datagrid 1.5.6 → 1.5.7

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/VERSION +1 -1
  3. data/datagrid.gemspec +2 -2
  4. data/lib/datagrid/core.rb +5 -1
  5. data/lib/datagrid/scaffold.rb +7 -1
  6. data/spec/datagrid/core_spec.rb +35 -0
  7. data/spec/datagrid/scaffold_spec.rb +7 -1
  8. data/templates/base.rb.erb +2 -0
  9. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: de5cf9444ec74f75f3238dcdd239daf3fcf3782e
4
- data.tar.gz: 026fd1c07e87df9f44d30ced49cfffb4e33c0775
3
+ metadata.gz: 2c0b1c209da90c0d4fb5eeac1163e6a7b678c4d3
4
+ data.tar.gz: 04a48e6035196e8a766e4be01df1c703a27ce6af
5
5
  SHA512:
6
- metadata.gz: f5a5ef91ad59f2cb24cde7ef914e2dbc85149f828983746563d27df21f3c5a5b1ee724924d512fa5b1feb8fda26beab0fab54239f12fadc8a106185e7d232234
7
- data.tar.gz: 66b23c02db354d88e6128ac0eaaf8fcdba5d7a45699d024a67606371f13b4a27e052decc582b83c47b933d37ae766a7c0c3340fc4f6201fed7d0a24db7210be9
6
+ metadata.gz: a73fdb1744c107f4a984444d98d983bd29c1708fc7f41f34082d104e28ad9c80f3982c535544ece008960d4bccba8e971300d0317fb7e7a296ae1548ded79ed3
7
+ data.tar.gz: 6311c7a16ea16ed340e5c77b8057c6caceda32f587bf4108dccf759974ba486b6b64999820937e7b1165c97b7c8ae7b9459841d6589ea401a1af09d9abf98004
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.5.6
1
+ 1.5.7
data/datagrid.gemspec CHANGED
@@ -2,11 +2,11 @@
2
2
  # DO NOT EDIT THIS FILE DIRECTLY
3
3
  # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
4
4
  # -*- encoding: utf-8 -*-
5
- # stub: datagrid 1.5.6 ruby lib
5
+ # stub: datagrid 1.5.7 ruby lib
6
6
 
7
7
  Gem::Specification.new do |s|
8
8
  s.name = "datagrid".freeze
9
- s.version = "1.5.6"
9
+ s.version = "1.5.7"
10
10
 
11
11
  s.required_rubygems_version = Gem::Requirement.new(">= 0".freeze) if s.respond_to? :required_rubygems_version=
12
12
  s.require_paths = ["lib".freeze]
data/lib/datagrid/core.rb CHANGED
@@ -13,6 +13,8 @@ module Datagrid
13
13
  self.datagrid_attributes = []
14
14
 
15
15
  class_attribute :dynamic_block, :instance_writer => false
16
+ class_attribute :forbidden_attributes_protection, instance_writer: false
17
+ self.forbidden_attributes_protection = false
16
18
  if defined?(::ActiveModel::AttributeAssignment)
17
19
  include ::ActiveModel::AttributeAssignment
18
20
  end
@@ -148,6 +150,9 @@ module Datagrid
148
150
  # Updates datagrid attributes with a passed hash argument
149
151
  def attributes=(attributes)
150
152
  if respond_to?(:assign_attributes)
153
+ if !forbidden_attributes_protection && attributes.respond_to?(:permit!)
154
+ attributes.permit!
155
+ end
151
156
  assign_attributes(attributes)
152
157
  else
153
158
  attributes.each do |name, value|
@@ -223,7 +228,6 @@ module Datagrid
223
228
  attributes == other.attributes &&
224
229
  scope == other.scope
225
230
  end
226
-
227
231
  end # InstanceMethods
228
232
  end
229
233
  end
data/lib/datagrid/scaffold.rb CHANGED
@@ -84,10 +84,16 @@ class Datagrid::Scaffold < Rails::Generators::NamedBase
84
84
  def index_action
85
85
  indent(<<-RUBY)
86
86
  def index
87
- @grid = #{grid_class_name}.new(params[:#{grid_param_name}]) do |scope|
87
+ @grid = #{grid_class_name}.new(grid_params) do |scope|
88
88
  scope.page(params[:page])
89
89
  end
90
90
  end
91
+
92
+ protected
93
+
94
+ def grid_params
95
+ params.fetch(:#{grid_param_name}, {}).permit!
96
+ end
91
97
  RUBY
92
98
  end
93
99
 
data/spec/datagrid/core_spec.rb CHANGED
@@ -1,4 +1,5 @@
1
1
  require 'spec_helper'
2
+ require "action_controller/metal/strong_parameters"
2
3
 
3
4
  describe Datagrid::Core do
4
5
 
@@ -158,4 +159,38 @@ describe Datagrid::Core do
158
159
  expect(grid.assets.limit_value).to eq(2)
159
160
  end
160
161
  end
162
+
163
+ describe "ActionController::Parameters" do
164
+
165
+ let(:params) do
166
+ ::ActionController::Parameters.new(name: 'one')
167
+ end
168
+
169
+ it "permites all attributes by default" do
170
+ expect {
171
+ test_report(params) do
172
+ scope { Entry }
173
+ filter(:name)
174
+ end
175
+ }.to_not raise_error
176
+ end
177
+ it "doesn't permit attributes when forbidden_attributes_protection is set" do
178
+ expect {
179
+ test_report(params) do
180
+ scope { Entry }
181
+ self.forbidden_attributes_protection = true
182
+ filter(:name)
183
+ end
184
+ }.to raise_error(ActiveModel::ForbiddenAttributesError)
185
+ end
186
+ it "permits attributes when forbidden_attributes_protection is set and attributes are permitted" do
187
+ expect {
188
+ test_report(params.permit!) do
189
+ scope { Entry }
190
+ self.forbidden_attributes_protection = true
191
+ filter(:name)
192
+ end
193
+ }.to_not raise_error
194
+ end
195
+ end
161
196
  end
data/spec/datagrid/scaffold_spec.rb CHANGED
@@ -28,10 +28,16 @@ describe Datagrid::Scaffold do
28
28
  it "works" do
29
29
  expect(subject.index_action).to eq(<<-RUBY)
30
30
  def index
31
- @grid = UsersGrid.new(params[:users_grid]) do |scope|
31
+ @grid = UsersGrid.new(grid_params) do |scope|
32
32
  scope.page(params[:page])
33
33
  end
34
34
  end
35
+
36
+ protected
37
+
38
+ def grid_params
39
+ params.fetch(:users_grid, {}).permit!
40
+ end
35
41
  RUBY
36
42
  end
37
43
 
data/templates/base.rb.erb CHANGED
@@ -8,6 +8,8 @@ class BaseGrid
8
8
  # Uncomment to make all columns HTML by default
9
9
  # html: true,
10
10
  }
11
+ # Enable forbidden attributes protection
12
+ # self.forbidden_attributes_protection = true
11
13
 
12
14
  def self.date_column(name, *args)
13
15
  column(name, *args) do |model|
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: datagrid
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.5.6
4
+ version: 1.5.7
5
5
  platform: ruby
6
6
  authors:
7
7
  - Bogdan Gusiev