attribute_ext 1.3.0 → 1.4.0

data/.gitignore

@@ -0,0 +1,4 @@
+Gemfile.lock
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp

data/README.md

@@ -11,7 +11,7 @@ Install
 
 Just add the following to your Gemfile
 
-	gem 'attribute_ext'
+	gem 'attribute_ext', '~> 1.4'
 	
 and run `bundle` command.
 
@@ -43,8 +43,12 @@ user is an admin.
 Message text can not be mass assigned when post is locked.
 
 	class Message < ActiveRecord::Base
-	  safe_attributes :text, :unless => Proc.new { |msg| msg.locked? }
+	  safe_attributes :text, :unless => :locked?
+	  safe_attributes :body, :unless => Proc.new { |msg| msg.locked? }
 	end
+
+Symbol conditions will be send to current model object with no arguments.
+The two lines above are equivalent.
 	
 With Rails 3 a role can be given when creating or updating an model. This 
 role will also be available in SafeAttributes.
@@ -95,7 +99,7 @@ You can perform checks like this now:
 	  safe_attribute :email, :if => Proc.new { |user,role| user == role or role.admin? }
 	end
 	
-Now the user can edit there own emails or everyons email if it is an admin.
+Now a user can edit his own emails or all email if he is an admin.
 
 
 AttributeExt::HiddenAttributes

data/attribute_ext.gemspec

@@ -3,7 +3,7 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |s|
   s.name        = "attribute_ext"
-  s.version     = "1.3.0"
+  s.version     = "1.4.0"
   s.authors     = ["Jan Graichen"]
   s.email       = ["jan.graichen@altimos.de"]
   s.homepage    = "https://github.com/jgraichen/attribute_ext"
@@ -16,4 +16,8 @@ Gem::Specification.new do |s|
   s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
   s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
   s.require_paths = ["lib"]
+
+  s.add_development_dependency "rails", "~> 3.2.2"
+  s.add_development_dependency "sqlite3"
+  s.add_development_dependency "rspec-rails"
 end

data/lib/attribute_ext/hidden_attributes.rb

@@ -70,6 +70,7 @@ module AttributeExt
     def to_xml_with_hidden_attrs(options = nil, &block) # :nodoc:
       options ||= {}
       options[:except] = hidden_attribute_names(:xml, options)
+      options[:hidden_attributes_format] = :xml
       
       to_xml_without_hidden_attrs(options)
     end
@@ -85,7 +86,7 @@ module AttributeExt
     def serializable_hash_with_hidden_attrs(options = nil) # :nodoc:
       options ||= {}
       options[:except] = hidden_attribute_names((options[:hidden_attributes_format] || :hash), options)
-      
+
       serializable_hash_without_hidden_attrs(options)
     end
     
@@ -101,7 +102,7 @@ module AttributeExt
         names = options[:except]
       else
         names = []
-        names += options[:except] if options[:except]
+        names << options[:except] if options[:except]
       end
   
       self.class.hide_attributes.collect do |attrs, opts|

data/lib/attribute_ext/safe_attributes.rb

@@ -90,19 +90,29 @@ module AttributeExt
       def safe_attributes_opts(options)
         opts = { :as => [] }
         opts[:as]    += options[:as].is_a?(Array) ? options[:as] : [options[:as]] if options[:as]
-        opts[:if]     = options[:if] if options[:if].is_a?(Proc)
-        opts[:unless] = options[:unless] if options[:unless].is_a?(Proc)
+        opts[:if]     = options[:if] if options[:if].is_a?(Proc) or options[:if].is_a?(Symbol)
+        opts[:unless] = options[:unless] if options[:unless].is_a?(Proc) or options[:unless].is_a?(Symbol)
         opts
       end
     end
 
     def mass_assignment_authorizer_with_safe_attrs(role = nil) # :nodoc:
-      if role.nil? 
-        attrs = mass_assignment_authorizer_without_safe_attrs +
-          safe_attribute_names
+      safe_attributes_authorizer role
+    end
+
+    def safe_attributes_authorizer(role = nil)
+      if AttributeExt.activemodel_3_0?
+        attrs      = safe_attribute_names
+        authorizer = mass_assignment_authorizer_without_safe_attrs
       else
-        attrs = mass_assignment_authorizer_without_safe_attrs(role) +
-          safe_attribute_names(role)
+        attrs      = safe_attribute_names(role)
+        authorizer = mass_assignment_authorizer_without_safe_attrs(role)
+      end
+
+      if authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)
+        return authorizer + attrs
+      else
+        return ::ActiveModel::MassAssignmentSecurity::WhiteList.new attrs
       end
     end
     
@@ -127,8 +137,8 @@ module AttributeExt
       names = []
       self.class.safe_attributes.collect do |attrs, options|
         next unless options[:as].empty? or options[:as].include?(role)
-        next unless options[:if].nil? or safe_attrs_call_block(options[:if], role)
-        next unless options[:unless].nil? or !safe_attrs_call_block(options[:unless], role)
+        next unless options[:if].nil? or safe_attrs_call(options[:if], role)
+        next unless options[:unless].nil? or !safe_attrs_call(options[:unless], role)
 
         names += attrs.collect(&:to_s)
       end
@@ -136,6 +146,11 @@ module AttributeExt
     end
     
     private
+    def safe_attrs_call(block_or_sym, role)
+      return safe_attrs_call_block(block_or_sym, role) if block_or_sym.is_a?(Proc)
+      return self.send block_or_sym
+    end
+
     def safe_attrs_call_block(block, role)
       case block.arity
       when 0

data/lib/attribute_ext.rb

@@ -4,8 +4,13 @@ require 'attribute_ext/safe_attributes'
 require 'attribute_ext/railtie' if defined?(Rails)
 
 module AttributeExt
-  def AttributeExt.setup # :nodoc:
+  def self.setup # :nodoc:
     ActiveRecord::Base.send :include, AttributeExt::HiddenAttributes
     ActiveRecord::Base.send :include, AttributeExt::SafeAttributes
   end
+
+  def self.activemodel_3_0?
+    ::ActiveModel::VERSION::MAJOR == 3 and
+    ::ActiveModel::VERSION::MINOR == 0
+  end
 end

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/assets/javascripts/application.js

@@ -0,0 +1,15 @@
+// This is a manifest file that'll be compiled into application.js, which will include all the files
+// listed below.
+//
+// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
+// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
+//
+// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
+// the compiled file.
+//
+// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
+// GO AFTER THE REQUIRES BELOW.
+//
+//= require jquery
+//= require jquery_ujs
+//= require_tree .

data/spec/dummy/app/assets/stylesheets/application.css

@@ -0,0 +1,13 @@
+/*
+ * This is a manifest file that'll be compiled into application.css, which will include all the files
+ * listed below.
+ *
+ * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
+ * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
+ *
+ * You're free to add application-wide styles to this file and they'll appear at the top of the
+ * compiled file, but it's generally better to create a new file per style scope.
+ *
+ *= require_self
+ *= require_tree .
+*/

data/spec/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,3 @@
+class ApplicationController < ActionController::Base
+  protect_from_forgery
+end

data/spec/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/spec/{support/stub.rb → dummy/app/models/user.rb}

@@ -3,35 +3,29 @@ class User < ActiveRecord::Base
   
   attr_accessor :opts
   
+  hide_attributes :opts, :id, :on_hash => true
+
   hide_attributes :attribute
   hide_attributes :attribute_hash, :on_hash => true
-  
   hide_attributes :attribute_if, 
     :if => Proc.new { |user| user.opts[:if] }
   hide_attributes :attribute_if_hash, :on_hash => true, 
     :if => Proc.new { |user| user.opts[:if] }
-  
   hide_attributes :attribute_unless, 
     :unless => Proc.new { |user| user.opts[:unless] }
   hide_attributes :attribute_unless_hash, :on_hash => true, 
     :unless => Proc.new { |user| user.opts[:unless] }
-  
   hide_attributes :attribute_if_unless, 
     :if => Proc.new { |user| user.opts[:if] } , 
     :unless => Proc.new { |user| user.opts[:unless] }
-    
   hide_attributes :attribute_if_format, 
     :if => Proc.new { |u,format| format == :format }
-  
   hide_attributes :attribute_unless_format, 
     :unless => Proc.new { |u,format| format == :format }
-  
   hide_attributes :attribute_if_opts, 
     :if => Proc.new { |u,format,opts| opts[:hide] == false }
-  
   hide_attributes :attribute_unless_opts, 
     :unless => Proc.new { |u,format,opts| opts[:hide] == false }
-    
   hide_attributes :attribute_only_xml, :only => :xml
   hide_attributes :attribute_only_json, :only => :json
   hide_attributes :attribute_only_hash, :only => :hash
@@ -40,16 +34,21 @@ class User < ActiveRecord::Base
   hide_attributes :attribute_except_hash, :except => :hash
   hide_attributes :attribute_only_xml_txt, :only => [:xml, :txt]
   hide_attributes :attribute_except_xml_txt, :except => [:xml, :txt]
+
+  attr_accessible :opts, :as => [:default, :admin, :guest, :superuser]
   
   safe_attributes :always
   safe_attributes :admin_role, :as => :admin
   safe_attributes :attribute_if, 
     :if => Proc.new { |user| user.opts[:if] }
+  safe_attributes :attribute_if_2, :if => :if?
   safe_attributes :attribute_unless, 
     :unless => Proc.new { |user| user.opts[:unless] }
+  safe_attributes :attribute_unless_2, :unless => :unless?
   safe_attributes :attribute_if_unless, 
     :if => Proc.new { |user| user.opts[:if] }, 
     :unless => Proc.new { |user| user.opts[:unless] }
+  safe_attributes :attribute_if_unless_2, :if => :if?, :unless => :unless?
   safe_attributes :attribute_if_admin,
     :if => Proc.new { |user,role| role == :admin}
   safe_attributes :attribute_unless_admin,
@@ -58,11 +57,17 @@ class User < ActiveRecord::Base
   safe_attributes :role_mapper_guest, :if => Proc.new { |user,role| role == :guest }
   safe_attributes :role_mapper_user, :as => :user
   safe_attributes :role_mapper_admin, :if => Proc.new { |user,role| role == :admin }
-  
-  def initialize(opts = {})
-    @opts = {
-      :if => false,
-      :unless => true
-    }.merge(opts.is_a?(Hash) ? opts : {})
+
+  def opts
+    @opts ||= {}
+    @opts.reverse_merge :if => false, :unless => true
+  end
+
+  def if?
+    opts[:if]
+  end
+
+  def unless?
+    opts[:unless]
   end
 end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <title>Dummy</title>
+  <%= stylesheet_link_tag    "application", :media => "all" %>
+  <%= javascript_include_tag "application" %>
+  <%= csrf_meta_tags %>
+</head>
+<body>
+
+<%= yield %>
+
+</body>
+</html>

data/spec/dummy/config/application.rb

@@ -0,0 +1,62 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+require "action_controller/railtie"
+require "action_mailer/railtie"
+require "active_resource/railtie"
+require "sprockets/railtie"
+# require "rails/test_unit/railtie"
+
+Bundler.require
+require "attribute_ext"
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    # config.active_record.whitelist_attributes = true
+
+    # Enable the asset pipeline
+    config.assets.enabled = true
+
+    # Version of your assets, change this if you want to expire all your assets
+    config.assets.version = '1.0'
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)

data/spec/dummy/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+development:
+  adapter: sqlite3
+  database: db/development.sqlite3
+  pool: 5
+  timeout: 5000
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  adapter: sqlite3
+  database: ":memory:"
+  pool: 5
+  timeout: 5000
+
+production:
+  adapter: sqlite3
+  database: db/production.sqlite3
+  pool: 5
+  timeout: 5000

data/spec/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the rails application
+require File.expand_path('../application', __FILE__)
+
+# Initialize the rails application
+Dummy::Application.initialize!

data/spec/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Log error messages when you accidentally call methods on nil.
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger
+  config.active_support.deprecation = :log
+
+  # Only use best-standards-support built into browsers
+  config.action_dispatch.best_standards_support = :builtin
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  config.active_record.auto_explain_threshold_in_seconds = 0.5
+
+  # Do not compress assets
+  config.assets.compress = false
+
+  # Expands the lines which load the assets
+  config.assets.debug = true
+end

data/spec/dummy/config/environments/production.rb

@@ -0,0 +1,67 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # Code is not reloaded between requests
+  config.cache_classes = true
+
+  # Full error reports are disabled and caching is turned on
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Disable Rails's static asset server (Apache or nginx will already do this)
+  config.serve_static_assets = false
+
+  # Compress JavaScripts and CSS
+  config.assets.compress = true
+
+  # Don't fallback to assets pipeline if a precompiled asset is missed
+  config.assets.compile = false
+
+  # Generate digests for assets URLs
+  config.assets.digest = true
+
+  # Defaults to Rails.root.join("public/assets")
+  # config.assets.manifest = YOUR_PATH
+
+  # Specifies the header that your server uses for sending files
+  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  # config.force_ssl = true
+
+  # See everything in the log (default is :info)
+  # config.log_level = :debug
+
+  # Prepend all log lines with the following tags
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production
+  # config.cache_store = :mem_cache_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server
+  # config.action_controller.asset_host = "http://assets.example.com"
+
+  # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
+  # config.assets.precompile += %w( search.js )
+
+  # Disable delivery errors, bad email addresses will be ignored
+  # config.action_mailer.raise_delivery_errors = false
+
+  # Enable threaded mode
+  # config.threadsafe!
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation can not be found)
+  config.i18n.fallbacks = true
+
+  # Send deprecation notices to registered listeners
+  config.active_support.deprecation = :notify
+
+  # Log the query plan for queries taking more than this (works
+  # with SQLite, MySQL, and PostgreSQL)
+  # config.active_record.auto_explain_threshold_in_seconds = 0.5
+end

data/spec/dummy/config/environments/test.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Configure static asset server for tests with Cache-Control for performance
+  config.serve_static_assets = true
+  config.static_cache_control = "public, max-age=3600"
+
+  # Log error messages when you accidentally call methods on nil
+  config.whiny_nils = true
+
+  # Show full error reports and disable caching
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment
+  config.action_controller.allow_forgery_protection    = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Raise exception on mass assignment protection for Active Record models
+  config.active_record.mass_assignment_sanitizer = :strict
+
+  # Print deprecation notices to the stderr
+  config.active_support.deprecation = :stderr
+end

data/spec/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/spec/dummy/config/initializers/inflections.rb

@@ -0,0 +1,15 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format
+# (all these examples are active by default):
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+#
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/spec/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,5 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf
+# Mime::Type.register_alias "text/html", :iphone

data/spec/dummy/config/initializers/secret_token.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# Your secret key for verifying the integrity of signed cookies.
+# If you change this key, all old signed cookies will become invalid!
+# Make sure the secret is at least 30 characters and all random,
+# no regular words or you'll be exposed to dictionary attacks.
+Dummy::Application.config.secret_token = 'defb4a0c17c83f3d7d23147bd0d7ca97c1e095531917e8e24f6698baca436fd20616e09504eab1a92cf00e8574724d6fb0eb27de17a3193d77a7deb2ab8a3d9e'

data/spec/dummy/config/initializers/session_store.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
+
+# Use the database for sessions instead of the cookie-based default,
+# which shouldn't be used to store highly confidential information
+# (create the session table with "rails generate session_migration")
+# Dummy::Application.config.session_store :active_record_store

data/spec/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+#
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json]
+end
+
+# Disable root element in JSON by default.
+ActiveSupport.on_load(:active_record) do
+  self.include_root_in_json = false
+end

data/spec/dummy/config/locales/en.yml

@@ -0,0 +1,5 @@
+# Sample localization file for English. Add more files in this directory for other locales.
+# See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
+
+en:
+  hello: "Hello world"