brightcontent-core 2.0.23 → 2.0.24

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    brightcontent-core (2.0.23)
+    brightcontent-core (2.0.24)
       bcrypt-ruby
       bootstrap-wysihtml5-rails
       has_scope
@@ -9,6 +9,7 @@ PATH
       jquery-rails
       rails (~> 3.2.9)
       simple_form
+      strong_parameters
       will_paginate
 
 GEM
@@ -44,7 +45,7 @@ GEM
     addressable (2.3.2)
     arel (3.0.2)
     bcrypt-ruby (3.0.1)
-    bootstrap-wysihtml5-rails (0.3.1.13)
+    bootstrap-wysihtml5-rails (0.3.1.19)
       railties (>= 3.0)
     builder (3.0.4)
     capybara (2.0.1)
@@ -71,7 +72,7 @@ GEM
       has_scope (~> 0.5.0)
       responders (~> 0.6)
     journey (1.0.4)
-    jquery-rails (2.1.4)
+    jquery-rails (2.2.1)
       railties (>= 3.0, < 5.0)
       thor (>= 0.14, < 2.0)
     json (1.7.5)
@@ -132,7 +133,7 @@ GEM
       libwebsocket (~> 0.1.3)
       multi_json (~> 1.0)
       rubyzip
-    simple_form (2.0.4)
+    simple_form (2.1.0)
       actionpack (~> 3.0)
       activemodel (~> 3.0)
     sprockets (2.2.2)
@@ -141,14 +142,18 @@ GEM
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
     sqlite3 (1.3.6)
+    strong_parameters (0.2.0)
+      actionpack (~> 3.0)
+      activemodel (~> 3.0)
+      railties (~> 3.0)
     thor (0.16.0)
     tilt (1.3.3)
     treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
-    tzinfo (0.3.35)
+    tzinfo (0.3.37)
     websocket (1.0.6)
-    will_paginate (3.0.3)
+    will_paginate (3.0.4)
     xpath (1.0.0)
       nokogiri (~> 1.3)
 

data/app/controllers/brightcontent/base_controller.rb

@@ -10,6 +10,9 @@ module Brightcontent
     include DefaultActions
     include Pagination
 
+    # Temp until inherent resources supports strong params
+    include StrongParamsFix
+
     private
 
     def list_fields
@@ -27,5 +30,9 @@ module Brightcontent
     end
     helper_method :default_fields
 
+    def resource_params
+      params.require(resource_instance_name).permit!
+    end
+
   end
 end

data/app/models/brightcontent/admin_user.rb

@@ -1,7 +1,6 @@
 module Brightcontent
   class AdminUser < ActiveRecord::Base
     has_secure_password
-    attr_accessible :email, :password, :password_confirmation
     validates_uniqueness_of :email
   end
 end

data/brightcontent-core.gemspec

@@ -23,6 +23,7 @@ Gem::Specification.new do |s|
   s.add_dependency "simple_form"
   s.add_dependency "will_paginate"
   s.add_dependency "bootstrap-wysihtml5-rails"
+  s.add_dependency "strong_parameters"
 
   s.add_development_dependency "sqlite3"
   s.add_development_dependency "rspec-rails"

data/lib/brightcontent/core.rb

@@ -4,6 +4,7 @@ require "jquery-rails"
 require "will_paginate"
 require "bootstrap-wysihtml5-rails"
 require "has_scope"
+require "strong_parameters"
 
 require "brightcontent/rails/routes"
 require "brightcontent/engine"
@@ -14,6 +15,7 @@ module Brightcontent
   autoload :PageMethods, 'brightcontent/page_methods'
   autoload :RoutesParser, 'brightcontent/routes_parser'
   autoload :DefaultActions, 'brightcontent/default_actions'
+  autoload :StrongParamsFix, 'brightcontent/strong_params_fix'
   autoload :ModelExtensions, 'brightcontent/model_extensions'
 
   mattr_accessor :engine_resources

data/lib/brightcontent/strong_params_fix.rb

@@ -0,0 +1,16 @@
+module Brightcontent
+  module StrongParamsFix
+
+    def build_resource
+      get_resource_ivar || set_resource_ivar(end_of_association_chain.send(method_for_build, params_for_build))
+    end
+
+    def params_for_build
+      request.get? ? {} : resource_params
+    end
+
+    def update_resource(object, attributes)
+      object.update_attributes(attributes)
+    end
+  end
+end

data/spec/dummy/app/models/blog.rb

@@ -1,4 +1,3 @@
 class Blog < ActiveRecord::Base
-  attr_accessible :body, :name, :featured
   scope :featured, where(:featured => true)
 end

data/spec/dummy/config/application.rb

@@ -47,7 +47,7 @@ module Dummy
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = false
 
     # Enable the asset pipeline
     config.assets.enabled = true

data/spec/dummy/config/initializers/strong_params.rb

@@ -0,0 +1 @@
+ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: brightcontent-core
 version: !ruby/object:Gem::Version
-  version: 2.0.23
+  version: 2.0.24
   prerelease: 
 platform: ruby
 authors:
@@ -139,6 +139,22 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: strong_parameters
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -276,6 +292,7 @@ files:
 - lib/brightcontent/pagination.rb
 - lib/brightcontent/rails/routes.rb
 - lib/brightcontent/routes_parser.rb
+- lib/brightcontent/strong_params_fix.rb
 - lib/generators/brightcontent/install_generator.rb
 - lib/generators/brightcontent/resource_generator.rb
 - lib/generators/brightcontent/templates/brightcontent_controller.rb
@@ -310,6 +327,7 @@ files:
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/strong_params.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
@@ -347,7 +365,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1893911070433254404
+      hash: -2374237643085151557
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -356,7 +374,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 1893911070433254404
+      hash: -2374237643085151557
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.24
@@ -393,6 +411,7 @@ test_files:
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/strong_params.rb
 - spec/dummy/config/initializers/wrap_parameters.rb
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb