merb_param_protection 0.5.0

Sign up to get free protection for your applications and to get access to all the features.
data/LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2008 Lance Carlson
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README ADDED
@@ -0,0 +1,27 @@
1
+ merb_param_protection
2
+ =================
3
+
4
+ This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller.
5
+
6
+ Setup:
7
+ The request sets:
8
+
9
+ params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }
10
+
11
+ Example 1: params_accessable
12
+ MyController < Application
13
+ params_accessible :post => [:title, :body]
14
+ end
15
+
16
+ params.inspect # => { :post => { :title => "ello", :body => "Want it" } }
17
+
18
+ So we see that params_accessible removes everything except what is explictly specified.
19
+
20
+ Example 2: params_protected
21
+ MyOtherController < Application
22
+ params_protected :post => [:status, :author_id]
23
+ end
24
+
25
+ params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }
26
+
27
+ We also see that params_protected removes ONLY those parameters explicitly specified.
data/Rakefile ADDED
@@ -0,0 +1,56 @@
1
+ require 'rubygems'
2
+ require 'rake/gempackagetask'
3
+ require 'spec/rake/spectask'
4
+
5
+ PLUGIN = "merb_param_protection"
6
+ NAME = "merb_param_protection"
7
+ VERSION = "0.5.0"
8
+ AUTHOR = "Lance Carlson"
9
+ EMAIL = "lancecarlson@gmail.com"
10
+ HOMEPAGE = "http://merb.devjavu.com"
11
+ SUMMARY = "Merb plugin that provides params_accessible and params_protected class methods"
12
+
13
+ spec = Gem::Specification.new do |s|
14
+ s.name = NAME
15
+ s.version = VERSION
16
+ s.platform = Gem::Platform::RUBY
17
+ s.has_rdoc = true
18
+ s.extra_rdoc_files = ["README", "LICENSE", 'TODO']
19
+ s.summary = SUMMARY
20
+ s.description = s.summary
21
+ s.author = AUTHOR
22
+ s.email = EMAIL
23
+ #s.homepage = HOMEPAGE
24
+ s.add_dependency('merb', '>= 0.4.0')
25
+ s.require_path = 'lib'
26
+ s.autorequire = PLUGIN
27
+ s.files = %w(LICENSE README Rakefile TODO) + Dir.glob("{lib,specs}/**/*")
28
+ end
29
+
30
+ Rake::GemPackageTask.new(spec) do |pkg|
31
+ pkg.gem_spec = spec
32
+ end
33
+
34
+ task :install => [:package] do
35
+ sh %{sudo gem install pkg/#{NAME}-#{VERSION}}
36
+ end
37
+
38
+ task :release => :package do
39
+ sh %{rubyforge add_release merb #{PLUGIN} #{VERSION} pkg/#{NAME}-#{VERSION}.gem}
40
+ end
41
+
42
+ desc "Run all specs"
43
+ Spec::Rake::SpecTask.new('specs') do |t|
44
+ t.spec_opts = ["--format", "specdoc", "--colour"]
45
+ t.spec_files = Dir['spec/**/*_spec.rb'].sort
46
+ end
47
+
48
+ desc "RCov"
49
+ Spec::Rake::SpecTask.new("rcov") do |t|
50
+ t.rcov_opts = ["--exclude", "gems", "--exclude", "spec"]
51
+ t.spec_opts = ["--format", "specdoc", "--colour"]
52
+ t.rcov_opts = ["--exclude","gems", "--exclude", "spec"]
53
+ t.spec_files = Dir["spec/**/*_spec.rb"].sort
54
+ t.libs = ["lib", "server/lib" ]
55
+ t.rcov = true
56
+ end
data/TODO ADDED
@@ -0,0 +1,4 @@
1
+ TODO:
2
+ DRY up the code
3
+ Finish spec'ing
4
+ Allow specification of any parameter?
@@ -0,0 +1,6 @@
1
+ namespace :merb_param_protection do
2
+ desc "Do something for merb_param_protection"
3
+ task :default do
4
+ puts "merb_param_protection doesn't do anything"
5
+ end
6
+ end
@@ -0,0 +1,144 @@
1
+ # This plugin exposes two new controller methods which allow us to simply and flexibly filter the parameters available within the controller.
2
+
3
+ # Setup:
4
+ # The request sets:
5
+ # params => { :post => { :title => "ello", :body => "Want it", :status => "green", :author_id => 3, :rank => 4 } }
6
+ #
7
+ # Example 1: params_accessable
8
+ # MyController < Application
9
+ # params_accessible :post => [:title, :body]
10
+ # end
11
+
12
+ # params.inspect # => { :post => { :title => "ello", :body => "Want it" } }
13
+
14
+ # So we see that params_accessible removes everything except what is explictly specified.
15
+
16
+ # Example 2: params_protected
17
+ # MyOtherController < Application
18
+ # params_protected :post => [:status, :author_id]
19
+ # end
20
+
21
+ # params.inspect # => { :post => { :title => "ello", :body => "Want it", :rank => 4 } }
22
+
23
+ # We also see that params_protected removes ONLY those parameters explicitly specified.
24
+
25
+ if defined?(Merb::Plugins)
26
+
27
+ # Merb gives you a Merb::Plugins.config hash...feel free to put your stuff in your piece of it
28
+ #Merb::Plugins.config[:merb_param_protection] = {
29
+ #:chickens => false
30
+ #}
31
+
32
+ #Merb::Plugins.add_rakefiles "merb_param_protection/merbtasks"
33
+
34
+ module Merb
35
+ module ParamsFilter
36
+ module ControllerMixin
37
+ def self.included(base)
38
+ base.send(:extend, ClassMethods)
39
+ base.send(:include, InstanceMethods)
40
+ base.send(:class_inheritable_accessor, :accessible_params_args)
41
+ base.send(:class_inheritable_accessor, :protected_params_args)
42
+ base.send(:before, :initialize_params_filter)
43
+ end
44
+
45
+ module ClassMethods
46
+ # Ensures these parameters are sent for the object
47
+ #
48
+ # params_accessible :post => [:title, :body]
49
+ #
50
+ def params_accessible(args = {})
51
+ assign_filtered_params(:accessible_params_args, args)
52
+ end
53
+
54
+ # Protects parameters of an object
55
+ #
56
+ # params_protected :post => [:status, :author_id]
57
+ #
58
+ def params_protected(args = {})
59
+ assign_filtered_params(:protected_params_args, args)
60
+ end
61
+
62
+ private
63
+
64
+ def assign_filtered_params(method, args)
65
+ validate_filtered_params(method, args)
66
+
67
+ # If the method is nil, set to initial hash, otherwise merge
68
+ self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args)
69
+ end
70
+
71
+ def validate_filtered_params(method, args)
72
+ # Reversing methods
73
+ params_methods = [:accessible_params_args, :protected_params_args]
74
+ params_methods.delete(method)
75
+ params_method = params_methods.first
76
+
77
+ # Make sure the opposite method is not nil
78
+ unless self.send(params_method).nil?
79
+ # Loop through arg's keys
80
+ args.keys.each do |key|
81
+ # If the key exists on the opposite method, raise exception
82
+ if self.send(params_method).include?(key)
83
+ case method
84
+ when :accessible_params_args : raise "Cannot make accessible a controller (#{self}) that is already protected"
85
+ when :protected_params_args : raise "Cannot protect controller (#{self}) that is already accessible"
86
+ end
87
+ end
88
+ end
89
+ end
90
+ end
91
+ end
92
+
93
+ module InstanceMethods
94
+ def initialize_params_filter
95
+ if accessible_params_args.is_a?(Hash)
96
+ accessible_params_args.keys.each do |obj|
97
+ self.request.restrict_params(obj, accessible_params_args[obj])
98
+ end
99
+ end
100
+
101
+ if protected_params_args.is_a?(Hash)
102
+ protected_params_args.keys.each do |obj|
103
+ self.request.remove_params_from_object(obj, protected_params_args[obj])
104
+ end
105
+ end
106
+ end
107
+ end
108
+
109
+ end
110
+
111
+ module RequestMixin
112
+ attr_accessor :trashed_params
113
+
114
+ # Removes specified parameters of an object
115
+ #
116
+ # params_filter_from_object(:post, [:status, :author_id])
117
+ #
118
+ def remove_params_from_object(obj, attrs = [])
119
+ unless params[obj].nil?
120
+ filtered = params
121
+ attrs.each {|a| filtered[obj].delete(a)}
122
+ @params = filtered
123
+ end
124
+ end
125
+
126
+ # Restricts parameters of an object
127
+ #
128
+ # restrict_params(:post, [:title, :body])
129
+ #
130
+ def restrict_params(obj, attrs = [])
131
+ # Make sure the params for the object exists
132
+ unless params[obj].nil?
133
+ attrs = attrs.collect {|a| a.to_s}
134
+ @trashed_params = params[obj].keys - attrs
135
+ remove_params_from_object(obj, trashed_params)
136
+ end
137
+ end
138
+ end
139
+ end
140
+ end
141
+
142
+ Merb::Controller.send(:include, Merb::ParamsFilter::ControllerMixin)
143
+ Merb::Request.send(:include, Merb::ParamsFilter::RequestMixin)
144
+ end
metadata ADDED
@@ -0,0 +1,69 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: merb_param_protection
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.5.0
5
+ platform: ruby
6
+ authors:
7
+ - Lance Carlson
8
+ autorequire: merb_param_protection
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2008-01-11 00:00:00 -06:00
13
+ default_executable:
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: merb
17
+ version_requirement:
18
+ version_requirements: !ruby/object:Gem::Requirement
19
+ requirements:
20
+ - - ">="
21
+ - !ruby/object:Gem::Version
22
+ version: 0.4.0
23
+ version:
24
+ description: Merb plugin that provides params_accessible and params_protected class methods
25
+ email: lancecarlson@gmail.com
26
+ executables: []
27
+
28
+ extensions: []
29
+
30
+ extra_rdoc_files:
31
+ - README
32
+ - LICENSE
33
+ - TODO
34
+ files:
35
+ - LICENSE
36
+ - README
37
+ - Rakefile
38
+ - TODO
39
+ - lib/merb_param_protection
40
+ - lib/merb_param_protection/merbtasks.rb
41
+ - lib/merb_param_protection.rb
42
+ has_rdoc: true
43
+ homepage:
44
+ post_install_message:
45
+ rdoc_options: []
46
+
47
+ require_paths:
48
+ - lib
49
+ required_ruby_version: !ruby/object:Gem::Requirement
50
+ requirements:
51
+ - - ">="
52
+ - !ruby/object:Gem::Version
53
+ version: "0"
54
+ version:
55
+ required_rubygems_version: !ruby/object:Gem::Requirement
56
+ requirements:
57
+ - - ">="
58
+ - !ruby/object:Gem::Version
59
+ version: "0"
60
+ version:
61
+ requirements: []
62
+
63
+ rubyforge_project:
64
+ rubygems_version: 0.9.5
65
+ signing_key:
66
+ specification_version: 2
67
+ summary: Merb plugin that provides params_accessible and params_protected class methods
68
+ test_files: []
69
+