mass_assignment_with_multiple_roles 0.0.1

data/.gitignore

@@ -0,0 +1,19 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+bin/
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tags
+tmp

data/.rvmrc

@@ -0,0 +1,2 @@
+# setup gemset
+rvm use ruby-1.9.3@mass_assignment_with_multiple_roles

data/.travis.yml

@@ -0,0 +1,7 @@
+language: ruby
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - jruby-19mode # JRuby in 1.9 mode
+  - rbx-19mode
+script: bundle exec rake test

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in mass_assignment_with_multiple_roles.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,22 @@
+Copyright (c) 2012 saksmlz
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,82 @@
+# MassAssignmentWithMultipleRoles [![Build Status](https://secure.travis-ci.org/saks/mass_assignment_with_multiple_roles.png)](http://travis-ci.org/#!/saks/mass_assignment_with_multiple_roles)
+
+Quite often your user can have multiple roles at the same time. `ActiveModel` does not provide the ability to sanitize attributes using intersection of `attr_accessible` for several role names at the same time.
+
+This gem is all about to solve this problem.
+
+## Example of usage
+
+Consider we have the following model code:
+
+```ruby
+class Student < ActiveRecord::Base
+
+  attr_accessible :phone_number
+  attr_accessible :name, as: :admin
+  attr_accessible :email, as: :user
+end
+```
+
+
+Now, while updating in controller we can write:
+
+```ruby
+student = Student.find(params[:id])
+if student.update_attributes(params[:student], :as => [:admin, :teacher])
+```
+
+Role names can be passed in `ActiveModel` style:
+```ruby
+student.update_attributes(params[:student], :as => :admin)
+```
+
+all it's functionality is fully supported.
+
+Several roles can be passed as an array symbols:
+```ruby
+student.update_attributes(params[:student], :as => [:admin, :teacher])
+```
+
+But in most cases, role names can be obtained from user model. If your user
+model provides method called `role_names`, which returns as array of role
+names, you can write code which is quite easy to understand.
+
+In model:
+```ruby
+class User < ActiveRecord::Base
+  has_many :roles
+
+  def role_names
+    roles.map &:name
+  end
+
+end
+```
+
+In controller:
+```ruby
+student.update_attributes(params[:student], :as => current_user)
+```
+
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'mass_assignment_with_multiple_roles'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install mass_assignment_with_multiple_roles
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,23 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+dir = File.dirname(__FILE__)
+
+require 'rake/testtask'
+
+task :default => :test
+
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = Dir.glob("#{dir}/test/cases/**/*_test.rb").sort
+  t.warning = true
+end
+
+namespace :test do
+  task :isolated do
+    ruby = File.join(*RbConfig::CONFIG.values_at('bindir', 'RUBY_INSTALL_NAME'))
+    Dir.glob("#{dir}/test/**/*_test.rb").all? do |file|
+      sh(ruby, '-w', "-I#{dir}/lib", "-I#{dir}/test", file)
+    end or raise "Failures"
+  end
+end

data/lib/mass_assignment_with_multiple_roles.rb

@@ -0,0 +1,65 @@
+require 'active_model'
+require 'mass_assignment_with_multiple_roles/version'
+
+module MassAssignmentWithMultipleRoles
+  ROLE_NAMES_METHOD = :role_names
+
+  def compile_role_name(roles, active_authorizer)
+    roles_array = if roles.is_a? Array
+      roles
+    elsif roles.respond_to? ROLE_NAMES_METHOD
+      [roles.send(ROLE_NAMES_METHOD)].flatten
+    else
+      [roles]
+    end
+
+    roles_array = roles_array.find_all { |role| active_authorizer.has_key? role }
+
+    if roles_array.any?
+      [ roles_array.map(&:to_s).join('_').to_sym, roles_array ]
+    else
+      [ nil, roles_array ]
+    end
+  end
+
+  def build_new_attrs_config(roles_array, new_role_name, klass)
+    fields = roles_array.inject([]) do |result, role_name|
+      result += klass.active_authorizer[role_name].to_a
+    end
+
+    method_name = if klass.active_authorizer[ roles_array[0] ].is_a? ActiveModel::MassAssignmentSecurity::WhiteList
+      :attr_accessible
+    else
+      :attr_protected
+    end
+
+    klass.send method_name, *fields, :as => new_role_name
+  end
+
+  extend self
+end
+
+module ActiveModel
+  module MassAssignmentSecurity
+
+    protected
+
+    def mass_assignment_authorizer(roles)
+      active_authorizer = self.class.active_authorizer
+
+      composite_role_name, roles_array = MassAssignmentWithMultipleRoles::compile_role_name roles, active_authorizer
+
+      if !composite_role_name
+        active_authorizer[:default]
+
+      elsif active_authorizer.has_key? composite_role_name
+        active_authorizer[composite_role_name]
+
+      else
+        MassAssignmentWithMultipleRoles::build_new_attrs_config roles_array, composite_role_name, self.class
+        self.class.active_authorizer[composite_role_name]
+      end
+    end
+
+  end
+end

data/lib/mass_assignment_with_multiple_roles/mass_assignment_security.rb

@@ -0,0 +1,57 @@
+module ActiveModel
+  module MassAssignmentSecurity
+
+    protected
+
+    def mass_assignment_authorizer(roles)
+      active_authorizer = self.class.active_authorizer
+
+      composite_role_name, roles_array = compile_role_name roles, active_authorizer
+
+      if !composite_role_name
+        active_authorizer[:default]
+
+      elsif active_authorizer.has_key? composite_role_name
+        active_authorizer[composite_role_name]
+
+      else
+        build_new_attrs_config roles_array, composite_role_name
+        self.class.active_authorizer[composite_role_name]
+      end
+    end
+
+    private
+
+    def compile_role_name(roles, active_authorizer)
+      roles_array = if roles.is_a? Array
+        roles
+      elsif roles.respond_to? :roles
+        [roles.send(:roles)].flatten
+      else
+        [roles]
+      end
+
+      roles_array = roles_array.find_all { |role| active_authorizer.has_key? role }
+
+      if roles_array.any?
+        [ roles_array.map(&:to_s).join('_').to_sym, roles_array ]
+      else
+        [ nil, roles_array ]
+      end
+    end
+
+    def build_new_attrs_config(roles_array, new_role_name)
+      fields = roles_array.inject([]) do |result, role_name|
+        result += self.class.active_authorizer[role_name].to_a
+      end
+
+      method_name = if self.class.active_authorizer[ roles_array[0] ].is_a? ActiveModel::MassAssignmentSecurity::WhiteList
+        :attr_accessible
+      else
+        :attr_protected
+      end
+
+      self.class.send method_name, *fields, :as => new_role_name
+    end
+  end
+end

data/lib/mass_assignment_with_multiple_roles/version.rb

@@ -0,0 +1,3 @@
+module MassAssignmentWithMultipleRoles
+  VERSION = "0.0.1"
+end

data/mass_assignment_with_multiple_roles.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/mass_assignment_with_multiple_roles/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["saksmlz"]
+  gem.email         = ["saksmlz@gmail.com"]
+  gem.description   = %q{This gem allows you to pass multiple roles into methods like save and update_attributes}
+  gem.summary       = %q{Allows to use intersection of attr_accessible if passing multiple role names on save}
+  gem.homepage      = "http://github.com/saks/mass_assignment_with_multiple_roles"
+
+  gem.files         = `git ls-files`.split($\)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.name          = "mass_assignment_with_multiple_roles"
+  gem.require_paths = ["lib"]
+  gem.version       = MassAssignmentWithMultipleRoles::VERSION
+
+  gem.add_development_dependency 'activesupport', '~> 3.2.3'
+  gem.add_development_dependency 'mocha', '> 0'
+  gem.add_development_dependency 'rake', '> 0'
+  gem.add_dependency 'activemodel', '~> 3.2.3'
+end

data/test/cases/helper.rb

@@ -0,0 +1,16 @@
+# require File.expand_path('../../../../load_paths', __FILE__)
+
+lib = File.expand_path("#{File.dirname(__FILE__)}/../../lib")
+$:.unshift(lib) unless $:.include?('lib') || $:.include?(lib)
+
+require 'config'
+require 'active_model'
+require 'active_support/core_ext/string/access'
+require 'mass_assignment_with_multiple_roles'
+require 'active_model/mass_assignment_security/permission_set'
+require 'active_model/mass_assignment_security/sanitizer'
+
+# Show backtraces for deprecated behavior for quicker cleanup.
+ActiveSupport::Deprecation.debug = true
+
+require 'test/unit'

data/test/cases/mass_assignment_security_test.rb

@@ -0,0 +1,120 @@
+require "cases/helper"
+require 'models/mass_assignment_specific'
+
+
+class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
+
+  def process_removed_attributes(attrs)
+    raise StandardError
+  end
+
+end
+
+class MassAssignmentSecurityTest < ActiveModel::TestCase
+
+  def test_attribute_protection
+    user = User.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
+    assert_equal expected, sanitized
+  end
+
+  def test_attribute_protection_when_role_is_nil
+    user = User.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), nil)
+    assert_equal expected, sanitized
+  end
+
+  def test_only_moderator_role_attribute_accessible
+    user = SpecialUser.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), :moderator)
+    assert_equal expected, sanitized
+
+    sanitized = user.sanitize_for_mass_assignment({ "name" => "John Smith", "email" => "john@smith.com", "admin" => true })
+    assert_equal({}, sanitized)
+  end
+
+  def test_attributes_accessible
+    user = Person.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
+    assert_equal expected, sanitized
+  end
+
+  def test_attributes_accessible_with_admin_role
+    user = Person.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
+    assert_equal expected, sanitized
+  end
+
+  def test_attributes_accessible_with_roles_given_as_array
+    user = Account.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com" }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true))
+    assert_equal expected, sanitized
+  end
+
+  def test_attributes_accessible_with_admin_role_when_roles_given_as_array
+    user = Account.new
+    expected = { "name" => "John Smith", "email" => "john@smith.com", "admin" => true }
+    sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true), :admin)
+    assert_equal expected, sanitized
+  end
+
+  def test_attributes_protected_by_default
+    firm = Firm.new
+    expected = { }
+    sanitized = firm.sanitize_for_mass_assignment({ "type" => "Client" })
+    assert_equal expected, sanitized
+  end
+
+  def test_mass_assignment_protection_inheritance
+    assert_blank LoosePerson.accessible_attributes
+    assert_equal Set.new(['credit_rating', 'administrator']), LoosePerson.protected_attributes
+
+    assert_blank LoosePerson.accessible_attributes
+    assert_equal Set.new(['credit_rating']), LoosePerson.protected_attributes(:admin)
+
+    assert_blank LooseDescendant.accessible_attributes
+    assert_equal Set.new(['credit_rating', 'administrator', 'phone_number']), LooseDescendant.protected_attributes
+
+    assert_blank LooseDescendantSecond.accessible_attributes
+    assert_equal Set.new(['credit_rating', 'administrator', 'phone_number', 'name']), LooseDescendantSecond.protected_attributes,
+      'Running attr_protected twice in one class should merge the protections'
+
+    assert_blank TightPerson.protected_attributes - TightPerson.attributes_protected_by_default
+    assert_equal Set.new(['name', 'address']), TightPerson.accessible_attributes
+
+    assert_blank TightPerson.protected_attributes(:admin) - TightPerson.attributes_protected_by_default
+    assert_equal Set.new(['name', 'address', 'admin']), TightPerson.accessible_attributes(:admin)
+
+    assert_blank TightDescendant.protected_attributes - TightDescendant.attributes_protected_by_default
+    assert_equal Set.new(['name', 'address', 'phone_number']), TightDescendant.accessible_attributes
+
+    assert_blank TightDescendant.protected_attributes(:admin) - TightDescendant.attributes_protected_by_default
+    assert_equal Set.new(['name', 'address', 'admin', 'super_powers']), TightDescendant.accessible_attributes(:admin)
+
+  end
+
+  def test_mass_assignment_multiparameter_protector
+    task = Task.new
+    attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" }
+    sanitized = task.sanitize_for_mass_assignment(attributes)
+    assert_equal sanitized, { }
+  end
+
+  def test_custom_sanitizer
+    user = User.new
+    User.mass_assignment_sanitizer = CustomSanitizer.new
+    assert_raise StandardError do
+      user.sanitize_for_mass_assignment("admin" => true)
+    end
+  ensure
+    User.mass_assignment_sanitizer = nil
+
+  end
+
+end

data/test/cases/mass_assignment_security_with_multiple_roles_test.rb

@@ -0,0 +1,99 @@
+require "cases/helper"
+require 'models/mass_assignment_specific'
+require 'ostruct'
+require 'mocha'
+
+class MassAssignmentSecurityWithMultipleRolesTest < ActiveModel::TestCase
+  def setup
+    Student.active_authorizer.delete :admin_user
+  end
+
+  def test_attribute_protection_when_role_is_nil
+    student = Student.new
+    expected = { 'name' => 'buz' }
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'), [nil, :admin])
+    assert_equal expected, sanitized
+  end
+
+  def test_it_falls_to_default_if_no_valid_role_was_passed
+    student = Student.new
+    expected = { 'phone_number' => 'buz' }
+
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'), [])
+    assert_equal expected, sanitized
+
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'), nil)
+    assert_equal expected, sanitized
+
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'))
+    assert_equal expected, sanitized
+
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'), [Object.new])
+    assert_equal expected, sanitized
+  end
+
+  def test_with_an_array_of_roles_for_attr_accesible
+    student = Student.new
+    expected = { 'name' => 'buz', 'email' => 'foo' }
+    sanitized = student.sanitize_for_mass_assignment(expected, [:user, :admin])
+    assert_equal expected, sanitized
+  end
+
+  def test_with_an_array_of_roles_for_attr_protected
+    student = Teacher.new
+    expected = { 'phone_number' => 'bar' }
+
+    sanitized = student.sanitize_for_mass_assignment(
+      expected.merge('name' => 'buz', 'email' => 'foo'),
+      [:user, :admin]
+    )
+
+    assert_equal expected, sanitized
+  end
+
+  def test_with_object_that_respond_to_roles_method
+    student = Student.new
+    user    = OpenStruct.new MassAssignmentWithMultipleRoles::ROLE_NAMES_METHOD => [:user, :admin]
+
+    expected = { 'name' => 'buz', 'email' => 'foo' }
+    sanitized = student.sanitize_for_mass_assignment(expected, user)
+    assert_equal expected, sanitized
+  end
+
+  def test_that_attributes_are_cached_and_not_created_second_time
+    student = Student.new
+    expected = { 'name' => 'buz', 'email' => 'foo' }
+
+    student.sanitize_for_mass_assignment(expected, [:user, :admin])
+
+    Student.expects(:attr_accessible).never
+
+    student.sanitize_for_mass_assignment(expected, [:user, :admin])
+  end
+
+  def test_do_not_take_into_account_not_known_roles
+    student = Student.new
+    expected = { 'name' => 'foo', 'email' => 'bar' }
+
+    sanitized = student.sanitize_for_mass_assignment(
+      expected.merge('phone_number' => 'buz'),
+      [:user, :admin, :not_existent]
+    )
+
+    assert_equal expected, sanitized
+  end
+
+  def test_do_not_fail_and_use_DEFAULT_if_wrong_data_type_was_passed_as_role
+    student = Student.new
+    expected = { 'phone_number' => 'buz' }
+    sanitized = student.sanitize_for_mass_assignment(expected.merge('email' => 'bar'), {wrong: 'data type'})
+    assert_equal expected, sanitized
+  end
+
+  def test_it_not_fails_if_active_authorizer_is_empty
+    blank = Blank.new
+    expected = { 'name' => 'buz', 'email' => 'foo' }
+    sanitized = blank.sanitize_for_mass_assignment(expected, [:user, :admin])
+    assert_equal expected, sanitized
+  end
+end

data/test/config.rb

@@ -0,0 +1,3 @@
+TEST_ROOT       = File.expand_path(File.dirname(__FILE__))
+FIXTURES_ROOT   = TEST_ROOT + "/fixtures"
+SCHEMA_FILE     = TEST_ROOT + "/schema.rb"

data/test/models/administrator.rb

@@ -0,0 +1,10 @@
+class Administrator
+  include ActiveModel::Validations
+  include ActiveModel::SecurePassword
+  include ActiveModel::MassAssignmentSecurity
+
+  attr_accessor :name, :password_digest
+  attr_accessible :name
+
+  has_secure_password
+end

data/test/models/automobile.rb

@@ -0,0 +1,12 @@
+class Automobile
+  include ActiveModel::Validations
+
+  validate :validations
+
+  attr_accessor :make, :model
+
+  def validations
+    validates_presence_of :make
+    validates_length_of   :model, :within => 2..10
+  end
+end

data/test/models/blog_post.rb

@@ -0,0 +1,9 @@
+module Blog
+  def self.use_relative_model_naming?
+    true
+  end
+
+  class Post
+    extend ActiveModel::Naming
+  end
+end

data/test/models/contact.rb

@@ -0,0 +1,26 @@
+class Contact
+  extend ActiveModel::Naming
+  include ActiveModel::Conversion
+
+  attr_accessor :id, :name, :age, :created_at, :awesome, :preferences
+
+  def social
+    %w(twitter github)
+  end
+
+  def network
+    {:git => :github}
+  end
+
+  def initialize(options = {})
+    options.each { |name, value| send("#{name}=", value) }
+  end
+
+  def pseudonyms
+    nil
+  end
+
+  def persisted?
+    id
+  end
+end

data/test/models/custom_reader.rb

@@ -0,0 +1,15 @@
+class CustomReader
+  include ActiveModel::Validations
+
+  def initialize(data = {})
+    @data = data
+  end
+
+  def []=(key, value)
+    @data[key] = value
+  end
+
+  def read_attribute_for_validation(key)
+    @data[key]
+  end
+end

data/test/models/helicopter.rb

@@ -0,0 +1,3 @@
+class Helicopter
+  include ActiveModel::Conversion
+end

data/test/models/mass_assignment_specific.rb

@@ -0,0 +1,102 @@
+class User
+  include ActiveModel::MassAssignmentSecurity
+  attr_protected :admin
+
+  public :sanitize_for_mass_assignment
+end
+
+class SpecialUser
+  include ActiveModel::MassAssignmentSecurity
+  attr_accessible :name, :email, :as => :moderator
+
+  public :sanitize_for_mass_assignment
+end
+
+class Person
+  include ActiveModel::MassAssignmentSecurity
+  attr_accessible :name, :email
+  attr_accessible :name, :email, :admin, :as => :admin
+
+  public :sanitize_for_mass_assignment
+end
+
+class Account
+  include ActiveModel::MassAssignmentSecurity
+  attr_accessible :name, :email, :as => [:default, :admin]
+  attr_accessible :admin, :as => :admin
+
+  public :sanitize_for_mass_assignment
+end
+
+class Firm
+  include ActiveModel::MassAssignmentSecurity
+
+  public :sanitize_for_mass_assignment
+
+  def self.attributes_protected_by_default
+    ["type"]
+  end
+end
+
+class Task
+  include ActiveModel::MassAssignmentSecurity
+  attr_protected :starting
+
+  public :sanitize_for_mass_assignment
+end
+
+class LoosePerson
+  include ActiveModel::MassAssignmentSecurity
+  attr_protected :credit_rating, :administrator
+  attr_protected :credit_rating, :as => :admin
+end
+
+class LooseDescendant < LoosePerson
+  attr_protected :phone_number
+end
+
+class LooseDescendantSecond< LoosePerson
+  attr_protected :phone_number
+  attr_protected :name
+end
+
+class TightPerson
+  include ActiveModel::MassAssignmentSecurity
+  attr_accessible :name, :address
+  attr_accessible :name, :address, :admin, :as => :admin
+
+  def self.attributes_protected_by_default
+    ["mobile_number"]
+  end
+end
+
+class TightDescendant < TightPerson
+  attr_accessible :phone_number
+  attr_accessible :super_powers, :as => :admin
+end
+
+class Student
+  include ActiveModel::MassAssignmentSecurity
+
+  attr_accessible :phone_number
+  attr_accessible :name, as: :admin
+  attr_accessible :email, as: :user
+
+  public :sanitize_for_mass_assignment
+end
+
+class Teacher
+  include ActiveModel::MassAssignmentSecurity
+
+  attr_protected :phone_number
+  attr_protected :name, as: :admin
+  attr_protected :email, as: :user
+
+  public :sanitize_for_mass_assignment
+end
+
+class Blank
+  include ActiveModel::MassAssignmentSecurity
+
+  public :sanitize_for_mass_assignment
+end

data/test/models/observers.rb

@@ -0,0 +1,27 @@
+class ORM
+  include ActiveModel::Observing
+
+  def save
+    notify_observers :before_save
+  end
+
+  class Observer < ActiveModel::Observer
+    def before_save_invocations
+      @before_save_invocations ||= []
+    end
+
+    def before_save(record)
+      before_save_invocations << record
+    end
+  end
+end
+
+class Widget < ORM; end
+class Budget < ORM; end
+class WidgetObserver < ORM::Observer; end
+class BudgetObserver < ORM::Observer; end
+class AuditTrail < ORM::Observer
+  observe :widget, :budget
+end
+
+ORM.instantiate_observers

data/test/models/person.rb

@@ -0,0 +1,17 @@
+class Person
+  include ActiveModel::Validations
+  extend  ActiveModel::Translation
+
+  attr_accessor :title, :karma, :salary, :gender
+
+  def condition_is_true
+    true
+  end
+end
+
+class Person::Gender
+  extend ActiveModel::Translation
+end
+
+class Child < Person
+end

data/test/models/person_with_validator.rb

@@ -0,0 +1,24 @@
+class PersonWithValidator
+  include ActiveModel::Validations
+
+  class PresenceValidator < ActiveModel::EachValidator
+    def validate_each(record, attribute, value)
+      record.errors[attribute] << "Local validator#{options[:custom]}" if value.blank?
+    end
+  end
+
+  class LikeValidator < ActiveModel::EachValidator
+    def initialize(options)
+      @with = options[:with]
+      super
+    end
+
+    def validate_each(record, attribute, value)
+      unless value[@with]
+        record.errors.add attribute, "does not appear to be like #{@with}"
+      end
+    end
+  end
+
+  attr_accessor :title, :karma
+end

data/test/models/reply.rb

@@ -0,0 +1,32 @@
+require 'models/topic'
+
+class Reply < Topic
+  validate :errors_on_empty_content
+  validate :title_is_wrong_create,  :on => :create
+
+  validate :check_empty_title
+  validate :check_content_mismatch, :on => :create
+  validate :check_wrong_update,     :on => :update
+
+  def check_empty_title
+    errors[:title] << "is Empty" unless title && title.size > 0
+  end
+
+  def errors_on_empty_content
+    errors[:content] << "is Empty" unless content && content.size > 0
+  end
+
+  def check_content_mismatch
+    if title && content && content == "Mismatch"
+      errors[:title] << "is Content Mismatch"
+    end
+  end
+
+  def title_is_wrong_create
+    errors[:title] << "is Wrong Create" if title && title == "Wrong Create"
+  end
+
+  def check_wrong_update
+    errors[:title] << "is Wrong Update" if title && title == "Wrong Update"
+  end
+end

data/test/models/sheep.rb

@@ -0,0 +1,3 @@
+class Sheep
+  extend ActiveModel::Naming
+end

data/test/models/topic.rb

@@ -0,0 +1,40 @@
+class Topic
+  include ActiveModel::Validations
+  include ActiveModel::Validations::Callbacks
+
+  def self._validates_default_keys
+    super | [ :message ]
+  end
+
+  attr_accessor :title, :author_name, :content, :approved
+  attr_accessor :after_validation_performed
+
+  after_validation :perform_after_validation
+
+  def initialize(attributes = {})
+    attributes.each do |key, value|
+      send "#{key}=", value
+    end
+  end
+
+  def condition_is_true
+    true
+  end
+
+  def condition_is_true_but_its_not
+    false
+  end
+
+  def perform_after_validation
+    self.after_validation_performed = true
+  end
+
+  def my_validation
+    errors.add :title, "is missing" unless title
+  end
+
+  def my_validation_with_arg(attr)
+    errors.add attr, "is missing" unless send(attr)
+  end
+
+end

data/test/models/track_back.rb

@@ -0,0 +1,11 @@
+class Post
+  class TrackBack
+    def to_model
+      NamedTrackBack.new
+    end
+  end
+
+  class NamedTrackBack
+    extend ActiveModel::Naming
+  end
+end

data/test/models/user.rb

@@ -0,0 +1,8 @@
+class User
+  include ActiveModel::Validations
+  include ActiveModel::SecurePassword
+
+  has_secure_password
+
+  attr_accessor :password_digest, :password_salt
+end

data/test/models/visitor.rb

@@ -0,0 +1,9 @@
+class Visitor
+  include ActiveModel::Validations
+  include ActiveModel::SecurePassword
+  include ActiveModel::MassAssignmentSecurity
+
+  has_secure_password
+
+  attr_accessor :password_digest
+end

metadata

@@ -0,0 +1,168 @@
+--- !ruby/object:Gem::Specification
+name: mass_assignment_with_multiple_roles
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- saksmlz
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: activesupport
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.3
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>'
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.3
+description: This gem allows you to pass multiple roles into methods like save and
+  update_attributes
+email:
+- saksmlz@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- .travis.yml
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/mass_assignment_with_multiple_roles.rb
+- lib/mass_assignment_with_multiple_roles/mass_assignment_security.rb
+- lib/mass_assignment_with_multiple_roles/version.rb
+- mass_assignment_with_multiple_roles.gemspec
+- test/cases/helper.rb
+- test/cases/mass_assignment_security_test.rb
+- test/cases/mass_assignment_security_with_multiple_roles_test.rb
+- test/config.rb
+- test/models/administrator.rb
+- test/models/automobile.rb
+- test/models/blog_post.rb
+- test/models/contact.rb
+- test/models/custom_reader.rb
+- test/models/helicopter.rb
+- test/models/mass_assignment_specific.rb
+- test/models/observers.rb
+- test/models/person.rb
+- test/models/person_with_validator.rb
+- test/models/reply.rb
+- test/models/sheep.rb
+- test/models/topic.rb
+- test/models/track_back.rb
+- test/models/user.rb
+- test/models/visitor.rb
+homepage: http://github.com/saks/mass_assignment_with_multiple_roles
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -188045199
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -188045199
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: Allows to use intersection of attr_accessible if passing multiple role names
+  on save
+test_files:
+- test/cases/helper.rb
+- test/cases/mass_assignment_security_test.rb
+- test/cases/mass_assignment_security_with_multiple_roles_test.rb
+- test/config.rb
+- test/models/administrator.rb
+- test/models/automobile.rb
+- test/models/blog_post.rb
+- test/models/contact.rb
+- test/models/custom_reader.rb
+- test/models/helicopter.rb
+- test/models/mass_assignment_specific.rb
+- test/models/observers.rb
+- test/models/person.rb
+- test/models/person_with_validator.rb
+- test/models/reply.rb
+- test/models/sheep.rb
+- test/models/topic.rb
+- test/models/track_back.rb
+- test/models/user.rb
+- test/models/visitor.rb