has_messages 0.1.3 → 0.2.0

data/CHANGELOG.rdoc

@@ -1,5 +1,10 @@
 == master
 
+== 0.2.0 / 2008-10-26
+
+* Add mass-assignment protection in the Message/MessageRecipient models
+* Change how the base module is included to prevent namespacing conflicts
+
 == 0.1.3 / 2008-09-07
 
 * Add dependency on state_machine 0.3.0

data/Rakefile

@@ -5,7 +5,7 @@ require 'rake/contrib/sshpublisher'
 
 spec = Gem::Specification.new do |s|
   s.name              = 'has_messages'
-  s.version           = '0.1.3'
+  s.version           = '0.2.0'
   s.platform          = Gem::Platform::RUBY
   s.summary           = 'Demonstrates a reference implementation for sending messages between users.'
   

data/app/models/message.rb

@@ -33,6 +33,10 @@ class Message < ActiveRecord::Base
                         :sender_id,
                         :sender_type
   
+  attr_accessible :subject,
+                  :body,
+                  :to, :cc, :bcc
+  
   after_save :update_recipients
   
   named_scope :visible,

data/app/models/message_recipient.rb

@@ -31,6 +31,10 @@ class MessageRecipient < ActiveRecord::Base
                         :receiver_id,
                         :receiver_type
   
+  attr_protected  :state,
+                  :position,
+                  :hidden_at
+  
   before_create :set_position
   before_destroy :reorder_positions
   

data/lib/has_messages.rb

@@ -3,12 +3,6 @@ require 'state_machine'
 module PluginAWeek #:nodoc:
   # Adds a generic implementation for sending messages between users
   module HasMessages
-    def self.included(base) #:nodoc:
-      base.class_eval do
-        extend PluginAWeek::HasMessages::MacroMethods
-      end
-    end
-    
     module MacroMethods
       # Creates the following message associations:
       # * +messages+ - Messages that were composed and are visible to the owner.  Mesages may have been sent or unsent.
@@ -73,5 +67,5 @@ module PluginAWeek #:nodoc:
 end
 
 ActiveRecord::Base.class_eval do
-  include PluginAWeek::HasMessages
+  extend PluginAWeek::HasMessages::MacroMethods
 end

data/test/factory.rb

@@ -13,12 +13,16 @@ module Factory
   def valid_attributes_for(model, attributes = {})
     name = model.to_s.underscore
     send("#{name}_attributes", attributes)
+    attributes.stringify_keys!
     attributes
   end
   
   # Build an unsaved record
   def new_record(model, *args)
-    model.new(valid_attributes_for(model, *args))
+    attributes = valid_attributes_for(model, *args)
+    record = model.new(attributes)
+    attributes.each {|attr, value| record.send("#{attr}=", value) if model.accessible_attributes && !model.accessible_attributes.include?(attr) || model.protected_attributes && model.protected_attributes.include?(attr)}
+    record
   end
   
   # Build and save/reload a record

data/test/test_helper.rb

@@ -8,6 +8,6 @@ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
 
 # Mixin the factory helper
 require File.expand_path("#{File.dirname(__FILE__)}/factory")
-class Test::Unit::TestCase #:nodoc:
+Test::Unit::TestCase.class_eval do
   include Factory
 end

data/test/unit/message_recipient_test.rb

@@ -75,6 +75,28 @@ class MesageRecipientTest < Test::Unit::TestCase
     recipient = new_message_recipient(:position => nil)
     assert recipient.valid?
   end
+  
+  def test_should_protect_attributes_from_mass_assignment
+    recipient = MessageRecipient.new(
+      :id => 1,
+      :message_id => 1,
+      :receiver_id => 1,
+      :receiver_type => 'User',
+      :kind => 'bcc',
+      :position => 10,
+      :state => 'read',
+      :hidden_at => Time.now
+    )
+    
+    assert_nil recipient.id
+    assert_equal 1, recipient.message_id
+    assert_equal 1, recipient.receiver_id
+    assert_equal 'User', recipient.receiver_type
+    assert_equal 'bcc', recipient.kind
+    assert_nil recipient.position
+    assert_equal 'unread', recipient.state
+    assert_nil recipient.hidden_at
+  end
 end
 
 class MessageRecipientAfterBeingCreatedTest < Test::Unit::TestCase

data/test/unit/message_test.rb

@@ -60,6 +60,32 @@ class MessageTest < Test::Unit::TestCase
     message = new_message(:body => nil)
     assert message.valid?
   end
+  
+  def test_should_protect_attributes_from_mass_assignment
+    message = Message.new(
+      :id => 1,
+      :sender_id => 1,
+      :sender_type => 'User',
+      :subject => 'New features',
+      :body => 'Find out more!',
+      :to => [1, 2],
+      :cc => [3, 4],
+      :bcc => [5, 6],
+      :state => 'sent',
+      :hidden_at => Time.now
+    )
+    
+    assert_nil message.id
+    assert_nil message.sender_id
+    assert message.sender_type.blank?
+    assert_equal 'New features', message.subject
+    assert_equal 'Find out more!', message.body
+    assert_equal [1, 2], message.to
+    assert_equal [3, 4], message.cc
+    assert_equal [5, 6], message.bcc
+    assert_equal 'unsent', message.state
+    assert_nil message.hidden_at
+  end
 end
 
 class MessageBeforeBeingCreatedTest < Test::Unit::TestCase

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: has_messages
 version: !ruby/object:Gem::Version 
-  version: 0.1.3
+  version: 0.2.0
 platform: ruby
 authors: 
 - Aaron Pfeifer
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-09-07 00:00:00 -04:00
+date: 2008-10-26 00:00:00 -04:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency