memento 0.4.0 → 0.4.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.rbenv-version +1 -1
- data/CHANGES.md +7 -1
- data/lib/memento.rb +1 -1
- data/lib/memento/session.rb +3 -0
- data/lib/memento/state.rb +5 -1
- data/lib/memento/version.rb +1 -1
- data/spec/memento/session_spec.rb +19 -11
- data/spec/memento/state_spec.rb +16 -6
- metadata +2 -2
data/.rbenv-version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.9.3-
|
1
|
+
1.9.3-p286
|
data/CHANGES.md
CHANGED
@@ -1,6 +1,12 @@
|
|
1
1
|
### dev
|
2
2
|
|
3
|
-
[full changelog](http://github.com/yolk/valvat/compare/v0.4.
|
3
|
+
[full changelog](http://github.com/yolk/valvat/compare/v0.4.1...master)
|
4
|
+
|
5
|
+
### 0.4.1 / 2012-11-01
|
6
|
+
|
7
|
+
[full changelog](http://github.com/yolk/valvat/compare/v0.4.0...v0.4.1)
|
8
|
+
|
9
|
+
* Prevent all mass assignment to Memento::Session and Memento::State
|
4
10
|
|
5
11
|
### 0.4.0 / 2012-10-29
|
6
12
|
|
data/lib/memento.rb
CHANGED
@@ -21,7 +21,7 @@ module Memento
|
|
21
21
|
|
22
22
|
def start(user_or_id)
|
23
23
|
user = user_or_id.is_a?(User) ? user_or_id : User.find_by_id(user_or_id)
|
24
|
-
self.session = user ? Memento::Session.new(:user => user) : nil
|
24
|
+
self.session = user ? Memento::Session.new({:user => user}, :without_protection => true) : nil
|
25
25
|
end
|
26
26
|
|
27
27
|
def stop
|
data/lib/memento/session.rb
CHANGED
data/lib/memento/state.rb
CHANGED
@@ -5,6 +5,8 @@ module Memento
|
|
5
5
|
belongs_to :session, :class_name => "Memento::Session"
|
6
6
|
belongs_to :record, :polymorphic => true
|
7
7
|
|
8
|
+
attr_accessible nil
|
9
|
+
|
8
10
|
validates_presence_of :session
|
9
11
|
validates_presence_of :record
|
10
12
|
validates_presence_of :action_type
|
@@ -13,7 +15,9 @@ module Memento
|
|
13
15
|
before_create :set_record_data
|
14
16
|
|
15
17
|
def self.store(action_type, record)
|
16
|
-
|
18
|
+
new do |state|
|
19
|
+
state.action_type = action_type.to_s
|
20
|
+
state.record = record
|
17
21
|
state.save if state.fetch?
|
18
22
|
end
|
19
23
|
end
|
data/lib/memento/version.rb
CHANGED
@@ -5,7 +5,7 @@ describe Memento::Session do
|
|
5
5
|
before do
|
6
6
|
setup_db
|
7
7
|
setup_data
|
8
|
-
@session = Memento::Session.create(:user => @user)
|
8
|
+
@session = Memento::Session.create({:user => @user}, :without_protection => true)
|
9
9
|
end
|
10
10
|
|
11
11
|
it "should belong to user" do
|
@@ -18,15 +18,23 @@ describe Memento::Session do
|
|
18
18
|
|
19
19
|
it "should have_many states" do
|
20
20
|
@session.states.should eql([])
|
21
|
-
@session.states.create!(:action_type => "destroy", :record => Project.create!)
|
21
|
+
@session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
|
22
22
|
@session.states.count.should eql(1)
|
23
23
|
end
|
24
24
|
|
25
|
+
it "should disallow all mass assignment" do
|
26
|
+
Memento::Session.accessible_attributes.deny?("id").should eql(true)
|
27
|
+
Memento::Session.accessible_attributes.deny?("created_at").should eql(true)
|
28
|
+
Memento::Session.accessible_attributes.deny?("updated_at").should eql(true)
|
29
|
+
Memento::Session.accessible_attributes.deny?("user_id").should eql(true)
|
30
|
+
Memento::Session.accessible_attributes.deny?("user").should eql(true)
|
31
|
+
end
|
32
|
+
|
25
33
|
context "undo" do
|
26
34
|
before do
|
27
|
-
@state1 = @session.states.create!(:action_type => "update", :record => @p1 = Project.create!)
|
28
|
-
@other = Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
|
29
|
-
@state2 = @session.states.create!(:action_type => "update", :record => @p2 = Project.create!)
|
35
|
+
@state1 = @session.states.create!({:action_type => "update", :record => @p1 = Project.create!}, :without_protection => true)
|
36
|
+
@other = Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
|
37
|
+
@state2 = @session.states.create!({:action_type => "update", :record => @p2 = Project.create!}, :without_protection => true)
|
30
38
|
end
|
31
39
|
|
32
40
|
describe "and all states succeed" do
|
@@ -47,9 +55,9 @@ describe Memento::Session do
|
|
47
55
|
|
48
56
|
describe "and all states fail" do
|
49
57
|
before do
|
50
|
-
@state1.update_attributes(:record_data => {:name => ["A", "B"]})
|
58
|
+
@state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
|
51
59
|
@p1.update_attributes(:name => "C")
|
52
|
-
@state2.update_attributes(:record_data => {:name => ["A", "B"]})
|
60
|
+
@state2.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
|
53
61
|
@p2.update_attributes(:name => "C")
|
54
62
|
end
|
55
63
|
|
@@ -70,7 +78,7 @@ describe Memento::Session do
|
|
70
78
|
|
71
79
|
describe "and some states succeed, some fail" do
|
72
80
|
before do
|
73
|
-
@state1.update_attributes(:record_data => {:name => ["A", "B"]})
|
81
|
+
@state1.update_attributes({:record_data => {:name => ["A", "B"]}}, :without_protection => true)
|
74
82
|
@p1.update_attributes(:name => "C")
|
75
83
|
end
|
76
84
|
|
@@ -101,9 +109,9 @@ describe Memento::Session do
|
|
101
109
|
|
102
110
|
describe "with states" do
|
103
111
|
before do
|
104
|
-
@session.states.create!(:action_type => "destroy", :record => Project.create!)
|
105
|
-
Memento::Session.create!(:user => @user).states.create!(:action_type => "destroy", :record => Project.create!)
|
106
|
-
@state2 = @session.states.create!(:action_type => "update", :record => Project.create!)
|
112
|
+
@session.states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
|
113
|
+
Memento::Session.create!({:user => @user}, :without_protection => true).states.create!({:action_type => "destroy", :record => Project.create!}, :without_protection => true)
|
114
|
+
@state2 = @session.states.create!({:action_type => "update", :record => Project.create!}, :without_protection => true)
|
107
115
|
end
|
108
116
|
|
109
117
|
it "should destroy all states when destroyed" do
|
data/spec/memento/state_spec.rb
CHANGED
@@ -5,11 +5,11 @@ describe Memento::State do
|
|
5
5
|
before do
|
6
6
|
setup_db
|
7
7
|
setup_data
|
8
|
-
@session = Memento::Session.create(:user => @user)
|
8
|
+
@session = Memento::Session.create({:user => @user}, :without_protection => true)
|
9
9
|
end
|
10
10
|
|
11
11
|
it "should belong to session" do
|
12
|
-
Memento::State.new(:session => @session).session.should eql(@session)
|
12
|
+
Memento::State.new({:session => @session}, :without_protection => true).session.should eql(@session)
|
13
13
|
end
|
14
14
|
|
15
15
|
it "should require session" do
|
@@ -18,22 +18,32 @@ describe Memento::State do
|
|
18
18
|
|
19
19
|
it "should require action_type to be one of Memento::State::RECORD_CAUSES" do
|
20
20
|
Memento::State.create.errors[:action_type].should eql(["can't be blank"])
|
21
|
-
Memento::State.create(:action_type => "move").errors[:action_type].should eql(["is not included in the list"])
|
21
|
+
Memento::State.create({:action_type => "move"}, :without_protection => true).errors[:action_type].should eql(["is not included in the list"])
|
22
22
|
end
|
23
23
|
|
24
24
|
it "should belong to polymorphic record" do
|
25
|
-
Memento::State.new(:record => @user).record.should eql(@user)
|
26
|
-
Memento::State.new(:record => @session).record.should eql(@session)
|
25
|
+
Memento::State.new({:record => @user}, :without_protection => true).record.should eql(@user)
|
26
|
+
Memento::State.new({:record => @session}, :without_protection => true).record.should eql(@session)
|
27
27
|
end
|
28
28
|
|
29
29
|
it "should require record" do
|
30
30
|
Memento::State.create.errors[:record].should eql(["can't be blank"])
|
31
31
|
end
|
32
32
|
|
33
|
+
it "should disallow all mass assignment" do
|
34
|
+
Memento::State.accessible_attributes.deny?("id").should eql(true)
|
35
|
+
Memento::State.accessible_attributes.deny?("created_at").should eql(true)
|
36
|
+
Memento::State.accessible_attributes.deny?("updated_at").should eql(true)
|
37
|
+
Memento::State.accessible_attributes.deny?("session_id").should eql(true)
|
38
|
+
Memento::State.accessible_attributes.deny?("session").should eql(true)
|
39
|
+
Memento::State.accessible_attributes.deny?("record_id").should eql(true)
|
40
|
+
Memento::State.accessible_attributes.deny?("record_type").should eql(true)
|
41
|
+
Memento::State.accessible_attributes.deny?("record").should eql(true)
|
42
|
+
end
|
33
43
|
|
34
44
|
describe "valid State" do
|
35
45
|
before do
|
36
|
-
@state = @session.states.create!(:action_type => "destroy", :record => @project = Project.create(:name => "A") )
|
46
|
+
@state = @session.states.create!({:action_type => "destroy", :record => @project = Project.create(:name => "A")}, :without_protection => true )
|
37
47
|
end
|
38
48
|
|
39
49
|
it "should give back Memento::Result on undo" do
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: memento
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-11-01 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|