memento 0.4.0 → 0.4.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. data/.rbenv-version +1 -1
  2. data/CHANGES.md +7 -1
  3. data/lib/memento.rb +1 -1
  4. data/lib/memento/session.rb +3 -0
  5. data/lib/memento/state.rb +5 -1
  6. data/lib/memento/version.rb +1 -1
  7. data/spec/memento/session_spec.rb +19 -11
  8. data/spec/memento/state_spec.rb +16 -6
  9. metadata +2 -2
data/.rbenv-version CHANGED
@@ -1 +1 @@
1
- 1.9.3-p194
1
+ 1.9.3-p286
data/CHANGES.md CHANGED
@@ -1,6 +1,12 @@
1
1
  ### dev
2
2
 
3
- [full changelog](http://github.com/yolk/valvat/compare/v0.4.0...master)
3
+ [full changelog](http://github.com/yolk/valvat/compare/v0.4.1...master)
4
+
5
+ ### 0.4.1 / 2012-11-01
6
+
7
+ [full changelog](http://github.com/yolk/valvat/compare/v0.4.0...v0.4.1)
8
+
9
+ * Prevent all mass assignment to Memento::Session and Memento::State
4
10
 
5
11
  ### 0.4.0 / 2012-10-29
6
12
 
data/lib/memento.rb CHANGED
@@ -21,7 +21,7 @@ module Memento
21
21
 
22
22
  def start(user_or_id)
23
23
  user = user_or_id.is_a?(User) ? user_or_id : User.find_by_id(user_or_id)
24
- self.session = user ? Memento::Session.new(:user => user) : nil
24
+ self.session = user ? Memento::Session.new({:user => user}, :without_protection => true) : nil
25
25
  end
26
26
 
27
27
  def stop
data/lib/memento/session.rb CHANGED
@@ -4,6 +4,9 @@ module Memento
4
4
 
5
5
  has_many :states, :class_name => "Memento::State", :dependent => :delete_all, :order => "id DESC"
6
6
  belongs_to :user
7
+
8
+ attr_accessible nil
9
+
7
10
  validates_presence_of :user
8
11
 
9
12
  def add_state(action_type, record)
data/lib/memento/state.rb CHANGED
@@ -5,6 +5,8 @@ module Memento
5
5
  belongs_to :session, :class_name => "Memento::Session"
6
6
  belongs_to :record, :polymorphic => true
7
7
 
8
+ attr_accessible nil
9
+
8
10
  validates_presence_of :session
9
11
  validates_presence_of :record
10
12
  validates_presence_of :action_type
@@ -13,7 +15,9 @@ module Memento
13
15
  before_create :set_record_data
14
16
 
15
17
  def self.store(action_type, record)
16
- self.new(:action_type => action_type.to_s, :record => record) do |state|
18
+ new do |state|
19
+ state.action_type = action_type.to_s
20
+ state.record = record
17
21
  state.save if state.fetch?
18
22
  end
19
23
  end
data/lib/memento/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Memento
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
data/spec/memento/session_spec.rb CHANGED
@@ -5,7 +5,7 @@ describe Memento::Session do
5
5
  before do
6
6
  setup_db
7
7
  setup_data
8
- @session = Memento::Session.create(:user => @user)
8
+ @session = Memento::Session.create({:user => @user}, :without_protection => true)
9
9
  end
10
10
 
11
11
  it "should belong to user" do
@@ -18,15 +18,23 @@ describe Memento::Session do
18
18
 
19
19
  it "should have_many states" do
20
20
  @session.states.should eql([])
21
- @session.states.create!(:action_type => "destroy", :record => Project.create!)
21
+ @session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
22
22
  @session.states.count.should eql(1)
23
23
  end
24
24
 
25
+ it "should disallow all mass assignment" do
26
+ Memento::Session.accessible_attributes.deny?("id").should eql(true)
27
+ Memento::Session.accessible_attributes.deny?("created_at").should eql(true)
28
+ Memento::Session.accessible_attributes.deny?("updated_at").should eql(true)
29
+ Memento::Session.accessible_attributes.deny?("user_id").should eql(true)
30
+ Memento::Session.accessible_attributes.deny?("user").should eql(true)
31
+ end
32
+
25
33
  context "undo" do
26
34
  before do
27
- @state1 = @session.states.create!(:action_type => "update", :record => @p1 = Project.create!)
28
- @other = Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
29
- @state2 = @session.states.create!(:action_type => "update", :record => @p2 = Project.create!)
35
+ @state1 = @session.states.create!({:action_type => "update", :record => @p1 = Project.create!}, :without_protection => true)
36
+ @other = Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
37
+ @state2 = @session.states.create!({:action_type => "update", :record => @p2 = Project.create!}, :without_protection => true)
30
38
  end
31
39
 
32
40
  describe "and all states succeed" do
@@ -47,9 +55,9 @@ describe Memento::Session do
47
55
 
48
56
  describe "and all states fail" do
49
57
  before do
50
- @state1.update_attributes(:record_data => {:name => ["A", "B"]})
58
+ @state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
51
59
  @p1.update_attributes(:name => "C")
52
- @state2.update_attributes(:record_data => {:name => ["A", "B"]})
60
+ @state2.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
53
61
  @p2.update_attributes(:name => "C")
54
62
  end
55
63
 
@@ -70,7 +78,7 @@ describe Memento::Session do
70
78
 
71
79
  describe "and some states succeed, some fail" do
72
80
  before do
73
- @state1.update_attributes(:record_data => {:name => ["A", "B"]})
81
+ @state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
74
82
  @p1.update_attributes(:name => "C")
75
83
  end
76
84
 
@@ -101,9 +109,9 @@ describe Memento::Session do
101
109
 
102
110
  describe "with states" do
103
111
  before do
104
- @session.states.create!(:action_type => "destroy", :record => Project.create!)
105
- Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
106
- @state2 = @session.states.create!(:action_type => "update", :record => Project.create!)
112
+ @session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
113
+ Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
114
+ @state2 = @session.states.create!({:action_type => "update", :record => Project.create!}, :without_protection => true)
107
115
  end
108
116
 
109
117
  it "should destroy all states when destroyed" do
data/spec/memento/state_spec.rb CHANGED
@@ -5,11 +5,11 @@ describe Memento::State do
5
5
  before do
6
6
  setup_db
7
7
  setup_data
8
- @session = Memento::Session.create(:user => @user)
8
+ @session = Memento::Session.create({:user => @user}, :without_protection => true)
9
9
  end
10
10
 
11
11
  it "should belong to session" do
12
- Memento::State.new(:session => @session).session.should eql(@session)
12
+ Memento::State.new({:session => @session}, :without_protection => true).session.should eql(@session)
13
13
  end
14
14
 
15
15
  it "should require session" do
@@ -18,22 +18,32 @@ describe Memento::State do
18
18
 
19
19
  it "should require action_type to be one of Memento::State::RECORD_CAUSES" do
20
20
  Memento::State.create.errors[:action_type].should eql(["can't be blank"])
21
- Memento::State.create(:action_type => "move").errors[:action_type].should eql(["is not included in the list"])
21
+ Memento::State.create({:action_type => "move"}, :without_protection => true).errors[:action_type].should eql(["is not included in the list"])
22
22
  end
23
23
 
24
24
  it "should belong to polymorphic record" do
25
- Memento::State.new(:record => @user).record.should eql(@user)
26
- Memento::State.new(:record => @session).record.should eql(@session)
25
+ Memento::State.new({:record => @user}, :without_protection => true).record.should eql(@user)
26
+ Memento::State.new({:record => @session}, :without_protection => true).record.should eql(@session)
27
27
  end
28
28
 
29
29
  it "should require record" do
30
30
  Memento::State.create.errors[:record].should eql(["can't be blank"])
31
31
  end
32
32
 
33
+ it "should disallow all mass assignment" do
34
+ Memento::State.accessible_attributes.deny?("id").should eql(true)
35
+ Memento::State.accessible_attributes.deny?("created_at").should eql(true)
36
+ Memento::State.accessible_attributes.deny?("updated_at").should eql(true)
37
+ Memento::State.accessible_attributes.deny?("session_id").should eql(true)
38
+ Memento::State.accessible_attributes.deny?("session").should eql(true)
39
+ Memento::State.accessible_attributes.deny?("record_id").should eql(true)
40
+ Memento::State.accessible_attributes.deny?("record_type").should eql(true)
41
+ Memento::State.accessible_attributes.deny?("record").should eql(true)
42
+ end
33
43
 
34
44
  describe "valid State" do
35
45
  before do
36
- @state = @session.states.create!(:action_type => "destroy", :record => @project = Project.create(:name => "A") )
46
+ @state = @session.states.create!({:action_type => "destroy", :record => @project = Project.create(:name => "A")}, :without_protection => true )
37
47
  end
38
48
 
39
49
  it "should give back Memento::Result on undo" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: memento
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-10-29 00:00:00.000000000 Z
12
+ date: 2012-11-01 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: activerecord