RubyGems - datagrid - Versions diffs - 1.5.6 → 1.5.7 - Mend

datagrid 1.5.6 → 1.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/VERSION +1 -1
data/datagrid.gemspec +2 -2
data/lib/datagrid/core.rb +5 -1
data/lib/datagrid/scaffold.rb +7 -1
data/spec/datagrid/core_spec.rb +35 -0
data/spec/datagrid/scaffold_spec.rb +7 -1
data/templates/base.rb.erb +2 -0
metadata +1 -1

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: de5cf9444ec74f75f3238dcdd239daf3fcf3782e
-  data.tar.gz: 026fd1c07e87df9f44d30ced49cfffb4e33c0775
+  metadata.gz: 2c0b1c209da90c0d4fb5eeac1163e6a7b678c4d3
+  data.tar.gz: 04a48e6035196e8a766e4be01df1c703a27ce6af
 SHA512:
-  metadata.gz: f5a5ef91ad59f2cb24cde7ef914e2dbc85149f828983746563d27df21f3c5a5b1ee724924d512fa5b1feb8fda26beab0fab54239f12fadc8a106185e7d232234
-  data.tar.gz: 66b23c02db354d88e6128ac0eaaf8fcdba5d7a45699d024a67606371f13b4a27e052decc582b83c47b933d37ae766a7c0c3340fc4f6201fed7d0a24db7210be9
+  metadata.gz: a73fdb1744c107f4a984444d98d983bd29c1708fc7f41f34082d104e28ad9c80f3982c535544ece008960d4bccba8e971300d0317fb7e7a296ae1548ded79ed3
+  data.tar.gz: 6311c7a16ea16ed340e5c77b8057c6caceda32f587bf4108dccf759974ba486b6b64999820937e7b1165c97b7c8ae7b9459841d6589ea401a1af09d9abf98004

data/VERSION CHANGED

	@@ -1 +1 @@
1	- 1.5.6
1	+ 1.5.7

data/datagrid.gemspec CHANGED

@@ -2,11 +2,11 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: datagrid 1.5.6 ruby lib
+# stub: datagrid 1.5.7 ruby lib
 Gem::Specification.new do |s|
   s.name = "datagrid".freeze
-  s.version = "1.5.6"
+  s.version = "1.5.7"
   s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib".freeze]

data/lib/datagrid/core.rb CHANGED

@@ -13,6 +13,8 @@ module Datagrid
         self.datagrid_attributes = []
         class_attribute :dynamic_block, :instance_writer => false
+        class_attribute :forbidden_attributes_protection, instance_writer: false
+        self.forbidden_attributes_protection = false
         if defined?(::ActiveModel::AttributeAssignment)
           include ::ActiveModel::AttributeAssignment
         end
@@ -148,6 +150,9 @@ module Datagrid
       # Updates datagrid attributes with a passed hash argument
       def attributes=(attributes)
         if respond_to?(:assign_attributes)
+          if !forbidden_attributes_protection && attributes.respond_to?(:permit!)
+            attributes.permit!
+          end
           assign_attributes(attributes)
         else
           attributes.each do |name, value|
@@ -223,7 +228,6 @@ module Datagrid
           attributes == other.attributes &&
           scope == other.scope
       end
     end # InstanceMethods
   end
 end

data/lib/datagrid/scaffold.rb CHANGED

@@ -84,10 +84,16 @@ class Datagrid::Scaffold < Rails::Generators::NamedBase
   def index_action
     indent(<<-RUBY)
 def index
-  @grid = #{grid_class_name}.new(params[:#{grid_param_name}]) do |scope|
+  @grid = #{grid_class_name}.new(grid_params) do |scope|
     scope.page(params[:page])
   end
 end
+protected
+def grid_params
+  params.fetch(:#{grid_param_name}, {}).permit!
+end
 RUBY
   end

data/spec/datagrid/core_spec.rb CHANGED

@@ -1,4 +1,5 @@
 require 'spec_helper'
+require "action_controller/metal/strong_parameters"
 describe Datagrid::Core do
@@ -158,4 +159,38 @@ describe Datagrid::Core do
       expect(grid.assets.limit_value).to eq(2)
     end
   end
+  describe "ActionController::Parameters" do
+    let(:params) do
+      ::ActionController::Parameters.new(name: 'one')
+    end
+    it "permites all attributes by default" do
+      expect {
+        test_report(params) do
+          scope { Entry }
+          filter(:name)
+        end
+      }.to_not raise_error
+    end
+    it "doesn't permit attributes when forbidden_attributes_protection is set" do
+      expect {
+        test_report(params) do
+          scope { Entry }
+          self.forbidden_attributes_protection = true
+          filter(:name)
+        end
+      }.to raise_error(ActiveModel::ForbiddenAttributesError)
+    end
+    it "permits attributes when forbidden_attributes_protection is set and attributes are permitted" do
+      expect {
+        test_report(params.permit!) do
+          scope { Entry }
+          self.forbidden_attributes_protection = true
+          filter(:name)
+        end
+      }.to_not raise_error
+    end
+  end
 end

data/spec/datagrid/scaffold_spec.rb CHANGED

@@ -28,10 +28,16 @@ describe Datagrid::Scaffold do
     it "works" do
       expect(subject.index_action).to eq(<<-RUBY)
   def index
-    @grid = UsersGrid.new(params[:users_grid]) do |scope|
+    @grid = UsersGrid.new(grid_params) do |scope|
       scope.page(params[:page])
     end
   end
+  protected
+  def grid_params
+    params.fetch(:users_grid, {}).permit!
+  end
 RUBY
     end

data/templates/base.rb.erb CHANGED

@@ -8,6 +8,8 @@ class BaseGrid
     # Uncomment to make all columns HTML by default
     # html: true,
   }
+  # Enable forbidden attributes protection
+  # self.forbidden_attributes_protection = true
   def self.date_column(name, *args)
     column(name, *args) do |model|

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: datagrid
 version: !ruby/object:Gem::Version
-  version: 1.5.6
+  version: 1.5.7
 platform: ruby
 authors:
 - Bogdan Gusiev