has_messages 0.1.3 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
data/CHANGELOG.rdoc CHANGED
@@ -1,5 +1,10 @@
1
1
  == master
2
2
 
3
+ == 0.2.0 / 2008-10-26
4
+
5
+ * Add mass-assignment protection in the Message/MessageRecipient models
6
+ * Change how the base module is included to prevent namespacing conflicts
7
+
3
8
  == 0.1.3 / 2008-09-07
4
9
 
5
10
  * Add dependency on state_machine 0.3.0
data/Rakefile CHANGED
@@ -5,7 +5,7 @@ require 'rake/contrib/sshpublisher'
5
5
 
6
6
  spec = Gem::Specification.new do |s|
7
7
  s.name = 'has_messages'
8
- s.version = '0.1.3'
8
+ s.version = '0.2.0'
9
9
  s.platform = Gem::Platform::RUBY
10
10
  s.summary = 'Demonstrates a reference implementation for sending messages between users.'
11
11
 
@@ -33,6 +33,10 @@ class Message < ActiveRecord::Base
33
33
  :sender_id,
34
34
  :sender_type
35
35
 
36
+ attr_accessible :subject,
37
+ :body,
38
+ :to, :cc, :bcc
39
+
36
40
  after_save :update_recipients
37
41
 
38
42
  named_scope :visible,
@@ -31,6 +31,10 @@ class MessageRecipient < ActiveRecord::Base
31
31
  :receiver_id,
32
32
  :receiver_type
33
33
 
34
+ attr_protected :state,
35
+ :position,
36
+ :hidden_at
37
+
34
38
  before_create :set_position
35
39
  before_destroy :reorder_positions
36
40
 
data/lib/has_messages.rb CHANGED
@@ -3,12 +3,6 @@ require 'state_machine'
3
3
  module PluginAWeek #:nodoc:
4
4
  # Adds a generic implementation for sending messages between users
5
5
  module HasMessages
6
- def self.included(base) #:nodoc:
7
- base.class_eval do
8
- extend PluginAWeek::HasMessages::MacroMethods
9
- end
10
- end
11
-
12
6
  module MacroMethods
13
7
  # Creates the following message associations:
14
8
  # * +messages+ - Messages that were composed and are visible to the owner. Mesages may have been sent or unsent.
@@ -73,5 +67,5 @@ module PluginAWeek #:nodoc:
73
67
  end
74
68
 
75
69
  ActiveRecord::Base.class_eval do
76
- include PluginAWeek::HasMessages
70
+ extend PluginAWeek::HasMessages::MacroMethods
77
71
  end
data/test/factory.rb CHANGED
@@ -13,12 +13,16 @@ module Factory
13
13
  def valid_attributes_for(model, attributes = {})
14
14
  name = model.to_s.underscore
15
15
  send("#{name}_attributes", attributes)
16
+ attributes.stringify_keys!
16
17
  attributes
17
18
  end
18
19
 
19
20
  # Build an unsaved record
20
21
  def new_record(model, *args)
21
- model.new(valid_attributes_for(model, *args))
22
+ attributes = valid_attributes_for(model, *args)
23
+ record = model.new(attributes)
24
+ attributes.each {|attr, value| record.send("#{attr}=", value) if model.accessible_attributes && !model.accessible_attributes.include?(attr) || model.protected_attributes && model.protected_attributes.include?(attr)}
25
+ record
22
26
  end
23
27
 
24
28
  # Build and save/reload a record
data/test/test_helper.rb CHANGED
@@ -8,6 +8,6 @@ ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate")
8
8
 
9
9
  # Mixin the factory helper
10
10
  require File.expand_path("#{File.dirname(__FILE__)}/factory")
11
- class Test::Unit::TestCase #:nodoc:
11
+ Test::Unit::TestCase.class_eval do
12
12
  include Factory
13
13
  end
@@ -75,6 +75,28 @@ class MesageRecipientTest < Test::Unit::TestCase
75
75
  recipient = new_message_recipient(:position => nil)
76
76
  assert recipient.valid?
77
77
  end
78
+
79
+ def test_should_protect_attributes_from_mass_assignment
80
+ recipient = MessageRecipient.new(
81
+ :id => 1,
82
+ :message_id => 1,
83
+ :receiver_id => 1,
84
+ :receiver_type => 'User',
85
+ :kind => 'bcc',
86
+ :position => 10,
87
+ :state => 'read',
88
+ :hidden_at => Time.now
89
+ )
90
+
91
+ assert_nil recipient.id
92
+ assert_equal 1, recipient.message_id
93
+ assert_equal 1, recipient.receiver_id
94
+ assert_equal 'User', recipient.receiver_type
95
+ assert_equal 'bcc', recipient.kind
96
+ assert_nil recipient.position
97
+ assert_equal 'unread', recipient.state
98
+ assert_nil recipient.hidden_at
99
+ end
78
100
  end
79
101
 
80
102
  class MessageRecipientAfterBeingCreatedTest < Test::Unit::TestCase
@@ -60,6 +60,32 @@ class MessageTest < Test::Unit::TestCase
60
60
  message = new_message(:body => nil)
61
61
  assert message.valid?
62
62
  end
63
+
64
+ def test_should_protect_attributes_from_mass_assignment
65
+ message = Message.new(
66
+ :id => 1,
67
+ :sender_id => 1,
68
+ :sender_type => 'User',
69
+ :subject => 'New features',
70
+ :body => 'Find out more!',
71
+ :to => [1, 2],
72
+ :cc => [3, 4],
73
+ :bcc => [5, 6],
74
+ :state => 'sent',
75
+ :hidden_at => Time.now
76
+ )
77
+
78
+ assert_nil message.id
79
+ assert_nil message.sender_id
80
+ assert message.sender_type.blank?
81
+ assert_equal 'New features', message.subject
82
+ assert_equal 'Find out more!', message.body
83
+ assert_equal [1, 2], message.to
84
+ assert_equal [3, 4], message.cc
85
+ assert_equal [5, 6], message.bcc
86
+ assert_equal 'unsent', message.state
87
+ assert_nil message.hidden_at
88
+ end
63
89
  end
64
90
 
65
91
  class MessageBeforeBeingCreatedTest < Test::Unit::TestCase
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: has_messages
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.3
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aaron Pfeifer
@@ -9,7 +9,7 @@ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2008-09-07 00:00:00 -04:00
12
+ date: 2008-10-26 00:00:00 -04:00
13
13
  default_executable:
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency