RubyGems - moderate_parameters - Versions diffs - 0.3.0 → 0.4.0 - Mend

moderate_parameters 0.3.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/Gemfile.lock +23 -23
data/README.md +14 -1
data/lib/moderate_parameters/breadcrumbs.rb +63 -7
data/lib/moderate_parameters/logger.rb +3 -3
data/lib/moderate_parameters/parameters.rb +33 -1
data/lib/moderate_parameters/version.rb +1 -1
data/moderate_parameters.gemspec +1 -1
metadata +4 -4

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 33118bf4c165859d1135b0628d3c1177560003900ea7637a4d97bb149f00fbef
-  data.tar.gz: cef73308c79623677793428b8704e667eca870e2f4463ffc41efb878d030429d
+  metadata.gz: 7da243c4e3c3402126ab024168790ca875ce97288d783432ce7d7105aa0082a8
+  data.tar.gz: 981432f67a8d7a5e17e774dc171cc239ff2379059e164cd4e24f40b446e51a70
 SHA512:
-  metadata.gz: 12d73a15669d2af4b6b579b1fe0905efb191bc3474bb174fb011b2065d1efbce9c91efcf9f379984139a506c85cdf1b34ca8966df6dbf996d57c8e291487ff31
-  data.tar.gz: 68c48b72df1c5a99a7287330c4cfa2275c6cfdc8ccfc5c6af28db5b24e5b4bff232709e24c949a58d645fbb0ef1ea9fe0e751f7ad6e01c8c9348ab578eb3ff58
+  metadata.gz: f87a7a589852fccbc9dce81f5d4e041aeda5bbedbdadccd8a17599e5266a25cdc98b48047cf80886360c5f3e596b2b07aa705a2bd86f2ff575e929fac271740e
+  data.tar.gz: c0f48cd8721c99870af9229902bb26e7a3b805109afce9ea2fde53cce48266c546ccf267396db2780e1c34093556e63939db90fe0b399367e113394467b87af4

data/Gemfile.lock CHANGED

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    moderate_parameters (0.3.0)
+    moderate_parameters (0.4.0)
       actionpack (>= 4.2, < 6.1)
       activemodel (>= 4.2, < 6.1)
       activesupport (>= 4.2, < 6.1)
@@ -10,51 +10,51 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.0.2.1)
-      actionview (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
+    actionpack (6.0.3.4)
+      actionview (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       rack (~> 2.0, >= 2.0.8)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.2.1)
-      activesupport (= 6.0.2.1)
+    actionview (6.0.3.4)
+      activesupport (= 6.0.3.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activesupport (6.0.2.1)
+    activemodel (6.0.3.4)
+      activesupport (= 6.0.3.4)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
+      zeitwerk (~> 2.2, >= 2.2.2)
     appraisal (2.2.0)
       bundler
       rake
       thor (>= 0.14.0)
     builder (3.2.4)
     coderay (1.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.7)
     crass (1.0.6)
     diff-lcs (1.3)
     erubi (1.9.0)
-    i18n (1.8.2)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
+    loofah (2.7.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     method_source (0.9.2)
     mini_portile2 (2.4.0)
-    minitest (5.14.0)
-    nokogiri (1.10.7)
+    minitest (5.14.2)
+    nokogiri (1.10.10)
       mini_portile2 (~> 2.4.0)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rack (2.1.1)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
@@ -62,13 +62,13 @@ GEM
       nokogiri (>= 1.6)
     rails-html-sanitizer (1.3.0)
       loofah (~> 2.3)
-    railties (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
+    railties (6.0.3.4)
+      actionpack (= 6.0.3.4)
+      activesupport (= 6.0.3.4)
       method_source
       rake (>= 0.8.7)
       thor (>= 0.20.3, < 2.0)
-    rake (10.5.0)
+    rake (13.0.1)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -86,9 +86,9 @@ GEM
       rspec-core (>= 2, < 4, != 2.12.0)
     thor (1.0.1)
     thread_safe (0.3.6)
-    tzinfo (1.2.6)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
-    zeitwerk (2.2.2)
+    zeitwerk (2.4.0)
 PLATFORMS
   ruby
@@ -98,7 +98,7 @@ DEPENDENCIES
   bundler (~> 2.0)
   moderate_parameters!
   pry (~> 0.12.2)
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
   rspec_junit_formatter (= 0.4.1)

data/README.md CHANGED

@@ -5,6 +5,8 @@
 By [Hint.io](https://hint.io)
+[![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
 In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
 Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
@@ -111,7 +113,7 @@ end
 We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
-This means that we can remove `moderate_parameters` and move to using `permit` as a part of `strong_parameters`:
+This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
 ```ruby
 class PeopleController < ActionController::Base
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
 end
 ```
+It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
+```ruby
+class Person < ActiveRecord::Base
+  # attr_accessible :name, :age, :height
+  . . .
+end
+```
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/lib/moderate_parameters/breadcrumbs.rb CHANGED

@@ -2,34 +2,90 @@
 module ModerateParameters
   module Breadcrumbs
-    def [](key)
-      internal_param_logging(key, 'read', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def []=(key, _value)
+      internal_param_logging(key, key?(key) ? 'overwritten' : 'added', caller_locations)
       super
     end
-    def []=(key, value)
-      internal_param_logging(key, 'overwritten', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def merge!(other_hash)
+      internal_method_logging('merge!', other_hash.keys, caller_locations)
+      super
+    end
+    def reverse_merge!(other_hash)
+      internal_method_logging('reverse_merge!', other_hash.keys, caller_locations)
       super
     end
     def extract!(*keys)
-      internal_method_logging('extract!', keys, caller_locations) if ModerateParameters.breadcrumbs_enabled
+      internal_method_logging('extract!', keys, caller_locations)
+      super
+    end
+    def slice!(*keys)
+      internal_method_logging('slice!', keys, caller_locations)
+      super
+    end
+    def delete(*keys, &block)
+      internal_method_logging('delete', keys, caller_locations)
+      super
+    end
+    def reject!(&block)
+      internal_block_logging('reject!', caller_locations)
+      super
+    end
+    # Alias for #reject!
+    def delete_if(&block)
+      internal_block_logging('delete_if', caller_locations)
+      super
+    end
+    def select!(&block)
+      internal_block_logging('select!', caller_locations)
+      super
+    end
+    # Alias for #select!
+    def keep_if(&block)
+      internal_block_logging('keep_if', caller_locations)
       super
     end
     private
+    def needs_logged?
+      ModerateParameters.breadcrumbs_enabled &&
+      instance_variable_get(:@moderate_params_object_id) &&
+      !permitted?
+    end
     def internal_param_logging(key, action, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
         payload[:message] = "#{key} is being #{action} on: #{stack_array.join("\n")}"
       end
     end
-    def internal_method_logging(method, keys, stack_array)
+    def internal_method_logging(method, args, stack_array)
+      return unless needs_logged?
+      ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
+        payload[:caller_locations] = stack_array
+        payload[:message] = "#{method} is being called with #{args} on: #{stack_array.join("\n")}"
+      end
+    end
+    def internal_block_logging(method, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
-        payload[:message] = "#{method} is being called with #{keys} on: #{stack_array.join("\n")}"
+        payload[:message] = "#{method} is being called with a block on: #{stack_array.join("\n")}"
       end
     end
   end

data/lib/moderate_parameters/logger.rb CHANGED

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
-$moderate_parameters_logger = ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')
 ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
-  $moderate_parameters_logger.info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info(
+    "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  )
 end

data/lib/moderate_parameters/parameters.rb CHANGED

@@ -2,7 +2,17 @@
 module ModerateParameters
   module Parameters
+    MP_OBJECT_ID = :@moderate_params_object_id
+    MP_PARENT_KEY = :@moderate_params_parent_key
     def moderate(controller_name, action, *filters)
+      log_duplicate_moderate_warning(
+        caller_locations,
+        instance_variable_get(MP_PARENT_KEY),
+        controller_name,
+        action
+      ) if instance_variable_get(MP_OBJECT_ID)
       params = self.class.new
       filters.each do |filter|
@@ -19,7 +29,15 @@ module ModerateParameters
       end
       incoming_params_logging(params, controller_name, action)
-      permit!
+      duplicate_params = dup
+      instance_variable_set(MP_OBJECT_ID, duplicate_params.object_id)
+      duplicate_params.permit!
+    end
+    def require(key)
+      return super if key.is_a?(Array) || self[key].blank?
+      self[key].instance_variable_set(MP_PARENT_KEY, key)
+      super
     end
     private
@@ -38,6 +56,12 @@ module ModerateParameters
       end
     end
+    def log_duplicate_moderate_warning(stack_array, parent_key, controller_name, action)
+      write_to_log(message: ".moderate has already been called on params.require(:#{parent_key}): #{stack_array.join("\n")}",
+                   action: action,
+                   controller: controller_name)
+    end
     def non_scalar_value_filter(params, key, controller_name, action)
       if has_key?(key) && !permitted_scalar?(self[key])
         params[key] = self[key].class.new
@@ -47,6 +71,14 @@ module ModerateParameters
       end
     end
+    def array_of_permitted_scalars?(value)
+      if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
+        return true unless block_given?
+        yield value
+      end
+    end
     def non_scalar?(value)
       value.is_a?(Array) || value.is_a?(Parameters)
     end

data/lib/moderate_parameters/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ModerateParameters
-  VERSION = '0.3.0'
+  VERSION = '0.4.0'
 end

data/moderate_parameters.gemspec CHANGED

@@ -43,7 +43,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'pry', '~> 0.12.2'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
   spec.add_development_dependency 'appraisal', '2.2.0'

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: moderate_parameters
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Kyle Boe
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-22 00:00:00.000000000 Z
+date: 2020-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -124,14 +124,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement