(klass, attributes, authorizer)
|
44
|
+
rejected = []
|
20
45
|
sanitized_attributes = attributes.reject do |key, value|
|
21
46
|
key_name = key.name rescue key
|
22
|
-
|
47
|
+
rejected << key_name if authorizer.deny?(key_name)
|
23
48
|
end
|
24
|
-
|
49
|
+
process_removed_attributes(klass, rejected) unless rejected.empty?
|
25
50
|
sanitized_attributes
|
26
51
|
end
|
27
52
|
end
|
data/lib/dm-rails/version.rb
CHANGED
data/spec/spec_helper.rb
CHANGED
@@ -5,9 +5,10 @@ begin
|
|
5
5
|
rescue LoadError
|
6
6
|
end
|
7
7
|
|
8
|
-
|
9
|
-
|
10
|
-
|
8
|
+
# Unfortunately, the only way to test both branches of this code is to
|
9
|
+
# bundle --without protected_attributes
|
10
|
+
# and then run the spec again.
|
11
|
+
if defined?(ActiveModel::MassAssignmentSecurity)
|
11
12
|
# Because mass-assignment security is based on ActiveModel we just have to
|
12
13
|
# ensure that ActiveModel is called.
|
13
14
|
describe DataMapper::MassAssignmentSecurity do
|
@@ -48,4 +49,14 @@ if defined?(DataMapper::MassAssignmentSecurity)
|
|
48
49
|
end
|
49
50
|
end
|
50
51
|
end
|
52
|
+
else
|
53
|
+
describe DataMapper::MassAssignmentSecurity do
|
54
|
+
it "raises if the DataMapper::MassAssignmentSecurity is included" do
|
55
|
+
expect {
|
56
|
+
class Fake
|
57
|
+
include ::DataMapper::MassAssignmentSecurity
|
58
|
+
end
|
59
|
+
}.to raise_error("Add 'protected_attributes' to your Gemfile to use DataMapper::MassAssignmentSecurity")
|
60
|
+
end
|
61
|
+
end
|
51
62
|
end
|
@@ -108,7 +108,7 @@ describe Rails::DataMapper::MultiparameterAttributes do
|
|
108
108
|
and_return(attributes['composite'])
|
109
109
|
|
110
110
|
composite_property = mock(::DataMapper::Property)
|
111
|
-
composite_property.stub!(:
|
111
|
+
composite_property.stub!(:primitive).and_return(::Rails::DataMapper::Models::Composite)
|
112
112
|
|
113
113
|
resource = ::Rails::DataMapper::Models::Fake.new
|
114
114
|
resource.stub!(:properties).and_return('composite' => composite_property)
|
@@ -127,7 +127,7 @@ describe Rails::DataMapper::MultiparameterAttributes do
|
|
127
127
|
should_receive(:new).with('a string').and_raise(composite_exception)
|
128
128
|
|
129
129
|
composite_property = mock(::DataMapper::Property)
|
130
|
-
composite_property.stub!(:
|
130
|
+
composite_property.stub!(:primitive).and_return(::Rails::DataMapper::Models::Composite)
|
131
131
|
|
132
132
|
resource = ::Rails::DataMapper::Models::Fake.new
|
133
133
|
resource.stub!(:properties).and_return('composite' => composite_property)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ardm-rails
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.3.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Martin Emde
|
@@ -32,54 +32,42 @@ dependencies:
|
|
32
32
|
requirements:
|
33
33
|
- - "~>"
|
34
34
|
- !ruby/object:Gem::Version
|
35
|
-
version: '1.
|
35
|
+
version: '1.3'
|
36
36
|
type: :runtime
|
37
37
|
prerelease: false
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '1.
|
42
|
+
version: '1.3'
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: actionpack
|
45
45
|
requirement: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
|
-
- - "
|
48
|
-
- !ruby/object:Gem::Version
|
49
|
-
version: '3.0'
|
50
|
-
- - "<"
|
47
|
+
- - "~>"
|
51
48
|
- !ruby/object:Gem::Version
|
52
|
-
version: '
|
49
|
+
version: '4.0'
|
53
50
|
type: :runtime
|
54
51
|
prerelease: false
|
55
52
|
version_requirements: !ruby/object:Gem::Requirement
|
56
53
|
requirements:
|
57
|
-
- - "
|
58
|
-
- !ruby/object:Gem::Version
|
59
|
-
version: '3.0'
|
60
|
-
- - "<"
|
54
|
+
- - "~>"
|
61
55
|
- !ruby/object:Gem::Version
|
62
|
-
version: '
|
56
|
+
version: '4.0'
|
63
57
|
- !ruby/object:Gem::Dependency
|
64
58
|
name: railties
|
65
59
|
requirement: !ruby/object:Gem::Requirement
|
66
60
|
requirements:
|
67
|
-
- - "
|
68
|
-
- !ruby/object:Gem::Version
|
69
|
-
version: '3.0'
|
70
|
-
- - "<"
|
61
|
+
- - "~>"
|
71
62
|
- !ruby/object:Gem::Version
|
72
|
-
version: '
|
63
|
+
version: '4.0'
|
73
64
|
type: :runtime
|
74
65
|
prerelease: false
|
75
66
|
version_requirements: !ruby/object:Gem::Requirement
|
76
67
|
requirements:
|
77
|
-
- - "
|
78
|
-
- !ruby/object:Gem::Version
|
79
|
-
version: '3.0'
|
80
|
-
- - "<"
|
68
|
+
- - "~>"
|
81
69
|
- !ruby/object:Gem::Version
|
82
|
-
version: '
|
70
|
+
version: '4.0'
|
83
71
|
- !ruby/object:Gem::Dependency
|
84
72
|
name: rake
|
85
73
|
requirement: !ruby/object:Gem::Requirement
|