cancan_strong_parameters 0.1.1 → 0.1.2

data/README.md

@@ -40,3 +40,7 @@ Or install it yourself as:
 3. Commit your changes (`git commit -am 'Added some feature'`)
 4. Push to the branch (`git push origin my-new-feature`)
 5. Create new Pull Request
+
+## Changelog
+
+* Made compatible for nested forms

data/lib/cancan_strong_parameters/rails/controller/base.rb

@@ -20,37 +20,37 @@ class ActionController::Base
   def self.permit_params *keys
     filter_strong_params :permit, [:create, :update], keys
   end
-  
+
   # Like permit_params, but only applies to create action
   #
   def self.permit_params_on_create *keys
     filter_strong_params :permit, :create, keys
   end
-  
+
   # Like permit_params, but only applies to update action
   #
   def self.permit_params_on_update *keys
     filter_strong_params :permit, :update, keys
   end
-  
+
   # Like permit_params, but marks the params required
   #
   def self.require_params *keys
     filter_strong_params :require, [:create, :update], keys
   end
-  
+
   # Like require_params, but only applies to create action
   #
-  def self.require_params *keys
+  def self.require_params_on_create *keys
     filter_strong_params :require, :create, keys
   end
-  
+
   # Like require_params, but only applies to update action
   #
-  def self.require_params *keys
+  def self.require_params_on_update *keys
     filter_strong_params :require, :update, keys
   end
-  
+
   # Does a permit! at every level of the params to let everything through
   #
   def self.permit_all_params options = {}
@@ -58,14 +58,17 @@ class ActionController::Base
       self.params.deep_permit!
     end
   end
-  
+
   def self.filter_strong_params method, actions, keys # :nodoc:
     hash = keys.extract_options!
     keys.flatten!
-    if hash.present? && keys.present?
+    
+    # Handle attributes if permitted attributes are given for nested models
+    if (hash.present? && keys.present?) || (hash.select{|k,v| v.is_a?(Array)} == hash)
       prepend_before_filter :only => actions do
         resource_name = self.class.resource_name
-        self.params[resource_name] = params[resource_name].send method, *[keys, self.class.attributized(hash)].flatten, hash
+        whitelist = self.class.hashified([*keys.flatten, self.class.attributized(hash)])
+        self.params[resource_name] = params[resource_name].send method, whitelist
       end
     elsif hash.present?
       prepend_before_filter :only => actions do
@@ -73,7 +76,7 @@ class ActionController::Base
       end
     else
       prepend_before_filter :only => actions do
-        resource_name = self.class.resource_name        
+        resource_name = self.class.resource_name
         if params.has_key?(resource_name)
           self.params[resource_name] = params[resource_name].send method, *keys
         else
@@ -82,17 +85,26 @@ class ActionController::Base
       end
     end
   end
-  
+
   def self.resource_name
     self.to_s.sub("Controller", "").underscore.split('/').last.singularize
   end
-  
+
   def self.attributized(hash)
-    h = {}
-    hash.each do |k,v|
-      h[:"#{k}_attributes"] = v
+    Hash.new.tap do |h|
+      hash.each do |k,v|
+        h[:"#{k}_attributes"] = v
+      end
     end
-    h.keys # @todo Allows all nested values! Insecure, but works
+  end
+  
+  def self.hashified(whitelist)
+    hash = whitelist.extract_options!
+    array = whitelist.dup
+    whitelist = (hash || {})
+    array.map {|v| whitelist[v] = nil }
+    
+    whitelist
   end
 end
 
@@ -110,4 +122,4 @@ module ActionController
       permit!
     end
   end
-end
+end

data/lib/cancan_strong_parameters/version.rb

@@ -1,3 +1,3 @@
 module CancanStrongParameters
-  VERSION = "0.1.1"
+  VERSION = "0.1.2"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancan_strong_parameters
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.2
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-28 00:00:00.000000000Z
+date: 2012-10-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancan
-  requirement: &70171147390260 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70171147390260
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: strong_parameters
-  requirement: &70171147389800 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,7 +37,12 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70171147389800
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: make CanCan work with strong_parameters
 email:
 - me@colinyoung.com
@@ -69,7 +79,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 1.8.10
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: make CanCan work with strong_parameters