filtered_attributes 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (40) hide show
  1. data/MIT-LICENSE +20 -0
  2. data/README.md +75 -0
  3. data/Rakefile +37 -0
  4. data/lib/filtered_attributes/version.rb +3 -0
  5. data/lib/filtered_attributes.rb +42 -0
  6. data/lib/tasks/filtered_attributes_tasks.rake +4 -0
  7. data/test/dummy/Rakefile +7 -0
  8. data/test/dummy/app/assets/javascripts/application.js +7 -0
  9. data/test/dummy/app/assets/stylesheets/application.css +7 -0
  10. data/test/dummy/app/controllers/advanced_filters_controller.rb +18 -0
  11. data/test/dummy/app/controllers/application_controller.rb +12 -0
  12. data/test/dummy/app/controllers/basic_filters_controller.rb +7 -0
  13. data/test/dummy/app/helpers/application_helper.rb +2 -0
  14. data/test/dummy/app/views/layouts/application.html.erb +14 -0
  15. data/test/dummy/config/application.rb +51 -0
  16. data/test/dummy/config/boot.rb +10 -0
  17. data/test/dummy/config/environment.rb +5 -0
  18. data/test/dummy/config/environments/development.rb +30 -0
  19. data/test/dummy/config/environments/production.rb +60 -0
  20. data/test/dummy/config/environments/test.rb +42 -0
  21. data/test/dummy/config/initializers/backtrace_silencers.rb +7 -0
  22. data/test/dummy/config/initializers/inflections.rb +10 -0
  23. data/test/dummy/config/initializers/mime_types.rb +5 -0
  24. data/test/dummy/config/initializers/secret_token.rb +7 -0
  25. data/test/dummy/config/initializers/session_store.rb +8 -0
  26. data/test/dummy/config/initializers/wrap_parameters.rb +10 -0
  27. data/test/dummy/config/locales/en.yml +5 -0
  28. data/test/dummy/config/routes.rb +8 -0
  29. data/test/dummy/config.ru +4 -0
  30. data/test/dummy/log/test.log +467 -0
  31. data/test/dummy/public/404.html +26 -0
  32. data/test/dummy/public/422.html +26 -0
  33. data/test/dummy/public/500.html +26 -0
  34. data/test/dummy/public/favicon.ico +0 -0
  35. data/test/dummy/script/rails +6 -0
  36. data/test/filtered_attributes_test.rb +7 -0
  37. data/test/functional/advanced_filters_controller_test.rb +25 -0
  38. data/test/functional/basic_filters_controller_test.rb +13 -0
  39. data/test/test_helper.rb +20 -0
  40. metadata +138 -0
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2011 YOURNAME
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,75 @@
1
+ # filtered\_attributes
2
+
3
+ ## Alternative way to filter mass-assignment attributes
4
+
5
+ attr_protected/attr_accessible are great tools, but in practive, rarely
6
+ used properly. I strongly believe that this is because we are trying to
7
+ squeeze too much into model layer, while controllers layer is underused.
8
+ Access control, authentication and authorization should be all done
9
+ inside controllers. At least this is what my intuition says.
10
+
11
+ ## Instalation
12
+
13
+ This gem was tested with Rails 3.1 and Ruby 1.9.3. I see no reason why
14
+ it can't work with earlier versions - <a
15
+ href="mailto:hubert.lepicki@amberbit.com">let me know if it works for
16
+ you</a>. However, this library will not work with Ruby versions prior to
17
+ 1.9.
18
+
19
+ ### Step1: Add the gem to Gemfile:
20
+
21
+ ```ruby
22
+ gem 'filtered_attributes', '~> 0.1.0'
23
+ ```
24
+
25
+ ```bash
26
+ bundle
27
+ ```
28
+
29
+ ### Step2: Amend your ApplicationController (or any other controller you subclass from)
30
+
31
+ ```ruby
32
+ class ApplicationController < ActionController::Base
33
+ include FilteredAttributes::Filters
34
+ ....
35
+ end
36
+ ```
37
+ ### Step3: Restart your application if it was running!
38
+
39
+ # Usage
40
+
41
+ ## Basics
42
+
43
+ ```ruby
44
+ class UsersController < ApplicationController
45
+ filter_attributes_for :user, allow: [:email, :password, :password_confirmation]
46
+ def create
47
+ User.create! user_attributes
48
+ end
49
+ end
50
+ ```
51
+
52
+ ## Advanced
53
+
54
+ filter\_attributes takes parameters:
55
+
56
+ - **resource_name** key in params hash where attributes for resource
57
+ are passed, for example ```:user``` will mean ```params[:user]``` stores
58
+ attributes to be filtered
59
+ - **options** (Hash), with keys
60
+ - **:allow** (Array) list of allowed attributes, defaults to ```[]```
61
+ - **:as** (Symbol) prefix of helper method, defaults to resource_name,
62
+ for example ```filter_attributes_for :user, as: :account```
63
+ will seek for attributes in ```params[:user]```, but create helper method
64
+ account_attributes in your controller
65
+ - **:only** (Array) - list of actions that parameters will be filtered
66
+ for
67
+ - **:except** (Array) - opposite of **only**, can't be used together
68
+ - **:attributes_hash** (Lambda) - pass your procedure if you want to
69
+ find your model attributes somewhere deeper in ```params``` hash. Params
70
+ hash will be passed to this lambda as it's only parameter.
71
+
72
+ # Legal
73
+ Copyright 2011 Hubert Łępicki <hubert.lepicki@amberbit.com>. Released
74
+ under the terms of MIT License (see file MIT-LICENSE in current
75
+ directory).
data/Rakefile ADDED
@@ -0,0 +1,37 @@
1
+ #!/usr/bin/env rake
2
+ begin
3
+ require 'bundler/setup'
4
+ rescue LoadError
5
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
6
+ end
7
+ begin
8
+ require 'rdoc/task'
9
+ rescue LoadError
10
+ require 'rdoc/rdoc'
11
+ require 'rake/rdoctask'
12
+ RDoc::Task = Rake::RDocTask
13
+ end
14
+
15
+ RDoc::Task.new(:rdoc) do |rdoc|
16
+ rdoc.rdoc_dir = 'rdoc'
17
+ rdoc.title = 'FilteredAttributes'
18
+ rdoc.options << '--line-numbers'
19
+ rdoc.rdoc_files.include('README.rdoc')
20
+ rdoc.rdoc_files.include('lib/**/*.rb')
21
+ end
22
+
23
+
24
+
25
+ Bundler::GemHelper.install_tasks
26
+
27
+ require 'rake/testtask'
28
+
29
+ Rake::TestTask.new(:test) do |t|
30
+ t.libs << 'lib'
31
+ t.libs << 'test'
32
+ t.pattern = 'test/**/*_test.rb'
33
+ t.verbose = false
34
+ end
35
+
36
+
37
+ task :default => :test
@@ -0,0 +1,3 @@
1
+ module FilteredAttributes
2
+ VERSION = "0.1.0"
3
+ end
@@ -0,0 +1,42 @@
1
+ module FilteredAttributes
2
+ module Filters
3
+ extend ActiveSupport::Concern
4
+
5
+ module ClassMethods
6
+ def filter_attributes_for(resource_name, options={})
7
+ default_options = {as: resource_name, allow: []}
8
+ options.reverse_merge! default_options
9
+ options[:allow] = options[:allow].map {|k| k.to_s}
10
+
11
+ define_method "#{options[:as]}_attributes" do
12
+ instance_variable_get "@_#{options[:as]}_attributes"
13
+ end
14
+
15
+ self.send :private, "#{options[:as]}_attributes".to_sym
16
+
17
+ filter_params = if options[:only]
18
+ { only: options[:only] }
19
+ elsif options[:except]
20
+ { except: options[:except] }
21
+ else
22
+ {}
23
+ end
24
+
25
+ self.send :before_filter, filter_params do
26
+ params_hash = if options[:attributes_hash].respond_to? :call
27
+ options[:attributes_hash].call params
28
+ else
29
+ params[resource_name]
30
+ end
31
+
32
+ if params_hash
33
+ instance_variable_set "@_#{options[:as]}_attributes", HashWithIndifferentAccess.new(
34
+ params_hash.select {|k,v| options[:allow].include?(k.to_s)}
35
+ )
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end
41
+ end
42
+
@@ -0,0 +1,4 @@
1
+ # desc "Explaining what the task does"
2
+ # task :filtered_attributes do
3
+ # # Task goes here
4
+ # end
@@ -0,0 +1,7 @@
1
+ #!/usr/bin/env rake
2
+ # Add your own tasks in files placed in lib/tasks ending in .rake,
3
+ # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
4
+
5
+ require File.expand_path('../config/application', __FILE__)
6
+
7
+ Dummy::Application.load_tasks
@@ -0,0 +1,7 @@
1
+ // This is a manifest file that'll be compiled into including all the files listed below.
2
+ // Add new JavaScript/Coffee code in separate files in this directory and they'll automatically
3
+ // be included in the compiled file accessible from http://example.com/assets/application.js
4
+ // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
5
+ // the compiled file.
6
+ //
7
+ //= require_tree .
@@ -0,0 +1,7 @@
1
+ /*
2
+ * This is a manifest file that'll automatically include all the stylesheets available in this directory
3
+ * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at
4
+ * the top of the compiled file, but it's generally better to create a new file per style scope.
5
+ *= require_self
6
+ *= require_tree .
7
+ */
@@ -0,0 +1,18 @@
1
+ class AdvancedFiltersController < ApplicationController
2
+ filter_attributes_for :account, allow: [:email], only: [:create]
3
+ filter_attributes_for :account, allow: [:admin], only: [:update]
4
+ filter_attributes_for :account, allow: [:email], except: [:create, :update],
5
+ attributes_hash: ->(params) { params[:foo][:bar][:account] }
6
+
7
+ def create
8
+ pass account_attributes
9
+ end
10
+
11
+ def update
12
+ pass account_attributes
13
+ end
14
+
15
+ def foo
16
+ pass account_attributes
17
+ end
18
+ end
@@ -0,0 +1,12 @@
1
+ class ApplicationController < ActionController::Base
2
+ include FilteredAttributes::Filters
3
+
4
+ protect_from_forgery
5
+
6
+ private
7
+
8
+ def pass(attrs)
9
+ Thread.current[:passed_params] = attrs
10
+ render text: "ok"
11
+ end
12
+ end
@@ -0,0 +1,7 @@
1
+ class BasicFiltersController < ApplicationController
2
+ filter_attributes_for :user, allow: [:email]
3
+
4
+ def create
5
+ pass user_attributes
6
+ end
7
+ end
@@ -0,0 +1,2 @@
1
+ module ApplicationHelper
2
+ end
@@ -0,0 +1,14 @@
1
+ <!DOCTYPE html>
2
+ <html>
3
+ <head>
4
+ <title>Dummy</title>
5
+ <%= stylesheet_link_tag "application" %>
6
+ <%= javascript_include_tag "application" %>
7
+ <%= csrf_meta_tags %>
8
+ </head>
9
+ <body>
10
+
11
+ <%= yield %>
12
+
13
+ </body>
14
+ </html>
@@ -0,0 +1,51 @@
1
+ require File.expand_path('../boot', __FILE__)
2
+
3
+ # Pick the frameworks you want:
4
+ # require "active_record/railtie"
5
+ require "action_controller/railtie"
6
+ require "action_mailer/railtie"
7
+ require "active_resource/railtie"
8
+ # require "sprockets/railtie"
9
+ require "rails/test_unit/railtie"
10
+
11
+ Bundler.require
12
+ require "filtered_attributes"
13
+
14
+ module Dummy
15
+ class Application < Rails::Application
16
+ # Settings in config/environments/* take precedence over those specified here.
17
+ # Application configuration should go into files in config/initializers
18
+ # -- all .rb files in that directory are automatically loaded.
19
+
20
+ # Custom directories with classes and modules you want to be autoloadable.
21
+ # config.autoload_paths += %W(#{config.root}/extras)
22
+
23
+ # Only load the plugins named here, in the order given (default is alphabetical).
24
+ # :all can be used as a placeholder for all plugins not explicitly named.
25
+ # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
26
+
27
+ # Activate observers that should always be running.
28
+ # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
29
+
30
+ # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
31
+ # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
32
+ # config.time_zone = 'Central Time (US & Canada)'
33
+
34
+ # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
35
+ # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
36
+ # config.i18n.default_locale = :de
37
+
38
+ # Configure the default encoding used in templates for Ruby 1.9.
39
+ config.encoding = "utf-8"
40
+
41
+ # Configure sensitive parameters which will be filtered from the log file.
42
+ config.filter_parameters += [:password]
43
+
44
+ # Enable the asset pipeline
45
+ config.assets.enabled = true
46
+
47
+ # Version of your assets, change this if you want to expire all your assets
48
+ config.assets.version = '1.0'
49
+ end
50
+ end
51
+
@@ -0,0 +1,10 @@
1
+ require 'rubygems'
2
+ gemfile = File.expand_path('../../../../Gemfile', __FILE__)
3
+
4
+ if File.exist?(gemfile)
5
+ ENV['BUNDLE_GEMFILE'] = gemfile
6
+ require 'bundler'
7
+ Bundler.setup
8
+ end
9
+
10
+ $:.unshift File.expand_path('../../../../lib', __FILE__)
@@ -0,0 +1,5 @@
1
+ # Load the rails application
2
+ require File.expand_path('../application', __FILE__)
3
+
4
+ # Initialize the rails application
5
+ Dummy::Application.initialize!
@@ -0,0 +1,30 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # In the development environment your application's code is reloaded on
5
+ # every request. This slows down response time but is perfect for development
6
+ # since you don't have to restart the web server when you make code changes.
7
+ config.cache_classes = false
8
+
9
+ # Log error messages when you accidentally call methods on nil.
10
+ config.whiny_nils = true
11
+
12
+ # Show full error reports and disable caching
13
+ config.consider_all_requests_local = true
14
+ config.action_controller.perform_caching = false
15
+
16
+ # Don't care if the mailer can't send
17
+ config.action_mailer.raise_delivery_errors = false
18
+
19
+ # Print deprecation notices to the Rails logger
20
+ config.active_support.deprecation = :log
21
+
22
+ # Only use best-standards-support built into browsers
23
+ config.action_dispatch.best_standards_support = :builtin
24
+
25
+ # Do not compress assets
26
+ config.assets.compress = false
27
+
28
+ # Expands the lines which load the assets
29
+ config.assets.debug = true
30
+ end
@@ -0,0 +1,60 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # Code is not reloaded between requests
5
+ config.cache_classes = true
6
+
7
+ # Full error reports are disabled and caching is turned on
8
+ config.consider_all_requests_local = false
9
+ config.action_controller.perform_caching = true
10
+
11
+ # Disable Rails's static asset server (Apache or nginx will already do this)
12
+ config.serve_static_assets = false
13
+
14
+ # Compress JavaScripts and CSS
15
+ config.assets.compress = true
16
+
17
+ # Don't fallback to assets pipeline if a precompiled asset is missed
18
+ config.assets.compile = false
19
+
20
+ # Generate digests for assets URLs
21
+ config.assets.digest = true
22
+
23
+ # Defaults to Rails.root.join("public/assets")
24
+ # config.assets.manifest = YOUR_PATH
25
+
26
+ # Specifies the header that your server uses for sending files
27
+ # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
28
+ # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
29
+
30
+ # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
31
+ # config.force_ssl = true
32
+
33
+ # See everything in the log (default is :info)
34
+ # config.log_level = :debug
35
+
36
+ # Use a different logger for distributed setups
37
+ # config.logger = SyslogLogger.new
38
+
39
+ # Use a different cache store in production
40
+ # config.cache_store = :mem_cache_store
41
+
42
+ # Enable serving of images, stylesheets, and JavaScripts from an asset server
43
+ # config.action_controller.asset_host = "http://assets.example.com"
44
+
45
+ # Precompile additional assets (application.js, application.css, and all non-JS/CSS are already added)
46
+ # config.assets.precompile += %w( search.js )
47
+
48
+ # Disable delivery errors, bad email addresses will be ignored
49
+ # config.action_mailer.raise_delivery_errors = false
50
+
51
+ # Enable threaded mode
52
+ # config.threadsafe!
53
+
54
+ # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
55
+ # the I18n.default_locale when a translation can not be found)
56
+ config.i18n.fallbacks = true
57
+
58
+ # Send deprecation notices to registered listeners
59
+ config.active_support.deprecation = :notify
60
+ end
@@ -0,0 +1,42 @@
1
+ Dummy::Application.configure do
2
+ # Settings specified here will take precedence over those in config/application.rb
3
+
4
+ # The test environment is used exclusively to run your application's
5
+ # test suite. You never need to work with it otherwise. Remember that
6
+ # your test database is "scratch space" for the test suite and is wiped
7
+ # and recreated between test runs. Don't rely on the data there!
8
+ config.cache_classes = true
9
+
10
+ # Configure static asset server for tests with Cache-Control for performance
11
+ config.serve_static_assets = true
12
+ config.static_cache_control = "public, max-age=3600"
13
+
14
+ # Log error messages when you accidentally call methods on nil
15
+ config.whiny_nils = true
16
+
17
+ # Show full error reports and disable caching
18
+ config.consider_all_requests_local = true
19
+ config.action_controller.perform_caching = false
20
+
21
+ # Raise exceptions instead of rendering exception templates
22
+ config.action_dispatch.show_exceptions = false
23
+
24
+ # Disable request forgery protection in test environment
25
+ config.action_controller.allow_forgery_protection = false
26
+
27
+ # Tell Action Mailer not to deliver emails to the real world.
28
+ # The :test delivery method accumulates sent emails in the
29
+ # ActionMailer::Base.deliveries array.
30
+ config.action_mailer.delivery_method = :test
31
+
32
+ # Use SQL instead of Active Record's schema dumper when creating the test database.
33
+ # This is necessary if your schema can't be completely dumped by the schema dumper,
34
+ # like if you have constraints or database-specific column types
35
+ # config.active_record.schema_format = :sql
36
+
37
+ # Print deprecation notices to the stderr
38
+ config.active_support.deprecation = :stderr
39
+
40
+ # Allow pass debug_assets=true as a query parameter to load pages with unpackaged assets
41
+ config.assets.allow_debugging = true
42
+ end
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
4
+ # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
5
+
6
+ # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
7
+ # Rails.backtrace_cleaner.remove_silencers!
@@ -0,0 +1,10 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Add new inflection rules using the following format
4
+ # (all these examples are active by default):
5
+ # ActiveSupport::Inflector.inflections do |inflect|
6
+ # inflect.plural /^(ox)$/i, '\1en'
7
+ # inflect.singular /^(ox)en/i, '\1'
8
+ # inflect.irregular 'person', 'people'
9
+ # inflect.uncountable %w( fish sheep )
10
+ # end
@@ -0,0 +1,5 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Add new mime types for use in respond_to blocks:
4
+ # Mime::Type.register "text/richtext", :rtf
5
+ # Mime::Type.register_alias "text/html", :iphone
@@ -0,0 +1,7 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ # Your secret key for verifying the integrity of signed cookies.
4
+ # If you change this key, all old signed cookies will become invalid!
5
+ # Make sure the secret is at least 30 characters and all random,
6
+ # no regular words or you'll be exposed to dictionary attacks.
7
+ Dummy::Application.config.secret_token = 'ae7846144bc2271121948ffd11d1c6f8047fc3de0077f71533bec97a33d5d754766f6cdc3c13620d5df2600e06a603da133705dba2aa77bc838b591011d749d1'
@@ -0,0 +1,8 @@
1
+ # Be sure to restart your server when you modify this file.
2
+
3
+ Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'
4
+
5
+ # Use the database for sessions instead of the cookie-based default,
6
+ # which shouldn't be used to store highly confidential information
7
+ # (create the session table with "rails generate session_migration")
8
+ # Dummy::Application.config.session_store :active_record_store
@@ -0,0 +1,10 @@
1
+ # Be sure to restart your server when you modify this file.
2
+ #
3
+ # This file contains settings for ActionController::ParamsWrapper which
4
+ # is enabled by default.
5
+
6
+ # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
7
+ ActiveSupport.on_load(:action_controller) do
8
+ wrap_parameters format: [:json]
9
+ end
10
+
@@ -0,0 +1,5 @@
1
+ # Sample localization file for English. Add more files in this directory for other locales.
2
+ # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points.
3
+
4
+ en:
5
+ hello: "Hello world"
@@ -0,0 +1,8 @@
1
+ Dummy::Application.routes.draw do
2
+ resources :basic_filters
3
+ resources :advanced_filters do
4
+ collection do
5
+ post :foo
6
+ end
7
+ end
8
+ end
@@ -0,0 +1,4 @@
1
+ # This file is used by Rack-based servers to start the application.
2
+
3
+ require ::File.expand_path('../config/environment', __FILE__)
4
+ run Dummy::Application