merb-param-protection 1.1.0.pre → 1.1.0.rc1

data/Rakefile

@@ -14,7 +14,7 @@ begin
 
   Jeweler::Tasks.new do |gemspec|
 
-    gemspec.version     = Merb::ParamProtection::VERSION
+    gemspec.version     = Merb::ParamProtection::VERSION.dup
 
     gemspec.name        = "merb-param-protection"
     gemspec.description = "Merb plugin that helps protecting sensible parameters"

data/lib/merb-param-protection.rb

@@ -1,3 +1,5 @@
+require "merb-core"
+
 # This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller.
 
 # Setup:
@@ -22,158 +24,156 @@
 
 # We also see that params_protected removes ONLY those parameters explicitly specified.
 
-if defined?(Merb::Plugins)
-
-  # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
-  #Merb::Plugins.config[:merb_param_protection] = {
-    #:chickens => false
-  #}
-
-  #Merb::Plugins.add_rakefiles "merb_param_protection/merbtasks"
-
-  module Merb
-    module ParamsFilter
-      module ControllerMixin
-        def self.included(base)
-          base.send(:extend, ClassMethods)
-          base.send(:include, InstanceMethods)
-          base.send(:class_inheritable_accessor, :accessible_params_args)
-          base.send(:class_inheritable_accessor, :protected_params_args)
-          base.send(:class_inheritable_accessor, :log_params_args)
-          # Don't expose these as public methods - otherwise they'll become controller actions
-          base.send(:protected, :accessible_params_args, :protected_params_args, :log_params_args)
-          base.send(:protected, :accessible_params_args=, :protected_params_args=, :log_params_args=)
-
-          base.send(:before, :initialize_params_filter)
-        end
 
-        module ClassMethods
-          # Ensures these parameters are sent for the object
-          #
-          #   params_accessible :post => [:title, :body]
-          #
-          def params_accessible(args = {})
-            assign_filtered_params(:accessible_params_args, args)
-          end
+# Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
+#Merb::Plugins.config[:merb_param_protection] = {
+  #:chickens => false
+#}
 
-          # Protects parameters of an object
-          #
-          #   params_protected :post => [:status, :author_id]
-          #
-          def params_protected(args = {})
-            assign_filtered_params(:protected_params_args, args)
-          end
+#Merb::Plugins.add_rakefiles "merb_param_protection/merbtasks"
 
-          # Filters parameters out from the default log string
-          #  Params will still be passed to the controller properly, they will
-          #  show up as [FILTERED] in the merb logs.
-          #
-          # log_params_filtered :password, 'token'
-          #
-          def log_params_filtered(*args)
-            self.log_params_args = args.collect { |arg| arg.to_sym }
-          end
+module Merb
+  module ParamsFilter
+    module ControllerMixin
+      def self.included(base)
+        base.send(:extend, ClassMethods)
+        base.send(:include, InstanceMethods)
+        base.send(:class_inheritable_accessor, :accessible_params_args)
+        base.send(:class_inheritable_accessor, :protected_params_args)
+        base.send(:class_inheritable_accessor, :log_params_args)
+        # Don't expose these as public methods - otherwise they'll become controller actions
+        base.send(:protected, :accessible_params_args, :protected_params_args, :log_params_args)
+        base.send(:protected, :accessible_params_args=, :protected_params_args=, :log_params_args=)
 
-          private
+        base.send(:before, :initialize_params_filter)
+      end
 
-          def assign_filtered_params(method, args)
-            validate_filtered_params(method, args)
+      module ClassMethods
+        # Ensures these parameters are sent for the object
+        #
+        #   params_accessible :post => [:title, :body]
+        #
+        def params_accessible(args = {})
+          assign_filtered_params(:accessible_params_args, args)
+        end
 
-            # If the method is nil, set to initial hash, otherwise merge
-            self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
-          end
+        # Protects parameters of an object
+        #
+        #   params_protected :post => [:status, :author_id]
+        #
+        def params_protected(args = {})
+          assign_filtered_params(:protected_params_args, args)
+        end
+
+        # Filters parameters out from the default log string
+        #  Params will still be passed to the controller properly, they will
+        #  show up as [FILTERED] in the merb logs.
+        #
+        # log_params_filtered :password, 'token'
+        #
+        def log_params_filtered(*args)
+          self.log_params_args = args.collect { |arg| arg.to_sym }
+        end
+
+        private
+
+        def assign_filtered_params(method, args)
+          validate_filtered_params(method, args)
+
+          # If the method is nil, set to initial hash, otherwise merge
+          self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
+        end
 
-          def validate_filtered_params(method, args)
-            # Reversing methods
-            params_methods = [:accessible_params_args, :protected_params_args]
-            params_methods.delete(method)
-            params_method = params_methods.first
-
-            # Make sure the opposite method is not nil
-            unless self.send(params_method).nil?
-              # Loop through arg's keys
-              args.keys.each do |key|
-                # If the key exists on the opposite method, raise exception
-                if self.send(params_method).include?(key)
-                  case method
-                  when :accessible_params_args then raise "Cannot make accessible a controller (#{self}) that is already protected"
-                  when :protected_params_args then raise "Cannot protect controller (#{self}) that is already accessible"
-                  end
+        def validate_filtered_params(method, args)
+          # Reversing methods
+          params_methods = [:accessible_params_args, :protected_params_args]
+          params_methods.delete(method)
+          params_method = params_methods.first
+
+          # Make sure the opposite method is not nil
+          unless self.send(params_method).nil?
+            # Loop through arg's keys
+            args.keys.each do |key|
+              # If the key exists on the opposite method, raise exception
+              if self.send(params_method).include?(key)
+                case method
+                when :accessible_params_args then raise "Cannot make accessible a controller (#{self}) that is already protected"
+                when :protected_params_args then raise "Cannot protect controller (#{self}) that is already accessible"
                 end
               end
             end
           end
         end
+      end
 
-        module InstanceMethods
-          def initialize_params_filter
-            if accessible_params_args.is_a?(Hash)
-              accessible_params_args.keys.each do |obj|
-                self.request.restrict_params(obj, accessible_params_args[obj])
-              end
+      module InstanceMethods
+        def initialize_params_filter
+          if accessible_params_args.is_a?(Hash)
+            accessible_params_args.keys.each do |obj|
+              self.request.restrict_params(obj, accessible_params_args[obj])
             end
+          end
 
-            if protected_params_args.is_a?(Hash)
-              protected_params_args.keys.each do |obj|
-                self.request.remove_params_from_object(obj, protected_params_args[obj])
-              end
+          if protected_params_args.is_a?(Hash)
+            protected_params_args.keys.each do |obj|
+              self.request.remove_params_from_object(obj, protected_params_args[obj])
             end
           end
         end
-
       end
 
-      module RequestMixin
-        attr_accessor :trashed_params
+    end
 
-        # Removes specified parameters of an object
-        #
-        #   remove_params_from_object(:post, [:status, :author_id])
-        #
-        def remove_params_from_object(obj, attrs = [])
-          unless params[obj].nil?
-            filtered = params
-            attrs.each {|a| filtered[obj].delete(a)}
-            @params = filtered
-          end
+    module RequestMixin
+      attr_accessor :trashed_params
+
+      # Removes specified parameters of an object
+      #
+      #   remove_params_from_object(:post, [:status, :author_id])
+      #
+      def remove_params_from_object(obj, attrs = [])
+        unless params[obj].nil?
+          filtered = params
+          attrs.each {|a| filtered[obj].delete(a)}
+          @params = filtered
         end
+      end
 
-        # Restricts parameters of an object
-        #
-        #   restrict_params(:post, [:title, :body])
-        #
-        def restrict_params(obj, attrs = [])
-          # Make sure the params for the object exists
-          unless params[obj].nil?
-            attrs = attrs.collect {|a| a.to_s}
-            trashed_params_keys = params[obj].keys - attrs
-
-            # Store a hash of the key/value pairs we are going
-            # to remove in case we need them later.  Lighthouse Bug # 105
-            @trashed_params = {}
-            trashed_params_keys.each do |key|
-              @trashed_params.merge!({key => params[obj][key]})
-            end
-
-            remove_params_from_object(obj, trashed_params_keys)
+      # Restricts parameters of an object
+      #
+      #   restrict_params(:post, [:title, :body])
+      #
+      def restrict_params(obj, attrs = [])
+        # Make sure the params for the object exists
+        unless params[obj].nil?
+          attrs = attrs.collect {|a| a.to_s}
+          trashed_params_keys = params[obj].keys - attrs
+
+          # Store a hash of the key/value pairs we are going
+          # to remove in case we need them later.  Lighthouse Bug # 105
+          @trashed_params = {}
+          trashed_params_keys.each do |key|
+            @trashed_params.merge!({key => params[obj][key]})
           end
-        end
 
+          remove_params_from_object(obj, trashed_params_keys)
+        end
       end
+
     end
   end
+end
 
-  Merb::Controller.send(:include, Merb::ParamsFilter::ControllerMixin)
-  Merb::Request.send(:include, Merb::ParamsFilter::RequestMixin)
+Merb::Controller.send(:include, Merb::ParamsFilter::ControllerMixin)
+Merb::Request.send(:include, Merb::ParamsFilter::RequestMixin)
 
-  class Merb::Controller
-    def self._filter_params(params)
-      return params if self.log_params_args.nil?
-      result = { }
-      params.each do |k,v|
-        result[k] = (self.log_params_args.include?(k.to_sym) ? '[FILTERED]' : v)
-      end
-      result
+class Merb::Controller
+  def self._filter_params(params)
+    return params if self.log_params_args.nil?
+    result = { }
+    params.each do |k,v|
+      result[k] = (self.log_params_args.include?(k.to_sym) ? '[FILTERED]' : v)
     end
+    result
   end
 end

data/lib/merb-param-protection/version.rb

@@ -1,5 +1,5 @@
 module Merb
   module ParamProtection
-    VERSION = '1.1.0.pre'.freeze
+    VERSION = '1.1.0.rc1'.freeze
   end
-end
+end

metadata

@@ -1,7 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: merb-param-protection
 version: !ruby/object:Gem::Version 
-  version: 1.1.0.pre
+  prerelease: true
+  segments: 
+  - 1
+  - 1
+  - 0
+  - rc1
+  version: 1.1.0.rc1
 platform: ruby
 authors: 
 - Lance Carlson
@@ -9,29 +15,38 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-02-20 00:00:00 +00:00
+date: 2010-03-14 00:00:00 +00:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: merb-core
-  type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
     requirements: 
     - - ~>
       - !ruby/object:Gem::Version 
-        version: 1.1.0.pre
-    version: 
+        segments: 
+        - 1
+        - 1
+        - 0
+        - rc1
+        version: 1.1.0.rc1
+  type: :runtime
+  version_requirements: *id001
 - !ruby/object:Gem::Dependency 
   name: rspec
-  type: :development
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
+        segments: 
+        - 1
+        - 2
+        - 9
         version: 1.2.9
-    version: 
+  type: :development
+  version_requirements: *id002
 description: Merb plugin that helps protecting sensible parameters
 email: lancecarlson@gmail.com
 executables: []
@@ -65,18 +80,22 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      segments: 
+      - 0
       version: "0"
-  version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
   requirements: 
   - - ">"
     - !ruby/object:Gem::Version 
+      segments: 
+      - 1
+      - 3
+      - 1
       version: 1.3.1
-  version: 
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.5
+rubygems_version: 1.3.6
 signing_key: 
 specification_version: 3
 summary: Merb plugin that provides params_accessible and params_protected class methods