ibrain-core 0.4.5 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/controllers/ibrain/base_controller.rb +12 -14
- data/app/controllers/ibrain/core/graphql_controller.rb +79 -83
- data/app/graphql/ibrain/base_schema.rb +50 -52
- data/app/graphql/ibrain/extentions/default_value.rb +7 -11
- data/app/graphql/ibrain/extentions/roles.rb +15 -20
- data/app/graphql/ibrain/extentions/session_required.rb +10 -14
- data/app/graphql/ibrain/lazy/base.rb +2 -6
- data/app/graphql/ibrain/loaders/association_loader.rb +51 -55
- data/app/graphql/ibrain/mutations/base_mutation.rb +52 -56
- data/app/graphql/ibrain/policies/base_policy.rb +43 -47
- data/app/graphql/ibrain/policies/graphql_policy.rb +2 -6
- data/app/graphql/ibrain/resolvers/base_aggregate.rb +6 -10
- data/app/graphql/ibrain/resolvers/base_resolver.rb +8 -12
- data/app/graphql/ibrain/types/aggregate_type.rb +4 -8
- data/app/graphql/ibrain/types/attribute_type.rb +2 -5
- data/app/graphql/ibrain/types/base_api_connection.rb +6 -10
- data/app/graphql/ibrain/types/base_api_edge.rb +4 -8
- data/app/graphql/ibrain/types/base_api_field.rb +7 -11
- data/app/graphql/ibrain/types/base_api_object.rb +6 -10
- data/app/graphql/ibrain/types/base_argument.rb +3 -7
- data/app/graphql/ibrain/types/base_connection.rb +7 -11
- data/app/graphql/ibrain/types/base_edge.rb +3 -7
- data/app/graphql/ibrain/types/base_enum.rb +1 -5
- data/app/graphql/ibrain/types/base_field.rb +6 -10
- data/app/graphql/ibrain/types/base_input_object.rb +6 -10
- data/app/graphql/ibrain/types/base_interface.rb +5 -9
- data/app/graphql/ibrain/types/base_object.rb +12 -16
- data/app/graphql/ibrain/types/base_scalar.rb +1 -5
- data/app/graphql/ibrain/types/base_type.rb +4 -10
- data/app/graphql/ibrain/types/base_union.rb +3 -7
- data/app/graphql/ibrain/types/filter_type.rb +1 -5
- data/app/graphql/ibrain/types/node_type.rb +4 -8
- data/app/graphql/ibrain/util/field_combiner.rb +5 -9
- data/app/graphql/ibrain/util/query_combiner.rb +4 -8
- data/app/models/concerns/ibrain/soft_deletable.rb +6 -8
- data/app/models/concerns/ibrain/user_api_authentication.rb +14 -16
- data/app/models/concerns/ibrain/user_methods.rb +11 -13
- data/app/models/ibrain/ability.rb +31 -32
- data/app/models/ibrain/aggregate.rb +5 -7
- data/app/models/ibrain/application_record.rb +2 -4
- data/app/models/ibrain/legacy_user.rb +7 -13
- data/app/models/ibrain/role.rb +6 -8
- data/app/models/ibrain/role_user.rb +8 -10
- data/app/repositories/ibrain/base_repository.rb +9 -11
- data/lib/generators/ibrain/core/model_generator.rb +17 -21
- data/lib/generators/ibrain/graphql/core.rb +55 -59
- data/lib/generators/ibrain/graphql/mutation_generator.rb +58 -66
- data/lib/generators/ibrain/graphql/object_generator.rb +58 -70
- data/lib/generators/ibrain/graphql/resolver_generator.rb +17 -25
- data/lib/generators/ibrain/graphql/resolvers_generator.rb +59 -67
- data/lib/generators/ibrain/graphql/templates/aggregate.erb +5 -7
- data/lib/generators/ibrain/graphql/templates/input.erb +5 -9
- data/lib/generators/ibrain/graphql/templates/mutation.erb +24 -26
- data/lib/generators/ibrain/graphql/templates/object.erb +6 -10
- data/lib/generators/ibrain/graphql/templates/resolver.erb +9 -11
- data/lib/generators/ibrain/graphql/templates/resolvers.erb +8 -10
- data/lib/generators/ibrain/graphql/type_generator.rb +84 -88
- data/lib/generators/ibrain/install/install_generator.rb +137 -140
- data/lib/generators/ibrain/install/templates/graphql/types/mutation_type.rb.tt +13 -15
- data/lib/generators/ibrain/install/templates/graphql/types/query_type.rb.tt +11 -13
- data/lib/generators/ibrain/install/templates/rubocop.yml.tt +83 -30
- data/lib/ibrain/app_configuration.rb +34 -36
- data/lib/ibrain/core/class_constantizer.rb +30 -33
- data/lib/ibrain/core/controller_helpers/auth.rb +53 -59
- data/lib/ibrain/core/controller_helpers/current_host.rb +5 -11
- data/lib/ibrain/core/controller_helpers/response.rb +43 -49
- data/lib/ibrain/core/controller_helpers/strong_parameters.rb +9 -15
- data/lib/ibrain/core/engine.rb +5 -9
- data/lib/ibrain/core/environment.rb +5 -9
- data/lib/ibrain/core/environment_extension.rb +13 -17
- data/lib/ibrain/core/role_configuration.rb +52 -54
- data/lib/ibrain/core/validators/email.rb +15 -17
- data/lib/ibrain/core/version.rb +2 -2
- data/lib/ibrain/core/versioned_value.rb +61 -65
- data/lib/ibrain/encryptor.rb +18 -20
- data/lib/ibrain/logger.rb +13 -15
- data/lib/ibrain/permission_sets/base.rb +22 -26
- data/lib/ibrain/permission_sets/super_user.rb +3 -7
- data/lib/ibrain/permitted_attributes.rb +18 -20
- data/lib/ibrain/preferences/configuration.rb +135 -137
- data/lib/ibrain/preferences/preferable.rb +158 -162
- data/lib/ibrain/preferences/preferable_class_methods.rb +112 -114
- data/lib/ibrain/user_class_handle.rb +22 -24
- metadata +2 -2
@@ -2,16 +2,12 @@
|
|
2
2
|
|
3
3
|
require 'ibrain/core/environment_extension'
|
4
4
|
|
5
|
-
|
6
|
-
|
7
|
-
class Environment
|
8
|
-
include EnvironmentExtension
|
5
|
+
class Ibrain::Core::Environment
|
6
|
+
include Ibrain::Core::EnvironmentExtension
|
9
7
|
|
10
|
-
|
8
|
+
attr_accessor :preferences
|
11
9
|
|
12
|
-
|
13
|
-
|
14
|
-
end
|
15
|
-
end
|
10
|
+
def initialize(ibrain_config)
|
11
|
+
@preferences = ibrain_config
|
16
12
|
end
|
17
13
|
end
|
@@ -2,25 +2,21 @@
|
|
2
2
|
|
3
3
|
require 'ibrain/core/class_constantizer'
|
4
4
|
|
5
|
-
module Ibrain
|
6
|
-
|
7
|
-
module EnvironmentExtension
|
8
|
-
extend ActiveSupport::Concern
|
5
|
+
module Ibrain::Core::EnvironmentExtension
|
6
|
+
extend ActiveSupport::Concern
|
9
7
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
8
|
+
class_methods do
|
9
|
+
def add_class_set(name)
|
10
|
+
define_method(name) do
|
11
|
+
set = instance_variable_get("@#{name}")
|
12
|
+
set ||= send("#{name}=", [])
|
13
|
+
set
|
14
|
+
end
|
17
15
|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
end
|
23
|
-
end
|
16
|
+
define_method("#{name}=") do |klasses|
|
17
|
+
set = ClassConstantizer::Set.new
|
18
|
+
set.concat(klasses)
|
19
|
+
instance_variable_set("@#{name}", set)
|
24
20
|
end
|
25
21
|
end
|
26
22
|
end
|
@@ -3,70 +3,68 @@
|
|
3
3
|
require 'singleton'
|
4
4
|
require 'ibrain/core/class_constantizer'
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
attr_reader :name, :permission_sets
|
6
|
+
# A class responsible for associating {Ibrain::Role} with a list of permission sets.
|
7
|
+
#
|
8
|
+
# @see Ibrain::PermissionSets
|
9
|
+
#
|
10
|
+
# @example Adding order, data, and user display to customer service users.
|
11
|
+
# Ibrain::RoleConfiguration.configure do |config|
|
12
|
+
# config.assign_permissions :customer_service, [
|
13
|
+
# Ibrain::PermissionSets::UserDisplay,
|
14
|
+
# ]
|
15
|
+
# end
|
16
|
+
class Ibrain::RoleConfiguration
|
17
|
+
# An internal structure for the association between a role and a
|
18
|
+
# set of permissions.
|
19
|
+
class Role
|
20
|
+
attr_reader :name, :permission_sets
|
22
21
|
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
end
|
22
|
+
def initialize(name, permission_sets)
|
23
|
+
@name = name
|
24
|
+
@permission_sets = Ibrain::Core::ClassConstantizer::Set.new
|
25
|
+
@permission_sets.concat permission_sets
|
28
26
|
end
|
27
|
+
end
|
29
28
|
|
30
|
-
|
29
|
+
attr_accessor :roles
|
31
30
|
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
31
|
+
# Given a CanCan::Ability, and a user, determine what permissions sets can
|
32
|
+
# be activated on the ability, then activate them.
|
33
|
+
#
|
34
|
+
# This performs can/cannot declarations on the ability, and can modify its
|
35
|
+
# internal permissions.
|
36
|
+
#
|
37
|
+
# @param ability [CanCan::Ability] the ability to invoke declarations on
|
38
|
+
# @param user [#roles] the user that holds the roles association.
|
39
|
+
def activate_permissions!(ability, user)
|
40
|
+
ibrain_roles = ['default'] | user.roles.map(&:name)
|
41
|
+
applicable_permissions = Set.new
|
43
42
|
|
44
|
-
|
45
|
-
|
46
|
-
|
43
|
+
ibrain_roles.each do |role_name|
|
44
|
+
applicable_permissions |= roles[role_name].permission_sets
|
45
|
+
end
|
47
46
|
|
48
|
-
|
49
|
-
|
50
|
-
end
|
47
|
+
applicable_permissions.each do |permission_set|
|
48
|
+
permission_set.new(ability).activate!
|
51
49
|
end
|
50
|
+
end
|
52
51
|
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
end
|
52
|
+
# Not public due to the fact this class is a Singleton
|
53
|
+
# @!visibility private
|
54
|
+
def initialize
|
55
|
+
@roles = Hash.new do |hash, name|
|
56
|
+
hash[name] = Role.new(name, Set.new)
|
59
57
|
end
|
58
|
+
end
|
60
59
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
60
|
+
# Assign permission sets for a {Ibrain::Role} that has the name of role_name
|
61
|
+
# @param role_name [Symbol, String] The name of the role to associate permissions with
|
62
|
+
# @param permission_sets [Array<Ibrain::PermissionSets::Base>, Set<Ibrain::PermissionSets::Base>]
|
63
|
+
# A list of permission sets to activate if the user has the role indicated by role_name
|
64
|
+
def assign_permissions(role_name, permission_sets)
|
65
|
+
name = role_name.to_s
|
67
66
|
|
68
|
-
|
69
|
-
|
70
|
-
end
|
67
|
+
roles[name].permission_sets.concat permission_sets
|
68
|
+
roles[name]
|
71
69
|
end
|
72
70
|
end
|
@@ -1,23 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
|
3
|
+
# == An ActiveModel Email Validator
|
4
|
+
#
|
5
|
+
# === Usage
|
6
|
+
#
|
7
|
+
# require 'ibrain/core/validators/email'
|
8
|
+
#
|
9
|
+
# class Person < ApplicationRecord
|
10
|
+
# validates :email_address, 'ibrain/email' => true
|
11
|
+
# end
|
12
|
+
#
|
13
|
+
class Ibrain::EmailValidator < ActiveModel::EachValidator
|
14
|
+
EMAIL_REGEXP = URI::MailTo::EMAIL_REGEXP
|
16
15
|
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
end
|
16
|
+
def validate_each(record, attribute, value)
|
17
|
+
unless EMAIL_REGEXP.match? value
|
18
|
+
record.errors.add(attribute, :invalid, **{ value: value }.merge!(options))
|
21
19
|
end
|
22
20
|
end
|
23
21
|
end
|
data/lib/ibrain/core/version.rb
CHANGED
@@ -1,73 +1,69 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
class VersionedValue
|
39
|
-
attr_reader :boundaries
|
3
|
+
# Wrapper for a value that can be different depending on the Ibrain version
|
4
|
+
#
|
5
|
+
# Some configuration defaults can be added or changed when a new Ibrain
|
6
|
+
# version is released. This class encapsulates getting the correct value for a
|
7
|
+
# given Ibrain version.
|
8
|
+
#
|
9
|
+
# The way it works is you provide an initial value in time, plus the version
|
10
|
+
# boundary where it got changed. Then you can fetch the value providing the
|
11
|
+
# desired Ibrain version:
|
12
|
+
#
|
13
|
+
# @example
|
14
|
+
# value = VersionedValue.new(true, "3.0.0" => false)
|
15
|
+
# value.call("2.7.0") # => true
|
16
|
+
# value.call("3.0.0") # => false
|
17
|
+
# value.call("3.1.0") # => false
|
18
|
+
#
|
19
|
+
# Remember that you must provide the exact boundary when a value got changed,
|
20
|
+
# which could easily be during a pre-release:
|
21
|
+
#
|
22
|
+
# @example
|
23
|
+
# value = VersionedValue.new(true, "3.0.0" => false)
|
24
|
+
# value.call("3.0.0.alpha") # => true
|
25
|
+
#
|
26
|
+
# value = VersionedValue.new(true, "3.0.0.alpha" => false)
|
27
|
+
# value.call("3.0.0.alpha") # => false
|
28
|
+
#
|
29
|
+
# Multiple boundaries can also be provided:
|
30
|
+
#
|
31
|
+
# @example
|
32
|
+
# value = VersionedValue.new(0, "2.0.0" => 1, "3.0.0" => 2)
|
33
|
+
# value.call("1.0.0") # => 0
|
34
|
+
# value.call("2.1.0") # => 1
|
35
|
+
# value.call("3.0.0") # => 2
|
36
|
+
class Ibrain::Core::VersionedValue
|
37
|
+
attr_reader :boundaries
|
40
38
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
39
|
+
# @param initial_value [Any]
|
40
|
+
# @param boundary [Hash<String, Any>] Map from version number to new value
|
41
|
+
def initialize(initial_value, boundaries = {})
|
42
|
+
@boundaries = { '0' => initial_value }
|
43
|
+
.merge(boundaries)
|
44
|
+
.transform_keys { |version| to_gem_version(version) }
|
45
|
+
.sort.to_h
|
46
|
+
end
|
49
47
|
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
48
|
+
# @param ibrain_version [String]
|
49
|
+
def call(ibrain_version = Ibrain.ibrain_version)
|
50
|
+
ibrain_version = to_gem_version(ibrain_version)
|
51
|
+
boundaries.fetch(
|
52
|
+
boundaries
|
53
|
+
.keys
|
54
|
+
.reduce do |target, following|
|
55
|
+
if target <= ibrain_version && ibrain_version < following
|
56
|
+
target
|
57
|
+
else
|
58
|
+
following
|
59
|
+
end
|
60
|
+
end
|
61
|
+
)
|
62
|
+
end
|
65
63
|
|
66
|
-
|
64
|
+
private
|
67
65
|
|
68
|
-
|
69
|
-
|
70
|
-
end
|
71
|
-
end
|
66
|
+
def to_gem_version(string)
|
67
|
+
Gem::Version.new(string)
|
72
68
|
end
|
73
69
|
end
|
data/lib/ibrain/encryptor.rb
CHANGED
@@ -1,27 +1,25 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
key = Rails.application.secrets.secret_key_base.byteslice(0..31) if key.blank?
|
3
|
+
# Ibrain::Encryptor is a thin wrapper around ActiveSupport::MessageEncryptor.
|
4
|
+
class Ibrain::Encryptor
|
5
|
+
# @param key [String] the 256 bits signature key
|
6
|
+
def initialize(key = Ibrain::Config.ibrain_encryptor_key)
|
7
|
+
key = Rails.application.secrets.secret_key_base.byteslice(0..31) if key.blank?
|
9
8
|
|
10
|
-
|
11
|
-
|
9
|
+
@crypt = ActiveSupport::MessageEncryptor.new(key)
|
10
|
+
end
|
12
11
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
12
|
+
# Encrypt a value
|
13
|
+
# @param value [String] the value to encrypt
|
14
|
+
# @return [String] the encrypted value
|
15
|
+
def encrypt(value)
|
16
|
+
@crypt.encrypt_and_sign(value)
|
17
|
+
end
|
19
18
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
end
|
19
|
+
# Decrypt an encrypted value
|
20
|
+
# @param encrypted_value [String] the value to decrypt
|
21
|
+
# @return [String] the decrypted value
|
22
|
+
def decrypt(encrypted_value)
|
23
|
+
@crypt.decrypt_and_verify(encrypted_value)
|
26
24
|
end
|
27
25
|
end
|
data/lib/ibrain/logger.rb
CHANGED
@@ -1,23 +1,21 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
class
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
end
|
3
|
+
class Ibrain::Logger
|
4
|
+
class << self
|
5
|
+
def info(message)
|
6
|
+
Rails.logger.info("[Ibrain] #{message}")
|
7
|
+
end
|
9
8
|
|
10
|
-
|
11
|
-
|
12
|
-
|
9
|
+
def warn(message)
|
10
|
+
Rails.logger.warn("[Ibrain] #{message}")
|
11
|
+
end
|
13
12
|
|
14
|
-
|
15
|
-
|
16
|
-
|
13
|
+
def debug(message)
|
14
|
+
Rails.logger.debug { "[Ibrain] #{message}" }
|
15
|
+
end
|
17
16
|
|
18
|
-
|
19
|
-
|
20
|
-
end
|
17
|
+
def error(message)
|
18
|
+
Rails.logger.error("[Ibrain] #{message}")
|
21
19
|
end
|
22
20
|
end
|
23
21
|
end
|
@@ -1,33 +1,29 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
@ability = ability
|
18
|
-
end
|
3
|
+
# This is the base class used for crafting permission sets.
|
4
|
+
#
|
5
|
+
# This is used by {Ibrain::RoleConfiguration} when adding custom behavior to {Ibrain::Ability}.
|
6
|
+
# See one of the subclasses for example structure such as {Ibrain::PermissionSets::UserDisplay}
|
7
|
+
#
|
8
|
+
# @see Ibrain::RoleConfiguration
|
9
|
+
# @see Ibrain::PermissionSets
|
10
|
+
class Ibrain::PermissionSets::Base
|
11
|
+
# @param ability [CanCan::Ability]
|
12
|
+
# The ability that will be extended with the current permission set.
|
13
|
+
# The ability passed in must respond to #user
|
14
|
+
def initialize(ability)
|
15
|
+
@ability = ability
|
16
|
+
end
|
19
17
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
18
|
+
# Activate permissions on the ability. Put your can and cannot statements here.
|
19
|
+
# Must be overriden by subclasses
|
20
|
+
def activate!
|
21
|
+
raise NotImplementedError.new
|
22
|
+
end
|
25
23
|
|
26
|
-
|
24
|
+
private
|
27
25
|
|
28
|
-
|
26
|
+
attr_reader :ability
|
29
27
|
|
30
|
-
|
31
|
-
end
|
32
|
-
end
|
28
|
+
delegate :can, :cannot, :user, to: :ability
|
33
29
|
end
|
@@ -1,11 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
def activate!
|
7
|
-
can :manage, :all
|
8
|
-
end
|
9
|
-
end
|
3
|
+
class Ibrain::PermissionSets::SuperUser < PermissionSets::Base
|
4
|
+
def activate!
|
5
|
+
can :manage, :all
|
10
6
|
end
|
11
7
|
end
|
@@ -1,26 +1,24 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
]
|
3
|
+
# Ibrain::PermittedAttributes contains the attributes permitted through strong
|
4
|
+
# params in various controllers in the frontend. Extensions and stores that
|
5
|
+
# need additional params to be accepted can mutate these arrays to add them.
|
6
|
+
module Ibrain::PermittedAttributes
|
7
|
+
ATTRIBUTES = [
|
8
|
+
:address_attributes,
|
9
|
+
:user_attributes
|
10
|
+
]
|
12
11
|
|
13
|
-
|
12
|
+
mattr_reader(*ATTRIBUTES)
|
14
13
|
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
14
|
+
@@address_attributes = [
|
15
|
+
:id, :name, :address1, :address2, :city, :country_id, :state_id,
|
16
|
+
:zipcode, :phone, :state_name, :province_id, :ward_id, :district_id
|
17
|
+
]
|
19
18
|
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
end
|
19
|
+
# Intentionally leaving off email here to prevent privilege escalation
|
20
|
+
# by changing a user with higher priveleges' email to one a lower-priveleged
|
21
|
+
# admin owns. Creating a user with an email is handled separate at the
|
22
|
+
# controller level.
|
23
|
+
@@user_attributes = [:name, :email, :provider, :uid, :first_name, :last_name, :password, :password_confirmation]
|
26
24
|
end
|