cancan_strong_parameters 0.1.3 → 0.1.4

data/.gitignore

@@ -16,3 +16,4 @@ test/tmp
 test/version_tmp
 tmp
 .DS_Store
+log/

data/README.md

@@ -32,6 +32,10 @@ Or install it yourself as:
           load_and_authorize_resource
           permit_params post: [:name, :title, author: {:name}]
         end
+        
+## Testing
+
+Run with `bundle exec rake test`.
 
 ## Contributing
 

data/Rakefile

@@ -1,2 +1,11 @@
 #!/usr/bin/env rake
 require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'test'
+end
+
+desc "Run tests"
+task :default => :test

data/cancan_strong_parameters.gemspec

@@ -10,6 +10,12 @@ Gem::Specification.new do |gem|
   
   gem.add_dependency "cancan"
   gem.add_dependency "strong_parameters"
+  gem.add_dependency "activesupport"
+  
+  gem.add_development_dependency "require_all"
+  gem.add_development_dependency "minitest", "~> 3.0"
+  gem.add_development_dependency "rails"
+  gem.add_development_dependency "debugger"
 
   gem.files         = `git ls-files`.split($\)
   gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }

data/lib/cancan_strong_parameters/controller.rb

@@ -0,0 +1,137 @@
+module CancanStrongParameters
+  module Controller
+    
+    HASH_DEFAULTS = [:_destroy, :_delete]
+    
+    module ClassMethods
+      # Use this with CanCan's load_resource to permit a set of params before
+      # it tries to build or update a resource with them.
+      #
+      # Usage:
+      #   class BooksController < ApplicationController
+      #     load_resource :book
+      #     permit_params book: [:title, :isbn]
+      #   end
+      #
+      # Or:
+      #   class BooksController < ApplicationController
+      #     load_resource
+      #     permit_params :title, :isbn
+      #   end
+      #
+      # the second form should work in the simple case where you don't have to
+      # supply a resource name for #load_resource
+      #
+      def permit_params *keys
+        filter_strong_params :permit, [:create, :update], keys
+      end
+
+      # Like permit_params, but only applies to create action
+      #
+      def permit_params_on_create *keys
+        filter_strong_params :permit, :create, keys
+      end
+
+      # Like permit_params, but only applies to update action
+      #
+      def permit_params_on_update *keys
+        filter_strong_params :permit, :update, keys
+      end
+
+      # Like permit_params, but marks the params required
+      #
+      def require_params *keys
+        filter_strong_params :require, [:create, :update], keys
+      end
+
+      # Like require_params, but only applies to create action
+      #
+      def require_params_on_create *keys
+        filter_strong_params :require, :create, keys
+      end
+
+      # Like require_params, but only applies to update action
+      #
+      def require_params_on_update *keys
+        filter_strong_params :require, :update, keys
+      end
+
+      # Does a permit! at every level of the params to let everything through
+      #
+      def permit_all_params options = {}
+        prepend_before_filter options.reverse_merge(:only => [:create, :update]) do
+          self.params.deep_permit!
+        end
+      end
+
+      def filter_strong_params method, actions, keys # :nodoc:
+        hash = keys.extract_options!
+        keys.flatten!
+  
+        # Handle attributes if permitted attributes are given for nested models
+        if (hash.present? && keys.present?) || (hash.select{|k,v| v.is_a?(Array)} == hash)
+          
+          @@defaults = CancanStrongParameters::Controller::HASH_DEFAULTS
+          @@hash = hash.attributized
+          
+          prepend_before_filter :only => actions do
+            resource_name = self.class.resource_name
+            self.params[resource_name] = params[resource_name].send method, *[*keys.flatten + @@defaults, @@hash]
+          end
+        elsif hash.present?
+          prepend_before_filter :only => actions do
+            self.params.merge! params.send(method, hash)
+          end
+        else
+          prepend_before_filter :only => actions do
+            resource_name = self.class.resource_name
+            if params.has_key?(resource_name)
+              self.params[resource_name] = params[resource_name].send method, *keys
+            else
+              self.params = params.send method, *keys
+            end
+          end
+        end
+      end
+
+      def resource_name
+        self.to_s.sub("Controller", "").underscore.split('/').last.singularize
+      end
+    end
+    
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+  end
+end
+
+class Hash
+  
+  # Converts keys with hash values -- e.g. posts: {} -- to posts_attributes for nested forms.
+  # 
+  # Also, Allows rails specific values like _destroy or _delete.
+  # 
+  # NOTE: You must enable `allow_destroy: true` in your call to `accepts_nested_attributes_for` anyway,
+  # so this is secure to whitelist here.
+  def attributized
+    defaults = CancanStrongParameters::Controller::HASH_DEFAULTS
+    
+    Hash.new.tap do |h|
+      self.each do |k,v|
+        h[:"#{k}_attributes"] = self.delete(k).attributized + defaults
+      end
+    end
+  end
+end
+
+class Array
+  def attributized
+    Array.new.tap do |a|
+      self.each do |v|
+        v = v.attributized if v.is_a?(Hash)
+        a << v
+      end
+    end
+  end
+end

data/lib/cancan_strong_parameters/deep_permit.rb

@@ -0,0 +1,15 @@
+module CancanStrongParameters
+  module DeepPermit 
+    def deep_permit!
+      self.each do |key, value|
+        if value.is_a?(Hash)
+          if !value.respond_to?(:permit!)
+            self[key] = value = ActionController::Parameters.new(value)
+          end
+          value.deep_permit!
+        end
+      end
+      permit!
+    end
+  end
+end

data/lib/cancan_strong_parameters/rails/controller/base.rb

@@ -1,116 +1,7 @@
 class ActionController::Base
-  # Use this with CanCan's load_resource to permit a set of params before
-  # it tries to build or update a resource with them.
-  #
-  # Usage:
-  #   class BooksController < ApplicationController
-  #     load_resource :book
-  #     permit_params book: [:title, :isbn]
-  #   end
-  #
-  # Or:
-  #   class BooksController < ApplicationController
-  #     load_resource
-  #     permit_params :title, :isbn
-  #   end
-  #
-  # the second form should work in the simple case where you don't have to
-  # supply a resource name for #load_resource
-  #
-  def self.permit_params *keys
-    filter_strong_params :permit, [:create, :update], keys
-  end
-
-  # Like permit_params, but only applies to create action
-  #
-  def self.permit_params_on_create *keys
-    filter_strong_params :permit, :create, keys
-  end
-
-  # Like permit_params, but only applies to update action
-  #
-  def self.permit_params_on_update *keys
-    filter_strong_params :permit, :update, keys
-  end
-
-  # Like permit_params, but marks the params required
-  #
-  def self.require_params *keys
-    filter_strong_params :require, [:create, :update], keys
-  end
-
-  # Like require_params, but only applies to create action
-  #
-  def self.require_params_on_create *keys
-    filter_strong_params :require, :create, keys
-  end
-
-  # Like require_params, but only applies to update action
-  #
-  def self.require_params_on_update *keys
-    filter_strong_params :require, :update, keys
-  end
-
-  # Does a permit! at every level of the params to let everything through
-  #
-  def self.permit_all_params options = {}
-    prepend_before_filter options.reverse_merge(:only => [:create, :update]) do
-      self.params.deep_permit!
-    end
-  end
-
-  def self.filter_strong_params method, actions, keys # :nodoc:
-    hash = keys.extract_options!
-    keys.flatten!
-    
-    # Handle attributes if permitted attributes are given for nested models
-    if (hash.present? && keys.present?) || (hash.select{|k,v| v.is_a?(Array)} == hash)
-      prepend_before_filter :only => actions do
-        resource_name = self.class.resource_name
-        hash = self.class.attributized(hash)
-        self.params[resource_name] = params[resource_name].send method, *[*keys.flatten, hash]
-      end
-    elsif hash.present?
-      prepend_before_filter :only => actions do
-        self.params.merge! params.send(method, hash)
-      end
-    else
-      prepend_before_filter :only => actions do
-        resource_name = self.class.resource_name
-        if params.has_key?(resource_name)
-          self.params[resource_name] = params[resource_name].send method, *keys
-        else
-          self.params = params.send method, *keys
-        end
-      end
-    end
-  end
-
-  def self.resource_name
-    self.to_s.sub("Controller", "").underscore.split('/').last.singularize
-  end
-
-  def self.attributized(hash)
-    Hash.new.tap do |h|
-      hash.each do |k,v|
-        h[:"#{k}_attributes"] = v
-      end
-    end
-  end
+  include CancanStrongParameters::Controller
 end
 
-module ActionController
-  class Parameters < ActiveSupport::HashWithIndifferentAccess
-    def deep_permit!
-      self.each do |key, value|
-        if value.is_a?(Hash)
-          if !value.respond_to?(:permit!)
-            self[key] = value = ActionController::Parameters.new(value)
-          end
-          value.deep_permit!
-        end
-      end
-      permit!
-    end
-  end
+class ActionController::Parameters
+  include CancanStrongParameters::DeepPermit
 end

data/lib/cancan_strong_parameters/version.rb

@@ -1,3 +1,3 @@
 module CancanStrongParameters
-  VERSION = "0.1.3"
+  VERSION = "0.1.4"
 end

data/lib/cancan_strong_parameters.rb

@@ -1,5 +1,7 @@
 require "cancan_strong_parameters/version"
-require "cancan_strong_parameters/rails/controller/base"
+require "cancan_strong_parameters/controller"
+require "cancan_strong_parameters/deep_permit"
+require "cancan_strong_parameters/rails/controller/base" if defined?(Rails)
 
 module CancanStrongParameters
 end

data/test/app/controllers/posts_controller.rb

@@ -0,0 +1,16 @@
+class PostsController < ActionController::Base
+  include CancanStrongParameters::Controller
+  
+  permit_params :title, :content,
+    comments: [
+      :body, tags: [:name]
+    ]
+    
+  def create
+    @post = Post.new(params[:post])
+    @post_attributes = params[:post]
+    render json: @post
+  end
+  alias_method :update, :create
+  
+end

data/test/app/models/post.rb

@@ -0,0 +1,6 @@
+class Post
+  include ActiveModel::Serialization
+  include ActiveModel::MassAssignmentSecurity
+  
+  attr_accessible :body, :content
+end

data/test/config.ru

@@ -0,0 +1 @@
+# Empty to make tests work

data/test/rails_helper.rb

@@ -0,0 +1,37 @@
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+
+ENV["RAILS_ENV"] ||= 'test'
+
+require 'rubygems'
+
+require 'debugger'
+
+gem 'actionpack', '>= 3.0.0'
+gem 'activesupport', '>= 3.0.0'
+gem 'activemodel', '>= 3.0.0'
+gem 'railties', '>= 3.0.0'
+
+# Only the parts of rails we want to use
+# if you want everything, use "rails/all"
+require "action_controller/railtie"
+require "active_model/railtie"
+require "rails/test_unit/railtie"
+require "rack/test"
+
+root = File.expand_path(File.dirname(__FILE__))
+
+# Define the application and configuration
+module Config
+  class Application < ::Rails::Application
+    # configuration here if needed
+    config.active_support.deprecation = :stderr 
+  end
+end
+
+# Initialize the application
+Config::Application.initialize!
+
+Config::Application.routes.draw do
+  resources :posts
+end

data/test/script/rails

@@ -0,0 +1 @@
+# Empty to make tests work

data/test/test_cancan_strong_parameters.rb

@@ -0,0 +1,45 @@
+require 'minitest/autorun'
+
+require 'require_all'
+
+require 'strong_parameters'
+require 'cancan_strong_parameters'
+
+## Boot up an instance of rails
+require 'rails_helper'
+require 'rails/test_help'
+
+class PostsControllerTest < ActionController::TestCase
+  test "should not clip off deep params" do
+    params = {
+      post: {
+        title: "Title of post",
+        content: "Post main content.",
+        comments_attributes: [{
+          body: "My comment.",
+          tags_attributes: [{
+            name: "article"
+          }]
+        }]
+      }
+    }
+    
+    post :create, params
+    assert_equal \
+      ActiveSupport::HashWithIndifferentAccess.new(assigns(:post_attributes)),
+      ActiveSupport::HashWithIndifferentAccess.new(params[:post])
+  end
+  
+  test "keeps _destroy keys" do  
+    params = {
+      post: {
+        _destroy: true
+      }
+    }
+    
+    put :update, {id: 1}.merge(params)
+    assert_equal \
+      ActiveSupport::HashWithIndifferentAccess.new(assigns(:post_attributes)),
+      ActiveSupport::HashWithIndifferentAccess.new(params[:post])
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cancan_strong_parameters
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-10-22 00:00:00.000000000 Z
+date: 2012-10-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: cancan
@@ -43,6 +43,86 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: require_all
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: debugger
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: make CanCan work with strong_parameters
 email:
 - me@colinyoung.com
@@ -57,8 +137,16 @@ files:
 - Rakefile
 - cancan_strong_parameters.gemspec
 - lib/cancan_strong_parameters.rb
+- lib/cancan_strong_parameters/controller.rb
+- lib/cancan_strong_parameters/deep_permit.rb
 - lib/cancan_strong_parameters/rails/controller/base.rb
 - lib/cancan_strong_parameters/version.rb
+- test/app/controllers/posts_controller.rb
+- test/app/models/post.rb
+- test/config.ru
+- test/rails_helper.rb
+- test/script/rails
+- test/test_cancan_strong_parameters.rb
 homepage: https://github.com/colinyoung/cancan_strong_parameters
 licenses: []
 post_install_message: 
@@ -83,5 +171,11 @@ rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: make CanCan work with strong_parameters
-test_files: []
+test_files:
+- test/app/controllers/posts_controller.rb
+- test/app/models/post.rb
+- test/config.ru
+- test/rails_helper.rb
+- test/script/rails
+- test/test_cancan_strong_parameters.rb
 has_rdoc: