cancan_strong_parameters 0.0.1 → 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
data/README.md CHANGED
@@ -2,6 +2,12 @@
2
2
 
3
3
  CanCan and [strong_parameters](https://github.com/rails/strong_parameters) are friends now!
4
4
 
5
+ ## Authors
6
+
7
+ The majority of this gem is credited to @mckeed, who posted this gist: https://gist.github.com/2878508
8
+ I (@colinyoung) helped put some of it together.
9
+
10
+
5
11
  ## Installation
6
12
 
7
13
  Add this line to your application's Gemfile:
@@ -18,7 +24,14 @@ Or install it yourself as:
18
24
 
19
25
  ## Usage
20
26
 
21
- Just add it to your Gemfile! Use both CanCan and strong_parameters as normal.
27
+ 1. Add it to your Gemfile
28
+ 2. Wherever you use `load_and_authorize_resource`, also add:
29
+
30
+ class PostsController < ApplicationController
31
+ ...
32
+ load_and_authorize_resource
33
+ permit_params post: [:name, :title, author: {:name}]
34
+ end
22
35
 
23
36
  ## Contributing
24
37
 
@@ -1,5 +1,5 @@
1
1
  require "cancan_strong_parameters/version"
2
- require "cancan_strong_parameters/cancan/controller_resource"
2
+ require "cancan_strong_parameters/rails/controller/base"
3
3
 
4
4
  module CancanStrongParameters
5
5
  end
@@ -0,0 +1,99 @@
1
+ class ActionController::Base
2
+ # Use this with CanCan's load_resource to permit a set of params before
3
+ # it tries to build or update a resource with them.
4
+ #
5
+ # Usage:
6
+ # class BooksController < ApplicationController
7
+ # load_resource :book
8
+ # permit_params book: [:title, :isbn]
9
+ # end
10
+ #
11
+ # Or:
12
+ # class BooksController < ApplicationController
13
+ # load_resource
14
+ # permit_params :title, :isbn
15
+ # end
16
+ #
17
+ # the second form should work in the simple case where you don't have to
18
+ # supply a resource name for #load_resource
19
+ #
20
+ def self.permit_params *keys
21
+ filter_strong_params :permit, [:create, :update], keys
22
+ end
23
+
24
+ # Like permit_params, but only applies to create action
25
+ #
26
+ def self.permit_params_on_create *keys
27
+ filter_strong_params :permit, :create, keys
28
+ end
29
+
30
+ # Like permit_params, but only applies to update action
31
+ #
32
+ def self.permit_params_on_update *keys
33
+ filter_strong_params :permit, :update, keys
34
+ end
35
+
36
+ # Like permit_params, but marks the params required
37
+ #
38
+ def self.require_params *keys
39
+ filter_strong_params :require, [:create, :update], keys
40
+ end
41
+
42
+ # Like require_params, but only applies to create action
43
+ #
44
+ def self.require_params *keys
45
+ filter_strong_params :require, :create, keys
46
+ end
47
+
48
+ # Like require_params, but only applies to update action
49
+ #
50
+ def self.require_params *keys
51
+ filter_strong_params :require, :update, keys
52
+ end
53
+
54
+ # Does a permit! at every level of the params to let everything through
55
+ #
56
+ def self.permit_all_params options = {}
57
+ prepend_before_filter options.reverse_merge(:only => [:create, :update]) do
58
+ self.params.deep_permit!
59
+ end
60
+ end
61
+
62
+ def self.filter_strong_params method, actions, keys # :nodoc:
63
+ hash = keys.extract_options!
64
+ if hash.present? && keys.present?
65
+ prepend_before_filter :only => actions do
66
+ self.params = params.send method, *keys, hash
67
+ end
68
+ elsif hash.present?
69
+ prepend_before_filter :only => actions do
70
+ self.params.merge! params.send(method, hash)
71
+ end
72
+ else
73
+ resource_name = self.to_s.sub("Controller", "").underscore.split('/').last.singularize
74
+ prepend_before_filter :only => actions do
75
+ if params.has_key?(resource_name)
76
+ self.params[resource_name] = params[resource_name].send method, *keys
77
+ else
78
+ self.params = params.send method, *keys
79
+ end
80
+ end
81
+ end
82
+ end
83
+ end
84
+
85
+ module ActionController
86
+ class Parameters < ActiveSupport::HashWithIndifferentAccess
87
+ def deep_permit!
88
+ self.each do |key, value|
89
+ if value.is_a?(Hash)
90
+ if !value.respond_to?(:permit!)
91
+ self[key] = value = ActionController::Parameters.new(value)
92
+ end
93
+ value.deep_permit!
94
+ end
95
+ end
96
+ permit!
97
+ end
98
+ end
99
+ end
@@ -1,3 +1,3 @@
1
1
  module CancanStrongParameters
2
- VERSION = "0.0.1"
2
+ VERSION = "0.1.0"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cancan_strong_parameters
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.1
4
+ version: 0.1.0
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-08-24 00:00:00.000000000Z
12
+ date: 2012-08-28 00:00:00.000000000Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: cancan
16
- requirement: &70144855890200 !ruby/object:Gem::Requirement
16
+ requirement: &70196034599640 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: '0'
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70144855890200
24
+ version_requirements: *70196034599640
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: strong_parameters
27
- requirement: &70144855889740 !ruby/object:Gem::Requirement
27
+ requirement: &70196034599200 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,7 +32,7 @@ dependencies:
32
32
  version: '0'
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70144855889740
35
+ version_requirements: *70196034599200
36
36
  description: make CanCan work with strong_parameters
37
37
  email:
38
38
  - me@colinyoung.com
@@ -47,7 +47,7 @@ files:
47
47
  - Rakefile
48
48
  - cancan_strong_parameters.gemspec
49
49
  - lib/cancan_strong_parameters.rb
50
- - lib/cancan_strong_parameters/cancan/controller_resource.rb
50
+ - lib/cancan_strong_parameters/rails/controller/base.rb
51
51
  - lib/cancan_strong_parameters/version.rb
52
52
  homepage: https://github.com/colinyoung/cancan_strong_parameters
53
53
  licenses: []
@@ -1,23 +0,0 @@
1
- module CanCan
2
- class ControllerResource
3
- def load_resource_with_secure_params(*args)
4
- secure_params!
5
- load_resource_without_secure_params # This name comes from alias_method_chain. The params are already secured.
6
- end
7
-
8
- def secure_params!
9
- controller = @controller
10
- if controller.params.respond_to?(:require)
11
- protected_actions = controller.respond_to?(:protected_actions) ? controller.protected_actions : ['create', 'update']
12
- if protected_actions.include?(controller.action_name)
13
- internal_keys = ['controller', 'action', 'authenticity_token', 'commit', 'utf8']
14
- internal_values = @params.select {|k,v| internal_keys.include?(k) }
15
- @params = ({resource_class.name.downcase => controller.secure_params}.merge(internal_values))
16
- @params = ActiveSupport::HashWithIndifferentAccess.new(@params)
17
- end
18
- end
19
- end
20
-
21
- alias_method_chain :load_resource, :secure_params
22
- end
23
- end