merb-param-protection 1.1.0.pre → 1.1.0.rc1

Sign up to get free protection for your applications and to get access to all the features.
data/Rakefile CHANGED
@@ -14,7 +14,7 @@ begin
14
14
 
15
15
  Jeweler::Tasks.new do |gemspec|
16
16
 
17
- gemspec.version = Merb::ParamProtection::VERSION
17
+ gemspec.version = Merb::ParamProtection::VERSION.dup
18
18
 
19
19
  gemspec.name = "merb-param-protection"
20
20
  gemspec.description = "Merb plugin that helps protecting sensible parameters"
@@ -1,3 +1,5 @@
1
+ require "merb-core"
2
+
1
3
  # This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller.
2
4
 
3
5
  # Setup:
@@ -22,158 +24,156 @@
22
24
 
23
25
  # We also see that params_protected removes ONLY those parameters explicitly specified.
24
26
 
25
- if defined?(Merb::Plugins)
26
-
27
- # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
28
- #Merb::Plugins.config[:merb_param_protection] = {
29
- #:chickens => false
30
- #}
31
-
32
- #Merb::Plugins.add_rakefiles "merb_param_protection/merbtasks"
33
-
34
- module Merb
35
- module ParamsFilter
36
- module ControllerMixin
37
- def self.included(base)
38
- base.send(:extend, ClassMethods)
39
- base.send(:include, InstanceMethods)
40
- base.send(:class_inheritable_accessor, :accessible_params_args)
41
- base.send(:class_inheritable_accessor, :protected_params_args)
42
- base.send(:class_inheritable_accessor, :log_params_args)
43
- # Don't expose these as public methods - otherwise they'll become controller actions
44
- base.send(:protected, :accessible_params_args, :protected_params_args, :log_params_args)
45
- base.send(:protected, :accessible_params_args=, :protected_params_args=, :log_params_args=)
46
-
47
- base.send(:before, :initialize_params_filter)
48
- end
49
27
 
50
- module ClassMethods
51
- # Ensures these parameters are sent for the object
52
- #
53
- # params_accessible :post => [:title, :body]
54
- #
55
- def params_accessible(args = {})
56
- assign_filtered_params(:accessible_params_args, args)
57
- end
28
+ # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
29
+ #Merb::Plugins.config[:merb_param_protection] = {
30
+ #:chickens => false
31
+ #}
58
32
 
59
- # Protects parameters of an object
60
- #
61
- # params_protected :post => [:status, :author_id]
62
- #
63
- def params_protected(args = {})
64
- assign_filtered_params(:protected_params_args, args)
65
- end
33
+ #Merb::Plugins.add_rakefiles "merb_param_protection/merbtasks"
66
34
 
67
- # Filters parameters out from the default log string
68
- # Params will still be passed to the controller properly, they will
69
- # show up as [FILTERED] in the merb logs.
70
- #
71
- # log_params_filtered :password, 'token'
72
- #
73
- def log_params_filtered(*args)
74
- self.log_params_args = args.collect { |arg| arg.to_sym }
75
- end
35
+ module Merb
36
+ module ParamsFilter
37
+ module ControllerMixin
38
+ def self.included(base)
39
+ base.send(:extend, ClassMethods)
40
+ base.send(:include, InstanceMethods)
41
+ base.send(:class_inheritable_accessor, :accessible_params_args)
42
+ base.send(:class_inheritable_accessor, :protected_params_args)
43
+ base.send(:class_inheritable_accessor, :log_params_args)
44
+ # Don't expose these as public methods - otherwise they'll become controller actions
45
+ base.send(:protected, :accessible_params_args, :protected_params_args, :log_params_args)
46
+ base.send(:protected, :accessible_params_args=, :protected_params_args=, :log_params_args=)
76
47
 
77
- private
48
+ base.send(:before, :initialize_params_filter)
49
+ end
78
50
 
79
- def assign_filtered_params(method, args)
80
- validate_filtered_params(method, args)
51
+ module ClassMethods
52
+ # Ensures these parameters are sent for the object
53
+ #
54
+ # params_accessible :post => [:title, :body]
55
+ #
56
+ def params_accessible(args = {})
57
+ assign_filtered_params(:accessible_params_args, args)
58
+ end
81
59
 
82
- # If the method is nil, set to initial hash, otherwise merge
83
- self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
84
- end
60
+ # Protects parameters of an object
61
+ #
62
+ # params_protected :post => [:status, :author_id]
63
+ #
64
+ def params_protected(args = {})
65
+ assign_filtered_params(:protected_params_args, args)
66
+ end
67
+
68
+ # Filters parameters out from the default log string
69
+ # Params will still be passed to the controller properly, they will
70
+ # show up as [FILTERED] in the merb logs.
71
+ #
72
+ # log_params_filtered :password, 'token'
73
+ #
74
+ def log_params_filtered(*args)
75
+ self.log_params_args = args.collect { |arg| arg.to_sym }
76
+ end
77
+
78
+ private
79
+
80
+ def assign_filtered_params(method, args)
81
+ validate_filtered_params(method, args)
82
+
83
+ # If the method is nil, set to initial hash, otherwise merge
84
+ self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
85
+ end
85
86
 
86
- def validate_filtered_params(method, args)
87
- # Reversing methods
88
- params_methods = [:accessible_params_args, :protected_params_args]
89
- params_methods.delete(method)
90
- params_method = params_methods.first
91
-
92
- # Make sure the opposite method is not nil
93
- unless self.send(params_method).nil?
94
- # Loop through arg's keys
95
- args.keys.each do |key|
96
- # If the key exists on the opposite method, raise exception
97
- if self.send(params_method).include?(key)
98
- case method
99
- when :accessible_params_args then raise "Cannot make accessible a controller (#{self}) that is already protected"
100
- when :protected_params_args then raise "Cannot protect controller (#{self}) that is already accessible"
101
- end
87
+ def validate_filtered_params(method, args)
88
+ # Reversing methods
89
+ params_methods = [:accessible_params_args, :protected_params_args]
90
+ params_methods.delete(method)
91
+ params_method = params_methods.first
92
+
93
+ # Make sure the opposite method is not nil
94
+ unless self.send(params_method).nil?
95
+ # Loop through arg's keys
96
+ args.keys.each do |key|
97
+ # If the key exists on the opposite method, raise exception
98
+ if self.send(params_method).include?(key)
99
+ case method
100
+ when :accessible_params_args then raise "Cannot make accessible a controller (#{self}) that is already protected"
101
+ when :protected_params_args then raise "Cannot protect controller (#{self}) that is already accessible"
102
102
  end
103
103
  end
104
104
  end
105
105
  end
106
106
  end
107
+ end
107
108
 
108
- module InstanceMethods
109
- def initialize_params_filter
110
- if accessible_params_args.is_a?(Hash)
111
- accessible_params_args.keys.each do |obj|
112
- self.request.restrict_params(obj, accessible_params_args[obj])
113
- end
109
+ module InstanceMethods
110
+ def initialize_params_filter
111
+ if accessible_params_args.is_a?(Hash)
112
+ accessible_params_args.keys.each do |obj|
113
+ self.request.restrict_params(obj, accessible_params_args[obj])
114
114
  end
115
+ end
115
116
 
116
- if protected_params_args.is_a?(Hash)
117
- protected_params_args.keys.each do |obj|
118
- self.request.remove_params_from_object(obj, protected_params_args[obj])
119
- end
117
+ if protected_params_args.is_a?(Hash)
118
+ protected_params_args.keys.each do |obj|
119
+ self.request.remove_params_from_object(obj, protected_params_args[obj])
120
120
  end
121
121
  end
122
122
  end
123
-
124
123
  end
125
124
 
126
- module RequestMixin
127
- attr_accessor :trashed_params
125
+ end
128
126
 
129
- # Removes specified parameters of an object
130
- #
131
- # remove_params_from_object(:post, [:status, :author_id])
132
- #
133
- def remove_params_from_object(obj, attrs = [])
134
- unless params[obj].nil?
135
- filtered = params
136
- attrs.each {|a| filtered[obj].delete(a)}
137
- @params = filtered
138
- end
127
+ module RequestMixin
128
+ attr_accessor :trashed_params
129
+
130
+ # Removes specified parameters of an object
131
+ #
132
+ # remove_params_from_object(:post, [:status, :author_id])
133
+ #
134
+ def remove_params_from_object(obj, attrs = [])
135
+ unless params[obj].nil?
136
+ filtered = params
137
+ attrs.each {|a| filtered[obj].delete(a)}
138
+ @params = filtered
139
139
  end
140
+ end
140
141
 
141
- # Restricts parameters of an object
142
- #
143
- # restrict_params(:post, [:title, :body])
144
- #
145
- def restrict_params(obj, attrs = [])
146
- # Make sure the params for the object exists
147
- unless params[obj].nil?
148
- attrs = attrs.collect {|a| a.to_s}
149
- trashed_params_keys = params[obj].keys - attrs
150
-
151
- # Store a hash of the key/value pairs we are going
152
- # to remove in case we need them later. Lighthouse Bug # 105
153
- @trashed_params = {}
154
- trashed_params_keys.each do |key|
155
- @trashed_params.merge!({key => params[obj][key]})
156
- end
157
-
158
- remove_params_from_object(obj, trashed_params_keys)
142
+ # Restricts parameters of an object
143
+ #
144
+ # restrict_params(:post, [:title, :body])
145
+ #
146
+ def restrict_params(obj, attrs = [])
147
+ # Make sure the params for the object exists
148
+ unless params[obj].nil?
149
+ attrs = attrs.collect {|a| a.to_s}
150
+ trashed_params_keys = params[obj].keys - attrs
151
+
152
+ # Store a hash of the key/value pairs we are going
153
+ # to remove in case we need them later. Lighthouse Bug # 105
154
+ @trashed_params = {}
155
+ trashed_params_keys.each do |key|
156
+ @trashed_params.merge!({key => params[obj][key]})
159
157
  end
160
- end
161
158
 
159
+ remove_params_from_object(obj, trashed_params_keys)
160
+ end
162
161
  end
162
+
163
163
  end
164
164
  end
165
+ end
165
166
 
166
- Merb::Controller.send(:include, Merb::ParamsFilter::ControllerMixin)
167
- Merb::Request.send(:include, Merb::ParamsFilter::RequestMixin)
167
+ Merb::Controller.send(:include, Merb::ParamsFilter::ControllerMixin)
168
+ Merb::Request.send(:include, Merb::ParamsFilter::RequestMixin)
168
169
 
169
- class Merb::Controller
170
- def self._filter_params(params)
171
- return params if self.log_params_args.nil?
172
- result = { }
173
- params.each do |k,v|
174
- result[k] = (self.log_params_args.include?(k.to_sym) ? '[FILTERED]' : v)
175
- end
176
- result
170
+ class Merb::Controller
171
+ def self._filter_params(params)
172
+ return params if self.log_params_args.nil?
173
+ result = { }
174
+ params.each do |k,v|
175
+ result[k] = (self.log_params_args.include?(k.to_sym) ? '[FILTERED]' : v)
177
176
  end
177
+ result
178
178
  end
179
179
  end
@@ -1,5 +1,5 @@
1
1
  module Merb
2
2
  module ParamProtection
3
- VERSION = '1.1.0.pre'.freeze
3
+ VERSION = '1.1.0.rc1'.freeze
4
4
  end
5
- end
5
+ end
metadata CHANGED
@@ -1,7 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: merb-param-protection
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.0.pre
4
+ prerelease: true
5
+ segments:
6
+ - 1
7
+ - 1
8
+ - 0
9
+ - rc1
10
+ version: 1.1.0.rc1
5
11
  platform: ruby
6
12
  authors:
7
13
  - Lance Carlson
@@ -9,29 +15,38 @@ autorequire:
9
15
  bindir: bin
10
16
  cert_chain: []
11
17
 
12
- date: 2010-02-20 00:00:00 +00:00
18
+ date: 2010-03-14 00:00:00 +00:00
13
19
  default_executable:
14
20
  dependencies:
15
21
  - !ruby/object:Gem::Dependency
16
22
  name: merb-core
17
- type: :runtime
18
- version_requirement:
19
- version_requirements: !ruby/object:Gem::Requirement
23
+ prerelease: false
24
+ requirement: &id001 !ruby/object:Gem::Requirement
20
25
  requirements:
21
26
  - - ~>
22
27
  - !ruby/object:Gem::Version
23
- version: 1.1.0.pre
24
- version:
28
+ segments:
29
+ - 1
30
+ - 1
31
+ - 0
32
+ - rc1
33
+ version: 1.1.0.rc1
34
+ type: :runtime
35
+ version_requirements: *id001
25
36
  - !ruby/object:Gem::Dependency
26
37
  name: rspec
27
- type: :development
28
- version_requirement:
29
- version_requirements: !ruby/object:Gem::Requirement
38
+ prerelease: false
39
+ requirement: &id002 !ruby/object:Gem::Requirement
30
40
  requirements:
31
41
  - - ">="
32
42
  - !ruby/object:Gem::Version
43
+ segments:
44
+ - 1
45
+ - 2
46
+ - 9
33
47
  version: 1.2.9
34
- version:
48
+ type: :development
49
+ version_requirements: *id002
35
50
  description: Merb plugin that helps protecting sensible parameters
36
51
  email: lancecarlson@gmail.com
37
52
  executables: []
@@ -65,18 +80,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
65
80
  requirements:
66
81
  - - ">="
67
82
  - !ruby/object:Gem::Version
83
+ segments:
84
+ - 0
68
85
  version: "0"
69
- version:
70
86
  required_rubygems_version: !ruby/object:Gem::Requirement
71
87
  requirements:
72
88
  - - ">"
73
89
  - !ruby/object:Gem::Version
90
+ segments:
91
+ - 1
92
+ - 3
93
+ - 1
74
94
  version: 1.3.1
75
- version:
76
95
  requirements: []
77
96
 
78
97
  rubyforge_project:
79
- rubygems_version: 1.3.5
98
+ rubygems_version: 1.3.6
80
99
  signing_key:
81
100
  specification_version: 3
82
101
  summary: Merb plugin that provides params_accessible and params_protected class methods