cancan_strong_parameters 0.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +30 -2
- data/Rakefile +4 -0
- data/cancan_strong_parameters.gemspec +7 -1
- data/lib/cancan_strong_parameters/rails/controller/base.rb +0 -2
- data/lib/cancan_strong_parameters/version.rb +1 -1
- data/test/app/controllers/posts_controller.rb +2 -3
- data/test/rails_helper.rb +6 -4
- data/test/test_helper.rb +1 -2
- metadata +82 -18
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
1
|
# CancanStrongParameters
|
2
2
|
|
3
|
-
[
|
3
|
+
[strong_parameters](rails/strong_parameters) and [CanCan](ryanb/cancan) (and others, like ActiveAdmin) are friends now!
|
4
|
+
|
5
|
+
This gem makes it easy to control the authorization of params used by CanCan.
|
4
6
|
|
5
7
|
[![Build Status](https://secure.travis-ci.org/colinyoung/cancan_strong_parameters.png)](http://travis-ci.org/colinyoung/cancan_strong_parameters)
|
6
8
|
|
@@ -22,6 +24,14 @@ Or install it yourself as:
|
|
22
24
|
|
23
25
|
$ gem install cancan_strong_parameters
|
24
26
|
|
27
|
+
## Rails 3
|
28
|
+
|
29
|
+
Rails 3 users must require `strong_parameters` in their Gemfiles manually.
|
30
|
+
|
31
|
+
gem 'strong_parameters', '>= 0.1.6'
|
32
|
+
|
33
|
+
Alternatively, you can use versions of this gem below 0.3.
|
34
|
+
|
25
35
|
## Usage
|
26
36
|
|
27
37
|
1. Add `gem "cancan_strong_parameters"` to your Gemfile
|
@@ -72,6 +82,20 @@ class BlogPost < ActiveModel::Base
|
|
72
82
|
permit_params :title, :content, tag_ids: Array
|
73
83
|
end
|
74
84
|
```
|
85
|
+
|
86
|
+
## Usage with other gems
|
87
|
+
|
88
|
+
It's possible to use `cancan_strong_parameters` with other gems, like Active Admin:
|
89
|
+
|
90
|
+
```ruby
|
91
|
+
ActiveAdmin.register Member do
|
92
|
+
controller do
|
93
|
+
permit_params :project_id, :name, :email
|
94
|
+
end
|
95
|
+
end
|
96
|
+
```
|
97
|
+
|
98
|
+
(Thanks to @joshhepworth!)
|
75
99
|
|
76
100
|
## Testing
|
77
101
|
|
@@ -79,6 +103,10 @@ Run with `bundle exec rake test`.
|
|
79
103
|
|
80
104
|
## Contributing
|
81
105
|
|
106
|
+
First, thank you to @joshhepworth, @sespindola, and @seifsallam for their code and issue contributions.
|
107
|
+
|
108
|
+
To become a contributor:
|
109
|
+
|
82
110
|
1. Fork it
|
83
111
|
2. Create your feature branch (`git checkout -b my-new-feature`)
|
84
112
|
3. Commit your changes (`git commit -am 'Added some feature'`)
|
@@ -93,4 +121,4 @@ Run with `bundle exec rake test`.
|
|
93
121
|
* Added default allows for _destroy.
|
94
122
|
* Tests pass in Travis.
|
95
123
|
* Fixes for irregular parameters posted like {"child_attributes" => {"0" => {}}}.
|
96
|
-
* Fixed a major security problem where I was manually inserting IDs - should be allowed by default, but not manually added
|
124
|
+
* Fixed a major security problem where I was manually inserting IDs - should be allowed by default, but not manually added
|
data/Rakefile
CHANGED
@@ -9,7 +9,6 @@ Gem::Specification.new do |gem|
|
|
9
9
|
gem.homepage = "https://github.com/colinyoung/cancan_strong_parameters"
|
10
10
|
|
11
11
|
gem.add_dependency "cancan"
|
12
|
-
gem.add_dependency "strong_parameters", ">= 0.1.6"
|
13
12
|
gem.add_dependency "activesupport"
|
14
13
|
|
15
14
|
gem.add_development_dependency "require_all"
|
@@ -17,6 +16,13 @@ Gem::Specification.new do |gem|
|
|
17
16
|
gem.add_development_dependency "minitest_tu_shim"
|
18
17
|
gem.add_development_dependency "rails"
|
19
18
|
|
19
|
+
# For testing
|
20
|
+
gem.add_development_dependency "strong_parameters", "0.1.6"
|
21
|
+
gem.add_development_dependency 'actionpack', '~> 3.0'
|
22
|
+
gem.add_development_dependency 'activesupport', '~> 3.0'
|
23
|
+
gem.add_development_dependency 'activemodel', '~> 3.0'
|
24
|
+
gem.add_development_dependency 'railties', '~> 3.0'
|
25
|
+
|
20
26
|
gem.files = `git ls-files`.split($\)
|
21
27
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
22
28
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
@@ -1,12 +1,11 @@
|
|
1
1
|
class PostsController < ActionController::Base
|
2
2
|
include CancanStrongParameters::Controller
|
3
3
|
|
4
|
-
permit_params :title, :content,
|
4
|
+
permit_params :title, :content, :label_ids,
|
5
5
|
:comments => [
|
6
6
|
:body,
|
7
7
|
{ :tags => [ :name ] } # This is fugly, use 1.9!
|
8
|
-
]
|
9
|
-
:label_ids => Array
|
8
|
+
]
|
10
9
|
|
11
10
|
def create
|
12
11
|
@post = Post.new(params[:post])
|
data/test/rails_helper.rb
CHANGED
@@ -5,10 +5,10 @@ ENV["RAILS_ENV"] ||= 'test'
|
|
5
5
|
|
6
6
|
require 'rubygems'
|
7
7
|
|
8
|
-
gem 'actionpack',
|
9
|
-
gem '
|
10
|
-
gem '
|
11
|
-
gem '
|
8
|
+
gem 'actionpack', '~> 3.0'
|
9
|
+
gem 'activemodel', '~> 3.0'
|
10
|
+
gem 'railties', '~> 3.0'
|
11
|
+
gem 'strong_parameters', '0.1.6'
|
12
12
|
|
13
13
|
# Only the parts of rails we want to use
|
14
14
|
# if you want everything, use "rails/all"
|
@@ -17,6 +17,8 @@ require "active_model/railtie"
|
|
17
17
|
require "rails/test_unit/railtie"
|
18
18
|
require "rack/test"
|
19
19
|
|
20
|
+
require 'strong_parameters' # when using an ordinary bundle, this wouldn't be required
|
21
|
+
|
20
22
|
root = File.expand_path(File.dirname(__FILE__))
|
21
23
|
|
22
24
|
# Define the application and configuration
|
data/test/test_helper.rb
CHANGED
@@ -2,7 +2,6 @@ require 'require_all'
|
|
2
2
|
|
3
3
|
require 'minitest/autorun'
|
4
4
|
|
5
|
-
require 'strong_parameters'
|
6
5
|
require 'cancan_strong_parameters'
|
7
6
|
|
8
7
|
## Boot up an instance of rails
|
@@ -15,4 +14,4 @@ require 'assertions/assert_same_content'
|
|
15
14
|
module MiniTest::Expectations
|
16
15
|
infect_an_assertion :assert_same_content, :must_have_same_content_as
|
17
16
|
infect_an_assertion :refute_same_content, :wont_have_same_content_as
|
18
|
-
end
|
17
|
+
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cancan_strong_parameters
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '0.
|
4
|
+
version: '0.4'
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2013-
|
12
|
+
date: 2013-10-30 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: cancan
|
@@ -27,22 +27,6 @@ dependencies:
|
|
27
27
|
- - ! '>='
|
28
28
|
- !ruby/object:Gem::Version
|
29
29
|
version: '0'
|
30
|
-
- !ruby/object:Gem::Dependency
|
31
|
-
name: strong_parameters
|
32
|
-
requirement: !ruby/object:Gem::Requirement
|
33
|
-
none: false
|
34
|
-
requirements:
|
35
|
-
- - ! '>='
|
36
|
-
- !ruby/object:Gem::Version
|
37
|
-
version: 0.1.6
|
38
|
-
type: :runtime
|
39
|
-
prerelease: false
|
40
|
-
version_requirements: !ruby/object:Gem::Requirement
|
41
|
-
none: false
|
42
|
-
requirements:
|
43
|
-
- - ! '>='
|
44
|
-
- !ruby/object:Gem::Version
|
45
|
-
version: 0.1.6
|
46
30
|
- !ruby/object:Gem::Dependency
|
47
31
|
name: activesupport
|
48
32
|
requirement: !ruby/object:Gem::Requirement
|
@@ -123,6 +107,86 @@ dependencies:
|
|
123
107
|
- - ! '>='
|
124
108
|
- !ruby/object:Gem::Version
|
125
109
|
version: '0'
|
110
|
+
- !ruby/object:Gem::Dependency
|
111
|
+
name: strong_parameters
|
112
|
+
requirement: !ruby/object:Gem::Requirement
|
113
|
+
none: false
|
114
|
+
requirements:
|
115
|
+
- - '='
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: 0.1.6
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
none: false
|
122
|
+
requirements:
|
123
|
+
- - '='
|
124
|
+
- !ruby/object:Gem::Version
|
125
|
+
version: 0.1.6
|
126
|
+
- !ruby/object:Gem::Dependency
|
127
|
+
name: actionpack
|
128
|
+
requirement: !ruby/object:Gem::Requirement
|
129
|
+
none: false
|
130
|
+
requirements:
|
131
|
+
- - ~>
|
132
|
+
- !ruby/object:Gem::Version
|
133
|
+
version: '3.0'
|
134
|
+
type: :development
|
135
|
+
prerelease: false
|
136
|
+
version_requirements: !ruby/object:Gem::Requirement
|
137
|
+
none: false
|
138
|
+
requirements:
|
139
|
+
- - ~>
|
140
|
+
- !ruby/object:Gem::Version
|
141
|
+
version: '3.0'
|
142
|
+
- !ruby/object:Gem::Dependency
|
143
|
+
name: activesupport
|
144
|
+
requirement: !ruby/object:Gem::Requirement
|
145
|
+
none: false
|
146
|
+
requirements:
|
147
|
+
- - ~>
|
148
|
+
- !ruby/object:Gem::Version
|
149
|
+
version: '3.0'
|
150
|
+
type: :development
|
151
|
+
prerelease: false
|
152
|
+
version_requirements: !ruby/object:Gem::Requirement
|
153
|
+
none: false
|
154
|
+
requirements:
|
155
|
+
- - ~>
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
version: '3.0'
|
158
|
+
- !ruby/object:Gem::Dependency
|
159
|
+
name: activemodel
|
160
|
+
requirement: !ruby/object:Gem::Requirement
|
161
|
+
none: false
|
162
|
+
requirements:
|
163
|
+
- - ~>
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '3.0'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
none: false
|
170
|
+
requirements:
|
171
|
+
- - ~>
|
172
|
+
- !ruby/object:Gem::Version
|
173
|
+
version: '3.0'
|
174
|
+
- !ruby/object:Gem::Dependency
|
175
|
+
name: railties
|
176
|
+
requirement: !ruby/object:Gem::Requirement
|
177
|
+
none: false
|
178
|
+
requirements:
|
179
|
+
- - ~>
|
180
|
+
- !ruby/object:Gem::Version
|
181
|
+
version: '3.0'
|
182
|
+
type: :development
|
183
|
+
prerelease: false
|
184
|
+
version_requirements: !ruby/object:Gem::Requirement
|
185
|
+
none: false
|
186
|
+
requirements:
|
187
|
+
- - ~>
|
188
|
+
- !ruby/object:Gem::Version
|
189
|
+
version: '3.0'
|
126
190
|
description: make CanCan work with strong_parameters
|
127
191
|
email:
|
128
192
|
- me@colinyoung.com
|