moderate_parameters 0.3.0 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +23 -23
- data/README.md +14 -1
- data/lib/moderate_parameters/breadcrumbs.rb +63 -7
- data/lib/moderate_parameters/logger.rb +3 -3
- data/lib/moderate_parameters/parameters.rb +33 -1
- data/lib/moderate_parameters/version.rb +1 -1
- data/moderate_parameters.gemspec +1 -1
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 7da243c4e3c3402126ab024168790ca875ce97288d783432ce7d7105aa0082a8
|
4
|
+
data.tar.gz: 981432f67a8d7a5e17e774dc171cc239ff2379059e164cd4e24f40b446e51a70
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f87a7a589852fccbc9dce81f5d4e041aeda5bbedbdadccd8a17599e5266a25cdc98b48047cf80886360c5f3e596b2b07aa705a2bd86f2ff575e929fac271740e
|
7
|
+
data.tar.gz: c0f48cd8721c99870af9229902bb26e7a3b805109afce9ea2fde53cce48266c546ccf267396db2780e1c34093556e63939db90fe0b399367e113394467b87af4
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
moderate_parameters (0.
|
4
|
+
moderate_parameters (0.4.0)
|
5
5
|
actionpack (>= 4.2, < 6.1)
|
6
6
|
activemodel (>= 4.2, < 6.1)
|
7
7
|
activesupport (>= 4.2, < 6.1)
|
@@ -10,51 +10,51 @@ PATH
|
|
10
10
|
GEM
|
11
11
|
remote: https://rubygems.org/
|
12
12
|
specs:
|
13
|
-
actionpack (6.0.
|
14
|
-
actionview (= 6.0.
|
15
|
-
activesupport (= 6.0.
|
13
|
+
actionpack (6.0.3.4)
|
14
|
+
actionview (= 6.0.3.4)
|
15
|
+
activesupport (= 6.0.3.4)
|
16
16
|
rack (~> 2.0, >= 2.0.8)
|
17
17
|
rack-test (>= 0.6.3)
|
18
18
|
rails-dom-testing (~> 2.0)
|
19
19
|
rails-html-sanitizer (~> 1.0, >= 1.2.0)
|
20
|
-
actionview (6.0.
|
21
|
-
activesupport (= 6.0.
|
20
|
+
actionview (6.0.3.4)
|
21
|
+
activesupport (= 6.0.3.4)
|
22
22
|
builder (~> 3.1)
|
23
23
|
erubi (~> 1.4)
|
24
24
|
rails-dom-testing (~> 2.0)
|
25
25
|
rails-html-sanitizer (~> 1.1, >= 1.2.0)
|
26
|
-
activemodel (6.0.
|
27
|
-
activesupport (= 6.0.
|
28
|
-
activesupport (6.0.
|
26
|
+
activemodel (6.0.3.4)
|
27
|
+
activesupport (= 6.0.3.4)
|
28
|
+
activesupport (6.0.3.4)
|
29
29
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
30
30
|
i18n (>= 0.7, < 2)
|
31
31
|
minitest (~> 5.1)
|
32
32
|
tzinfo (~> 1.1)
|
33
|
-
zeitwerk (~> 2.2)
|
33
|
+
zeitwerk (~> 2.2, >= 2.2.2)
|
34
34
|
appraisal (2.2.0)
|
35
35
|
bundler
|
36
36
|
rake
|
37
37
|
thor (>= 0.14.0)
|
38
38
|
builder (3.2.4)
|
39
39
|
coderay (1.1.2)
|
40
|
-
concurrent-ruby (1.1.
|
40
|
+
concurrent-ruby (1.1.7)
|
41
41
|
crass (1.0.6)
|
42
42
|
diff-lcs (1.3)
|
43
43
|
erubi (1.9.0)
|
44
|
-
i18n (1.8.
|
44
|
+
i18n (1.8.5)
|
45
45
|
concurrent-ruby (~> 1.0)
|
46
|
-
loofah (2.
|
46
|
+
loofah (2.7.0)
|
47
47
|
crass (~> 1.0.2)
|
48
48
|
nokogiri (>= 1.5.9)
|
49
49
|
method_source (0.9.2)
|
50
50
|
mini_portile2 (2.4.0)
|
51
|
-
minitest (5.14.
|
52
|
-
nokogiri (1.10.
|
51
|
+
minitest (5.14.2)
|
52
|
+
nokogiri (1.10.10)
|
53
53
|
mini_portile2 (~> 2.4.0)
|
54
54
|
pry (0.12.2)
|
55
55
|
coderay (~> 1.1.0)
|
56
56
|
method_source (~> 0.9.0)
|
57
|
-
rack (2.
|
57
|
+
rack (2.2.3)
|
58
58
|
rack-test (1.1.0)
|
59
59
|
rack (>= 1.0, < 3)
|
60
60
|
rails-dom-testing (2.0.3)
|
@@ -62,13 +62,13 @@ GEM
|
|
62
62
|
nokogiri (>= 1.6)
|
63
63
|
rails-html-sanitizer (1.3.0)
|
64
64
|
loofah (~> 2.3)
|
65
|
-
railties (6.0.
|
66
|
-
actionpack (= 6.0.
|
67
|
-
activesupport (= 6.0.
|
65
|
+
railties (6.0.3.4)
|
66
|
+
actionpack (= 6.0.3.4)
|
67
|
+
activesupport (= 6.0.3.4)
|
68
68
|
method_source
|
69
69
|
rake (>= 0.8.7)
|
70
70
|
thor (>= 0.20.3, < 2.0)
|
71
|
-
rake (
|
71
|
+
rake (13.0.1)
|
72
72
|
rspec (3.9.0)
|
73
73
|
rspec-core (~> 3.9.0)
|
74
74
|
rspec-expectations (~> 3.9.0)
|
@@ -86,9 +86,9 @@ GEM
|
|
86
86
|
rspec-core (>= 2, < 4, != 2.12.0)
|
87
87
|
thor (1.0.1)
|
88
88
|
thread_safe (0.3.6)
|
89
|
-
tzinfo (1.2.
|
89
|
+
tzinfo (1.2.7)
|
90
90
|
thread_safe (~> 0.1)
|
91
|
-
zeitwerk (2.
|
91
|
+
zeitwerk (2.4.0)
|
92
92
|
|
93
93
|
PLATFORMS
|
94
94
|
ruby
|
@@ -98,7 +98,7 @@ DEPENDENCIES
|
|
98
98
|
bundler (~> 2.0)
|
99
99
|
moderate_parameters!
|
100
100
|
pry (~> 0.12.2)
|
101
|
-
rake (~>
|
101
|
+
rake (~> 13.0)
|
102
102
|
rspec (~> 3.0)
|
103
103
|
rspec_junit_formatter (= 0.4.1)
|
104
104
|
|
data/README.md
CHANGED
@@ -5,6 +5,8 @@
|
|
5
5
|
|
6
6
|
By [Hint.io](https://hint.io)
|
7
7
|
|
8
|
+
[![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
|
9
|
+
|
8
10
|
In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
|
9
11
|
|
10
12
|
Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
|
@@ -111,7 +113,7 @@ end
|
|
111
113
|
|
112
114
|
We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
|
113
115
|
|
114
|
-
This means that we can remove `moderate_parameters` and move to using `permit` as
|
116
|
+
This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
|
115
117
|
|
116
118
|
```ruby
|
117
119
|
class PeopleController < ActionController::Base
|
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
|
|
129
131
|
end
|
130
132
|
```
|
131
133
|
|
134
|
+
It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
|
135
|
+
|
136
|
+
```ruby
|
137
|
+
class Person < ActiveRecord::Base
|
138
|
+
# attr_accessible :name, :age, :height
|
139
|
+
|
140
|
+
. . .
|
141
|
+
|
142
|
+
end
|
143
|
+
```
|
144
|
+
|
132
145
|
## Contributing
|
133
146
|
|
134
147
|
Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
@@ -2,34 +2,90 @@
|
|
2
2
|
|
3
3
|
module ModerateParameters
|
4
4
|
module Breadcrumbs
|
5
|
-
def [](key)
|
6
|
-
internal_param_logging(key, '
|
5
|
+
def []=(key, _value)
|
6
|
+
internal_param_logging(key, key?(key) ? 'overwritten' : 'added', caller_locations)
|
7
7
|
super
|
8
8
|
end
|
9
9
|
|
10
|
-
def
|
11
|
-
|
10
|
+
def merge!(other_hash)
|
11
|
+
internal_method_logging('merge!', other_hash.keys, caller_locations)
|
12
|
+
super
|
13
|
+
end
|
14
|
+
|
15
|
+
def reverse_merge!(other_hash)
|
16
|
+
internal_method_logging('reverse_merge!', other_hash.keys, caller_locations)
|
12
17
|
super
|
13
18
|
end
|
14
19
|
|
15
20
|
def extract!(*keys)
|
16
|
-
internal_method_logging('extract!', keys, caller_locations)
|
21
|
+
internal_method_logging('extract!', keys, caller_locations)
|
22
|
+
super
|
23
|
+
end
|
24
|
+
|
25
|
+
def slice!(*keys)
|
26
|
+
internal_method_logging('slice!', keys, caller_locations)
|
27
|
+
super
|
28
|
+
end
|
29
|
+
|
30
|
+
def delete(*keys, &block)
|
31
|
+
internal_method_logging('delete', keys, caller_locations)
|
32
|
+
super
|
33
|
+
end
|
34
|
+
|
35
|
+
def reject!(&block)
|
36
|
+
internal_block_logging('reject!', caller_locations)
|
37
|
+
super
|
38
|
+
end
|
39
|
+
|
40
|
+
# Alias for #reject!
|
41
|
+
def delete_if(&block)
|
42
|
+
internal_block_logging('delete_if', caller_locations)
|
43
|
+
super
|
44
|
+
end
|
45
|
+
|
46
|
+
def select!(&block)
|
47
|
+
internal_block_logging('select!', caller_locations)
|
48
|
+
super
|
49
|
+
end
|
50
|
+
|
51
|
+
# Alias for #select!
|
52
|
+
def keep_if(&block)
|
53
|
+
internal_block_logging('keep_if', caller_locations)
|
17
54
|
super
|
18
55
|
end
|
19
56
|
|
20
57
|
private
|
21
58
|
|
59
|
+
def needs_logged?
|
60
|
+
ModerateParameters.breadcrumbs_enabled &&
|
61
|
+
instance_variable_get(:@moderate_params_object_id) &&
|
62
|
+
!permitted?
|
63
|
+
end
|
64
|
+
|
22
65
|
def internal_param_logging(key, action, stack_array)
|
66
|
+
return unless needs_logged?
|
67
|
+
|
23
68
|
ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
|
24
69
|
payload[:caller_locations] = stack_array
|
25
70
|
payload[:message] = "#{key} is being #{action} on: #{stack_array.join("\n")}"
|
26
71
|
end
|
27
72
|
end
|
28
73
|
|
29
|
-
def internal_method_logging(method,
|
74
|
+
def internal_method_logging(method, args, stack_array)
|
75
|
+
return unless needs_logged?
|
76
|
+
|
77
|
+
ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
|
78
|
+
payload[:caller_locations] = stack_array
|
79
|
+
payload[:message] = "#{method} is being called with #{args} on: #{stack_array.join("\n")}"
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
def internal_block_logging(method, stack_array)
|
84
|
+
return unless needs_logged?
|
85
|
+
|
30
86
|
ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
|
31
87
|
payload[:caller_locations] = stack_array
|
32
|
-
payload[:message] = "#{method} is being called with
|
88
|
+
payload[:message] = "#{method} is being called with a block on: #{stack_array.join("\n")}"
|
33
89
|
end
|
34
90
|
end
|
35
91
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
$moderate_parameters_logger = ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')
|
4
|
-
|
5
3
|
ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
|
6
|
-
|
4
|
+
(ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info(
|
5
|
+
"#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
|
6
|
+
)
|
7
7
|
end
|
@@ -2,7 +2,17 @@
|
|
2
2
|
|
3
3
|
module ModerateParameters
|
4
4
|
module Parameters
|
5
|
+
MP_OBJECT_ID = :@moderate_params_object_id
|
6
|
+
MP_PARENT_KEY = :@moderate_params_parent_key
|
7
|
+
|
5
8
|
def moderate(controller_name, action, *filters)
|
9
|
+
log_duplicate_moderate_warning(
|
10
|
+
caller_locations,
|
11
|
+
instance_variable_get(MP_PARENT_KEY),
|
12
|
+
controller_name,
|
13
|
+
action
|
14
|
+
) if instance_variable_get(MP_OBJECT_ID)
|
15
|
+
|
6
16
|
params = self.class.new
|
7
17
|
|
8
18
|
filters.each do |filter|
|
@@ -19,7 +29,15 @@ module ModerateParameters
|
|
19
29
|
end
|
20
30
|
|
21
31
|
incoming_params_logging(params, controller_name, action)
|
22
|
-
|
32
|
+
duplicate_params = dup
|
33
|
+
instance_variable_set(MP_OBJECT_ID, duplicate_params.object_id)
|
34
|
+
duplicate_params.permit!
|
35
|
+
end
|
36
|
+
|
37
|
+
def require(key)
|
38
|
+
return super if key.is_a?(Array) || self[key].blank?
|
39
|
+
self[key].instance_variable_set(MP_PARENT_KEY, key)
|
40
|
+
super
|
23
41
|
end
|
24
42
|
|
25
43
|
private
|
@@ -38,6 +56,12 @@ module ModerateParameters
|
|
38
56
|
end
|
39
57
|
end
|
40
58
|
|
59
|
+
def log_duplicate_moderate_warning(stack_array, parent_key, controller_name, action)
|
60
|
+
write_to_log(message: ".moderate has already been called on params.require(:#{parent_key}): #{stack_array.join("\n")}",
|
61
|
+
action: action,
|
62
|
+
controller: controller_name)
|
63
|
+
end
|
64
|
+
|
41
65
|
def non_scalar_value_filter(params, key, controller_name, action)
|
42
66
|
if has_key?(key) && !permitted_scalar?(self[key])
|
43
67
|
params[key] = self[key].class.new
|
@@ -47,6 +71,14 @@ module ModerateParameters
|
|
47
71
|
end
|
48
72
|
end
|
49
73
|
|
74
|
+
def array_of_permitted_scalars?(value)
|
75
|
+
if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
|
76
|
+
return true unless block_given?
|
77
|
+
|
78
|
+
yield value
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
50
82
|
def non_scalar?(value)
|
51
83
|
value.is_a?(Array) || value.is_a?(Parameters)
|
52
84
|
end
|
data/moderate_parameters.gemspec
CHANGED
@@ -43,7 +43,7 @@ Gem::Specification.new do |spec|
|
|
43
43
|
|
44
44
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
45
45
|
spec.add_development_dependency 'pry', '~> 0.12.2'
|
46
|
-
spec.add_development_dependency 'rake', '~>
|
46
|
+
spec.add_development_dependency 'rake', '~> 13.0'
|
47
47
|
spec.add_development_dependency 'rspec', '~> 3.0'
|
48
48
|
spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
|
49
49
|
spec.add_development_dependency 'appraisal', '2.2.0'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: moderate_parameters
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Kyle Boe
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-11-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: actionpack
|
@@ -124,14 +124,14 @@ dependencies:
|
|
124
124
|
requirements:
|
125
125
|
- - "~>"
|
126
126
|
- !ruby/object:Gem::Version
|
127
|
-
version: '
|
127
|
+
version: '13.0'
|
128
128
|
type: :development
|
129
129
|
prerelease: false
|
130
130
|
version_requirements: !ruby/object:Gem::Requirement
|
131
131
|
requirements:
|
132
132
|
- - "~>"
|
133
133
|
- !ruby/object:Gem::Version
|
134
|
-
version: '
|
134
|
+
version: '13.0'
|
135
135
|
- !ruby/object:Gem::Dependency
|
136
136
|
name: rspec
|
137
137
|
requirement: !ruby/object:Gem::Requirement
|