memento 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. data/.rbenv-version +1 -1
  2. data/CHANGES.md +7 -1
  3. data/lib/memento.rb +1 -1
  4. data/lib/memento/session.rb +3 -0
  5. data/lib/memento/state.rb +5 -1
  6. data/lib/memento/version.rb +1 -1
  7. data/spec/memento/session_spec.rb +19 -11
  8. data/spec/memento/state_spec.rb +16 -6
  9. metadata +2 -2
data/.rbenv-version CHANGED
@@ -1 +1 @@
1
- 1.9.3-p194
1
+ 1.9.3-p286
data/CHANGES.md CHANGED
@@ -1,6 +1,12 @@
1
1
  ### dev
2
2
 
3
- [full changelog](http://github.com/yolk/valvat/compare/v0.4.0...master)
3
+ [full changelog](http://github.com/yolk/valvat/compare/v0.4.1...master)
4
+
5
+ ### 0.4.1 / 2012-11-01
6
+
7
+ [full changelog](http://github.com/yolk/valvat/compare/v0.4.0...v0.4.1)
8
+
9
+ * Prevent all mass assignment to Memento::Session and Memento::State
4
10
 
5
11
  ### 0.4.0 / 2012-10-29
6
12
 
data/lib/memento.rb CHANGED
@@ -21,7 +21,7 @@ module Memento
21
21
 
22
22
  def start(user_or_id)
23
23
  user = user_or_id.is_a?(User) ? user_or_id : User.find_by_id(user_or_id)
24
- self.session = user ? Memento::Session.new(:user => user) : nil
24
+ self.session = user ? Memento::Session.new({:user => user}, :without_protection => true) : nil
25
25
  end
26
26
 
27
27
  def stop
data/lib/memento/session.rb CHANGED
@@ -4,6 +4,9 @@ module Memento
4
4
 
5
5
  has_many :states, :class_name => "Memento::State", :dependent => :delete_all, :order => "id DESC"
6
6
  belongs_to :user
7
+
8
+ attr_accessible nil
9
+
7
10
  validates_presence_of :user
8
11
 
9
12
  def add_state(action_type, record)
data/lib/memento/state.rb CHANGED
@@ -5,6 +5,8 @@ module Memento
5
5
  belongs_to :session, :class_name => "Memento::Session"
6
6
  belongs_to :record, :polymorphic => true
7
7
 
8
+ attr_accessible nil
9
+
8
10
  validates_presence_of :session
9
11
  validates_presence_of :record
10
12
  validates_presence_of :action_type
@@ -13,7 +15,9 @@ module Memento
13
15
  before_create :set_record_data
14
16
 
15
17
  def self.store(action_type, record)
16
- self.new(:action_type => action_type.to_s, :record => record) do |state|
18
+ new do |state|
19
+ state.action_type = action_type.to_s
20
+ state.record = record
17
21
  state.save if state.fetch?
18
22
  end
19
23
  end
data/lib/memento/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Memento
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
data/spec/memento/session_spec.rb CHANGED
@@ -5,7 +5,7 @@ describe Memento::Session do
5
5
  before do
6
6
  setup_db
7
7
  setup_data
8
- @session = Memento::Session.create(:user => @user)
8
+ @session = Memento::Session.create({:user => @user}, :without_protection => true)
9
9
  end
10
10
 
11
11
  it "should belong to user" do
@@ -18,15 +18,23 @@ describe Memento::Session do
18
18
 
19
19
  it "should have_many states" do
20
20
  @session.states.should eql([])
21
- @session.states.create!(:action_type => "destroy", :record => Project.create!)
21
+ @session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
22
22
  @session.states.count.should eql(1)
23
23
  end
24
24
 
25
+ it "should disallow all mass assignment" do
26
+ Memento::Session.accessible_attributes.deny?("id").should eql(true)
27
+ Memento::Session.accessible_attributes.deny?("created_at").should eql(true)
28
+ Memento::Session.accessible_attributes.deny?("updated_at").should eql(true)
29
+ Memento::Session.accessible_attributes.deny?("user_id").should eql(true)
30
+ Memento::Session.accessible_attributes.deny?("user").should eql(true)
31
+ end
32
+
25
33
  context "undo" do
26
34
  before do
27
- @state1 = @session.states.create!(:action_type => "update", :record => @p1 = Project.create!)
28
- @other = Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
29
- @state2 = @session.states.create!(:action_type => "update", :record => @p2 = Project.create!)
35
+ @state1 = @session.states.create!({:action_type => "update", :record => @p1 = Project.create!}, :without_protection => true)
36
+ @other = Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
37
+ @state2 = @session.states.create!({:action_type => "update", :record => @p2 = Project.create!}, :without_protection => true)
30
38
  end
31
39
 
32
40
  describe "and all states succeed" do
@@ -47,9 +55,9 @@ describe Memento::Session do
47
55
 
48
56
  describe "and all states fail" do
49
57
  before do
50
- @state1.update_attributes(:record_data => {:name => ["A", "B"]})
58
+ @state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
51
59
  @p1.update_attributes(:name => "C")
52
- @state2.update_attributes(:record_data => {:name => ["A", "B"]})
60
+ @state2.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
53
61
  @p2.update_attributes(:name => "C")
54
62
  end
55
63
 
@@ -70,7 +78,7 @@ describe Memento::Session do
70
78
 
71
79
  describe "and some states succeed, some fail" do
72
80
  before do
73
- @state1.update_attributes(:record_data => {:name => ["A", "B"]})
81
+ @state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
74
82
  @p1.update_attributes(:name => "C")
75
83
  end
76
84
 
@@ -101,9 +109,9 @@ describe Memento::Session do
101
109
 
102
110
  describe "with states" do
103
111
  before do
104
- @session.states.create!(:action_type => "destroy", :record => Project.create!)
105
- Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
106
- @state2 = @session.states.create!(:action_type => "update", :record => Project.create!)
112
+ @session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
113
+ Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
114
+ @state2 = @session.states.create!({:action_type => "update", :record => Project.create!}, :without_protection => true)
107
115
  end
108
116
 
109
117
  it "should destroy all states when destroyed" do
data/spec/memento/state_spec.rb CHANGED
@@ -5,11 +5,11 @@ describe Memento::State do
5
5
  before do
6
6
  setup_db
7
7
  setup_data
8
- @session = Memento::Session.create(:user => @user)
8
+ @session = Memento::Session.create({:user => @user}, :without_protection => true)
9
9
  end
10
10
 
11
11
  it "should belong to session" do
12
- Memento::State.new(:session => @session).session.should eql(@session)
12
+ Memento::State.new({:session => @session}, :without_protection => true).session.should eql(@session)
13
13
  end
14
14
 
15
15
  it "should require session" do
@@ -18,22 +18,32 @@ describe Memento::State do
18
18
 
19
19
  it "should require action_type to be one of Memento::State::RECORD_CAUSES" do
20
20
  Memento::State.create.errors[:action_type].should eql(["can't be blank"])
21
- Memento::State.create(:action_type => "move").errors[:action_type].should eql(["is not included in the list"])
21
+ Memento::State.create({:action_type => "move"}, :without_protection => true).errors[:action_type].should eql(["is not included in the list"])
22
22
  end
23
23
 
24
24
  it "should belong to polymorphic record" do
25
- Memento::State.new(:record => @user).record.should eql(@user)
26
- Memento::State.new(:record => @session).record.should eql(@session)
25
+ Memento::State.new({:record => @user}, :without_protection => true).record.should eql(@user)
26
+ Memento::State.new({:record => @session}, :without_protection => true).record.should eql(@session)
27
27
  end
28
28
 
29
29
  it "should require record" do
30
30
  Memento::State.create.errors[:record].should eql(["can't be blank"])
31
31
  end
32
32
 
33
+ it "should disallow all mass assignment" do
34
+ Memento::State.accessible_attributes.deny?("id").should eql(true)
35
+ Memento::State.accessible_attributes.deny?("created_at").should eql(true)
36
+ Memento::State.accessible_attributes.deny?("updated_at").should eql(true)
37
+ Memento::State.accessible_attributes.deny?("session_id").should eql(true)
38
+ Memento::State.accessible_attributes.deny?("session").should eql(true)
39
+ Memento::State.accessible_attributes.deny?("record_id").should eql(true)
40
+ Memento::State.accessible_attributes.deny?("record_type").should eql(true)
41
+ Memento::State.accessible_attributes.deny?("record").should eql(true)
42
+ end
33
43
 
34
44
  describe "valid State" do
35
45
  before do
36
- @state = @session.states.create!(:action_type => "destroy", :record => @project = Project.create(:name => "A") )
46
+ @state = @session.states.create!({:action_type => "destroy", :record => @project = Project.create(:name => "A")}, :without_protection => true )
37
47
  end
38
48
 
39
49
  it "should give back Memento::Result on undo" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: memento
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-10-29 00:00:00.000000000 Z
12
+ date: 2012-11-01 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activerecord