dynamometer 0.0.8 → 0.0.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 921d2fe3bb72e407fb99012ded3142f80d25ba28
-  data.tar.gz: 7419a085efb613ef2a5f78b22bdd450afb9f97d5
+  metadata.gz: 665f74be9bfc57b0ccf3f9f13fca0c2b86d4125c
+  data.tar.gz: cbbb7cad8c5b392254394074b37a202641b0dc26
 SHA512:
-  metadata.gz: 988d4cef8655ad8c5524eb646fe4f77f9e9b3fea24250bc48d6fb00966364f7114b498b056f0e3be63486ece12a7e3b7edc22e9e8936085c38cb8c924efe42ed
-  data.tar.gz: ea42b47cfb048c87f34aec18ed908045cb5518e3801e8e5960a387cef5a1ddbbd656d3db0e15bea3c0577a0d2c571f8c3581b3da7f1f15d407954d0b49652f3d
+  metadata.gz: 1e5019445cade3d6f922a701c73620e310bd688607b90ba88f7d1888247133bda2bdeceedffd90db03e6d5445acd7238c8c4cbeea11a38627f0cf2bcb8776387
+  data.tar.gz: 837cbb0ae2180d18894e61a2f8afb0477242408aaaa387433f09ab2511199b9b31d8f8a97ef14c469e28e8955e10b3468034345aff0bc2af6a6ae37f3bf32622

data/README.md

@@ -90,6 +90,29 @@ If you want to serialize all of your dynamic attributes using activemodel serial
       attributes :id
     end
 
+## Strong Parameters
+
+To specify that dynamic attributes should be allowed using strong parameters,
+include the `PermitDynamic` concern in your controller and specify the model
+to be checked against.
+
+    class PeopleController < ApplicationController
+      include PermitDynamic
+
+      def create
+        @person = Person.create(person_params)
+        render json: @person
+      end
+
+      private
+
+      def person_params
+        params.require(:person).permit(:name, dynamic_attributes: Person)
+      end
+    end
+
+This will permit any parameters that are NOT valid regular attributes of `Person`.
+
 ## Installation
 
 Add this line to your application's Gemfile:

data/app/controllers/concerns/permit_dynamic.rb

@@ -0,0 +1,19 @@
+require 'dynamometer/parameters'
+
+module PermitDynamic
+  extend ActiveSupport::Concern
+
+  # extend ActionController::Parameters to allow dynamic attributes
+
+  def params
+    @_params ||= Dynamometer::Parameters.new(request.parameters)
+  end
+
+  # Assigns the given +value+ to the +params+ hash. If +value+
+  # is a Hash, this will create an ActionController::Parameters
+  # object that has been instantiated with the given +value+ hash.
+  def params=(value)
+    @_params = value.is_a?(Hash) ? Dynamometer::Parameters.new(value) : value
+  end
+
+end

data/app/models/concerns/dynamic_attributes.rb

@@ -10,6 +10,9 @@ module DynamicAttributes
     end
 
     def dynamic_attributes(*args)
+      @_dynamic_attributes ||= []
+      @_dynamic_attributes |= args.map(&:to_s)
+
       args.each do |attr|
         class_eval <<-ENDOFCODE
           def #{attr}
@@ -22,6 +25,12 @@ module DynamicAttributes
         ENDOFCODE
       end
     end
+
+    def permitted_dynamic_attribute?(attr)
+      # make sure the regular attributes have been defined
+      define_attribute_methods
+      @_dynamic_attributes.include?(attr.to_s) || instance_methods.none? { |m| m.to_s == attr.to_s }
+    end
   end
 
   def [](attr_name)

data/lib/dynamometer/parameters.rb

@@ -0,0 +1,20 @@
+module Dynamometer
+  class Parameters < ActionController::Parameters
+
+    def hash_filter(params, filter)
+      filter = filter.with_indifferent_access
+      # this is tricky - we grab the :dynamic_attributes key from params
+      # and use it to check the rest of our keys
+      #
+      if filter.has_key?('dynamic_attributes')
+        model = filter.delete('dynamic_attributes')
+        self.keys.each do |key|
+          # if the key is already in params it's OK
+          next if params[key] || !model.permitted_dynamic_attribute?(key)
+          permitted_scalar_filter(params, key)
+        end
+      end
+      super(params, filter)
+    end
+  end
+end

data/lib/dynamometer/version.rb

@@ -1,3 +1,3 @@
 module Dynamometer
-  VERSION = "0.0.8"
+  VERSION = "0.0.9"
 end

data/test/dummy/app/controllers/people_controller.rb

@@ -0,0 +1,18 @@
+class PeopleController < ApplicationController
+  include PermitDynamic
+
+  def create
+    @person = Person.create(person_params)
+    render json: @person
+  end
+
+  rescue_from 'ActionController::UnpermittedParameters' do |ex|
+    render json: { error: 'unpermitted_parameters' }, status: :bad_request
+  end
+
+  private
+
+  def person_params
+    params.require(:person).permit(:name, :dynamic_attributes => Person)
+  end
+end

data/test/dummy/config/environments/test.rb

@@ -1,6 +1,8 @@
 Dummy::Application.configure do
   # Settings specified here will take precedence over those in config/application.rb.
 
+  config.action_controller.action_on_unpermitted_parameters = :raise
+
   # The test environment is used exclusively to run your application's
   # test suite. You never need to work with it otherwise. Remember that
   # your test database is "scratch space" for the test suite and is wiped

data/test/dummy/config/routes.rb

@@ -1,56 +1,3 @@
 Dummy::Application.routes.draw do
-  # The priority is based upon order of creation: first created -> highest priority.
-  # See how all your routes lay out with "rake routes".
-
-  # You can have the root of your site routed with "root"
-  # root 'welcome#index'
-
-  # Example of regular route:
-  #   get 'products/:id' => 'catalog#view'
-
-  # Example of named route that can be invoked with purchase_url(id: product.id)
-  #   get 'products/:id/purchase' => 'catalog#purchase', as: :purchase
-
-  # Example resource route (maps HTTP verbs to controller actions automatically):
-  #   resources :products
-
-  # Example resource route with options:
-  #   resources :products do
-  #     member do
-  #       get 'short'
-  #       post 'toggle'
-  #     end
-  #
-  #     collection do
-  #       get 'sold'
-  #     end
-  #   end
-
-  # Example resource route with sub-resources:
-  #   resources :products do
-  #     resources :comments, :sales
-  #     resource :seller
-  #   end
-
-  # Example resource route with more complex sub-resources:
-  #   resources :products do
-  #     resources :comments
-  #     resources :sales do
-  #       get 'recent', on: :collection
-  #     end
-  #   end
-  
-  # Example resource route with concerns:
-  #   concern :toggleable do
-  #     post 'toggle'
-  #   end
-  #   resources :posts, concerns: :toggleable
-  #   resources :photos, concerns: :toggleable
-
-  # Example resource route within a namespace:
-  #   namespace :admin do
-  #     # Directs /admin/products/* to Admin::ProductsController
-  #     # (app/controllers/admin/products_controller.rb)
-  #     resources :products
-  #   end
+  resources :people
 end

data/test/people_controller_test.rb

@@ -0,0 +1,33 @@
+class PeopleControllerTest < ActionController::TestCase
+
+  tests PeopleController
+
+  test "create without dynamic attributes" do
+    post :create, person: { name: "Nobody" }
+
+    assert_response :success
+    assert Person.find_by(name: 'Nobody').present?
+  end
+
+  test "create with declared dynamic attributes" do
+    post :create, person: { name: "Nobody", hometown: "Nowhere" }
+
+    assert_response :success
+    assert Person.find_by(name: 'Nobody').present?
+  end
+
+  test "create with arbitrary dynamic attributes" do
+    post :create, person: { name: "Nobody", magic_level: "over 9000" }
+
+    assert_response :success
+    assert Person.find_by(name: 'Nobody').present?
+  end
+
+  test "create with valid but forbidden attributes fails" do
+    post :create, person: { name: "Nobody", father_id: 17 }
+
+    assert_response :bad_request
+  end
+
+end
+

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dynamometer
 version: !ruby/object:Gem::Version
-  version: 0.0.8
+  version: 0.0.9
 platform: ruby
 authors:
 - John Colvin
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-10-11 00:00:00.000000000 Z
+date: 2013-11-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -64,11 +64,13 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
+- app/controllers/concerns/permit_dynamic.rb
 - app/models/concerns/dynamic_attributes.rb
 - app/serializers/dynamic_attributes_serializer.rb
 - dynamometer.gemspec
 - lib/dynamometer.rb
 - lib/dynamometer/dynamic_attributes_in_where.rb
+- lib/dynamometer/parameters.rb
 - lib/dynamometer/railtie.rb
 - lib/dynamometer/version.rb
 - lib/tasks/dynamometer_tasks.rake
@@ -79,6 +81,7 @@ files:
 - test/dummy/app/assets/stylesheets/application.css
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/concerns/.keep
+- test/dummy/app/controllers/people_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/mailers/.keep
 - test/dummy/app/models/.keep
@@ -117,6 +120,7 @@ files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dynamometer_test.rb
+- test/people_controller_test.rb
 - test/person_test.rb
 - test/serializer_test.rb
 - test/test_helper.rb
@@ -152,6 +156,7 @@ test_files:
 - test/dummy/app/assets/stylesheets/application.css
 - test/dummy/app/controllers/application_controller.rb
 - test/dummy/app/controllers/concerns/.keep
+- test/dummy/app/controllers/people_controller.rb
 - test/dummy/app/helpers/application_helper.rb
 - test/dummy/app/mailers/.keep
 - test/dummy/app/models/.keep
@@ -190,6 +195,7 @@ test_files:
 - test/dummy/public/500.html
 - test/dummy/public/favicon.ico
 - test/dynamometer_test.rb
+- test/people_controller_test.rb
 - test/person_test.rb
 - test/serializer_test.rb
 - test/test_helper.rb