cancan_strong_parameters 0.0.1 → 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. data/README.md +14 -1
  2. data/lib/cancan_strong_parameters.rb +1 -1
  3. data/lib/cancan_strong_parameters/rails/controller/base.rb +99 -0
  4. data/lib/cancan_strong_parameters/version.rb +1 -1
  5. metadata +7 -7
  6. data/lib/cancan_strong_parameters/cancan/controller_resource.rb +0 -23
data/README.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  CanCan and [strong_parameters](https://github.com/rails/strong_parameters) are friends now!
4
4
 
5
+ ## Authors
6
+
7
+ The majority of this gem is credited to @mckeed, who posted this gist: https://gist.github.com/2878508
8
+ I (@colinyoung) helped put some of it together.
9
+
10
+
5
11
  ## Installation
6
12
 
7
13
  Add this line to your application's Gemfile:
@@ -18,7 +24,14 @@ Or install it yourself as:
18
24
 
19
25
  ## Usage
20
26
 
21
- Just add it to your Gemfile! Use both CanCan and strong_parameters as normal.
27
+ 1. Add it to your Gemfile
28
+ 2. Wherever you use `load_and_authorize_resource`, also add:
29
+
30
+ class PostsController < ApplicationController
31
+ ...
32
+ load_and_authorize_resource
33
+ permit_params post: [:name, :title, author: {:name}]
34
+ end
22
35
 
23
36
  ## Contributing
24
37
 
data/lib/cancan_strong_parameters.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  require "cancan_strong_parameters/version"
2
- require "cancan_strong_parameters/cancan/controller_resource"
2
+ require "cancan_strong_parameters/rails/controller/base"
3
3
 
4
4
  module CancanStrongParameters
5
5
  end
data/lib/cancan_strong_parameters/rails/controller/base.rb ADDED
@@ -0,0 +1,99 @@
1
+ class ActionController::Base
2
+ # Use this with CanCan's load_resource to permit a set of params before
3
+ # it tries to build or update a resource with them.
4
+ #
5
+ # Usage:
6
+ # class BooksController < ApplicationController
7
+ # load_resource :book
8
+ # permit_params book: [:title, :isbn]
9
+ # end
10
+ #
11
+ # Or:
12
+ # class BooksController < ApplicationController
13
+ # load_resource
14
+ # permit_params :title, :isbn
15
+ # end
16
+ #
17
+ # the second form should work in the simple case where you don't have to
18
+ # supply a resource name for #load_resource
19
+ #
20
+ def self.permit_params *keys
21
+ filter_strong_params :permit, [:create, :update], keys
22
+ end
23
+
24
+ # Like permit_params, but only applies to create action
25
+ #
26
+ def self.permit_params_on_create *keys
27
+ filter_strong_params :permit, :create, keys
28
+ end
29
+
30
+ # Like permit_params, but only applies to update action
31
+ #
32
+ def self.permit_params_on_update *keys
33
+ filter_strong_params :permit, :update, keys
34
+ end
35
+
36
+ # Like permit_params, but marks the params required
37
+ #
38
+ def self.require_params *keys
39
+ filter_strong_params :require, [:create, :update], keys
40
+ end
41
+
42
+ # Like require_params, but only applies to create action
43
+ #
44
+ def self.require_params *keys
45
+ filter_strong_params :require, :create, keys
46
+ end
47
+
48
+ # Like require_params, but only applies to update action
49
+ #
50
+ def self.require_params *keys
51
+ filter_strong_params :require, :update, keys
52
+ end
53
+
54
+ # Does a permit! at every level of the params to let everything through
55
+ #
56
+ def self.permit_all_params options = {}
57
+ prepend_before_filter options.reverse_merge(:only => [:create, :update]) do
58
+ self.params.deep_permit!
59
+ end
60
+ end
61
+
62
+ def self.filter_strong_params method, actions, keys # :nodoc:
63
+ hash = keys.extract_options!
64
+ if hash.present? && keys.present?
65
+ prepend_before_filter :only => actions do
66
+ self.params = params.send method, *keys, hash
67
+ end
68
+ elsif hash.present?
69
+ prepend_before_filter :only => actions do
70
+ self.params.merge! params.send(method, hash)
71
+ end
72
+ else
73
+ resource_name = self.to_s.sub("Controller", "").underscore.split('/').last.singularize
74
+ prepend_before_filter :only => actions do
75
+ if params.has_key?(resource_name)
76
+ self.params[resource_name] = params[resource_name].send method, *keys
77
+ else
78
+ self.params = params.send method, *keys
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
84
+
85
+ module ActionController
86
+ class Parameters < ActiveSupport::HashWithIndifferentAccess
87
+ def deep_permit!
88
+ self.each do |key, value|
89
+ if value.is_a?(Hash)
90
+ if !value.respond_to?(:permit!)
91
+ self[key] = value = ActionController::Parameters.new(value)
92
+ end
93
+ value.deep_permit!
94
+ end
95
+ end
96
+ permit!
97
+ end
98
+ end
99
+ end
data/lib/cancan_strong_parameters/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module CancanStrongParameters
2
- VERSION = "0.0.1"
2
+ VERSION = "0.1.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cancan_strong_parameters
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.1.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-24 00:00:00.000000000Z
12
+ date: 2012-08-28 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cancan
16
- requirement: &70144855890200 !ruby/object:Gem::Requirement
16
+ requirement: &70196034599640 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70144855890200
24
+ version_requirements: *70196034599640
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: strong_parameters
27
- requirement: &70144855889740 !ruby/object:Gem::Requirement
27
+ requirement: &70196034599200 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70144855889740
35
+ version_requirements: *70196034599200
36
36
  description: make CanCan work with strong_parameters
37
37
  email:
38
38
  - me@colinyoung.com
@@ -47,7 +47,7 @@ files:
47
47
  - Rakefile
48
48
  - cancan_strong_parameters.gemspec
49
49
  - lib/cancan_strong_parameters.rb
50
- - lib/cancan_strong_parameters/cancan/controller_resource.rb
50
+ - lib/cancan_strong_parameters/rails/controller/base.rb
51
51
  - lib/cancan_strong_parameters/version.rb
52
52
  homepage: https://github.com/colinyoung/cancan_strong_parameters
53
53
  licenses: []
data/lib/cancan_strong_parameters/cancan/controller_resource.rb DELETED
@@ -1,23 +0,0 @@
1
- module CanCan
2
- class ControllerResource
3
- def load_resource_with_secure_params(*args)
4
- secure_params!
5
- load_resource_without_secure_params # This name comes from alias_method_chain. The params are already secured.
6
- end
7
-
8
- def secure_params!
9
- controller = @controller
10
- if controller.params.respond_to?(:require)
11
- protected_actions = controller.respond_to?(:protected_actions) ? controller.protected_actions : ['create', 'update']
12
- if protected_actions.include?(controller.action_name)
13
- internal_keys = ['controller', 'action', 'authenticity_token', 'commit', 'utf8']
14
- internal_values = @params.select {|k,v| internal_keys.include?(k) }
15
- @params = ({resource_class.name.downcase => controller.secure_params}.merge(internal_values))
16
- @params = ActiveSupport::HashWithIndifferentAccess.new(@params)
17
- end
18
- end
19
- end
20
-
21
- alias_method_chain :load_resource, :secure_params
22
- end
23
- end