RubyGems - moderate_parameters - Versions diffs - 0.3.2 → 0.4.1 - Mend

moderate_parameters 0.3.2 → 0.4.1

Files changed (9) hide show

checksums.yaml +4 -4
data/Gemfile.lock +40 -39
data/README.md +14 -1
data/lib/moderate_parameters/breadcrumbs.rb +63 -7
data/lib/moderate_parameters/logger.rb +3 -1
data/lib/moderate_parameters/parameters.rb +33 -1
data/lib/moderate_parameters/version.rb +1 -1
data/moderate_parameters.gemspec +5 -5
metadata +15 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba33050049dd8c5032eae5d421dd37b9e6aab9bd399f3c414fcd44f3659932bd
-  data.tar.gz: 1f1d1d4401fa487a322e56ce1654b0943df2c114807791248222c90e463e6566
+  metadata.gz: 23eafaba8b9f64135a3edf48864f37138116d8a42697ced5b468c08bdf9cb874
+  data.tar.gz: c7d77caed1f34d990f5dcd8249f82cb986e43c331faec8fb93a0687b3f6c93a9
 SHA512:
-  metadata.gz: 941f550a839d2d6bd48321cdb9627eab93226dc5d655c009f4073f97d6a77f4fc6d1945803143b99314fced7d341fe1604f78a11488ffd4e94ccdc92f3925777
-  data.tar.gz: 5dbd1d0c60870bd8b0aa3749fcd685a5599d029c40797cc9f988141458df8b7b0a834c1340e0c1567788f44bbe7f855f122f227b65d0162167a7dba00a41c837
+  metadata.gz: ffa210ee922ad715e48ea4e9382b8b6725a15c25fad3eed0ea7790aeab1828edc4809df68e82e45ff50579b8cd3d3374694801e44c78fc552eed9a51d923cd6f
+  data.tar.gz: 18c087330c98ab59bd2c535389f6a58a255466053460665909ad3417822aef991a060712ee59162a6735f0a0c740843e81c48ba6a09a98e322ddd645fcdcf988

data/Gemfile.lock CHANGED Viewed

@@ -1,74 +1,76 @@
 PATH
   remote: .
   specs:
-    moderate_parameters (0.3.0)
-      actionpack (>= 4.2, < 6.1)
-      activemodel (>= 4.2, < 6.1)
-      activesupport (>= 4.2, < 6.1)
-      railties (>= 4.2, < 6.1)
+    moderate_parameters (0.4.1)
+      actionpack (>= 4.2, < 6.2)
+      activemodel (>= 4.2, < 6.2)
+      activesupport (>= 4.2, < 6.2)
+      railties (>= 4.2, < 6.2)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.0.2.1)
-      actionview (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.4.1)
+      actionview (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.2.1)
-      activesupport (= 6.0.2.1)
+    actionview (6.1.4.1)
+      activesupport (= 6.1.4.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activesupport (6.0.2.1)
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activesupport (6.1.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     appraisal (2.2.0)
       bundler
       rake
       thor (>= 0.14.0)
     builder (3.2.4)
     coderay (1.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.9)
     crass (1.0.6)
     diff-lcs (1.3)
-    erubi (1.9.0)
-    i18n (1.8.2)
+    erubi (1.10.0)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
+    loofah (2.12.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     method_source (0.9.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.0)
-    nokogiri (1.10.7)
-      mini_portile2 (~> 2.4.0)
+    mini_portile2 (2.6.1)
+    minitest (5.14.4)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
+      racc (~> 1.4)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rack (2.1.1)
+    racc (1.6.0)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
+    railties (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (10.5.0)
+      rake (>= 0.13)
+      thor (~> 1.0)
+    rake (13.0.1)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -85,10 +87,9 @@ GEM
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
     thor (1.0.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    zeitwerk (2.2.2)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    zeitwerk (2.5.1)
 PLATFORMS
   ruby
@@ -98,7 +99,7 @@ DEPENDENCIES
   bundler (~> 2.0)
   moderate_parameters!
   pry (~> 0.12.2)
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
   rspec_junit_formatter (= 0.4.1)

data/README.md CHANGED Viewed

@@ -5,6 +5,8 @@
 By [Hint.io](https://hint.io)
+[![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
 In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
 Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
@@ -111,7 +113,7 @@ end
 We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
-This means that we can remove `moderate_parameters` and move to using `permit` as a part of `strong_parameters`:
+This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
 ```ruby
 class PeopleController < ActionController::Base
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
 end
 ```
+It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
+```ruby
+class Person < ActiveRecord::Base
+  # attr_accessible :name, :age, :height
+  . . .
+end
+```
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/lib/moderate_parameters/breadcrumbs.rb CHANGED Viewed

@@ -2,34 +2,90 @@
 module ModerateParameters
   module Breadcrumbs
-    def [](key)
-      internal_param_logging(key, 'read', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def []=(key, _value)
+      internal_param_logging(key, key?(key) ? 'overwritten' : 'added', caller_locations)
       super
     end
-    def []=(key, value)
-      internal_param_logging(key, 'overwritten', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def merge!(other_hash)
+      internal_method_logging('merge!', other_hash.keys, caller_locations)
+      super
+    end
+    def reverse_merge!(other_hash)
+      internal_method_logging('reverse_merge!', other_hash.keys, caller_locations)
       super
     end
     def extract!(*keys)
-      internal_method_logging('extract!', keys, caller_locations) if ModerateParameters.breadcrumbs_enabled
+      internal_method_logging('extract!', keys, caller_locations)
+      super
+    end
+    def slice!(*keys)
+      internal_method_logging('slice!', keys, caller_locations)
+      super
+    end
+    def delete(*keys, &block)
+      internal_method_logging('delete', keys, caller_locations)
+      super
+    end
+    def reject!(&block)
+      internal_block_logging('reject!', caller_locations)
+      super
+    end
+    # Alias for #reject!
+    def delete_if(&block)
+      internal_block_logging('delete_if', caller_locations)
+      super
+    end
+    def select!(&block)
+      internal_block_logging('select!', caller_locations)
+      super
+    end
+    # Alias for #select!
+    def keep_if(&block)
+      internal_block_logging('keep_if', caller_locations)
       super
     end
     private
+    def needs_logged?
+      ModerateParameters.breadcrumbs_enabled &&
+      instance_variable_get(:@moderate_params_object_id) &&
+      !permitted?
+    end
     def internal_param_logging(key, action, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
         payload[:message] = "#{key} is being #{action} on: #{stack_array.join("\n")}"
       end
     end
-    def internal_method_logging(method, keys, stack_array)
+    def internal_method_logging(method, args, stack_array)
+      return unless needs_logged?
+      ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
+        payload[:caller_locations] = stack_array
+        payload[:message] = "#{method} is being called with #{args} on: #{stack_array.join("\n")}"
+      end
+    end
+    def internal_block_logging(method, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
-        payload[:message] = "#{method} is being called with #{keys} on: #{stack_array.join("\n")}"
+        payload[:message] = "#{method} is being called with a block on: #{stack_array.join("\n")}"
       end
     end
   end

data/lib/moderate_parameters/logger.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
-  (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info(
+    "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  )
 end

data/lib/moderate_parameters/parameters.rb CHANGED Viewed

@@ -2,7 +2,17 @@
 module ModerateParameters
   module Parameters
+    MP_OBJECT_ID = :@moderate_params_object_id
+    MP_PARENT_KEY = :@moderate_params_parent_key
     def moderate(controller_name, action, *filters)
+      log_duplicate_moderate_warning(
+        caller_locations,
+        instance_variable_get(MP_PARENT_KEY),
+        controller_name,
+        action
+      ) if instance_variable_get(MP_OBJECT_ID)
       params = self.class.new
       filters.each do |filter|
@@ -19,7 +29,15 @@ module ModerateParameters
       end
       incoming_params_logging(params, controller_name, action)
-      dup.permit!
+      duplicate_params = dup
+      instance_variable_set(MP_OBJECT_ID, duplicate_params.object_id)
+      duplicate_params.permit!
+    end
+    def require(key)
+      return super if key.is_a?(Array) || self[key].blank?
+      self[key].instance_variable_set(MP_PARENT_KEY, key)
+      super
     end
     private
@@ -38,6 +56,12 @@ module ModerateParameters
       end
     end
+    def log_duplicate_moderate_warning(stack_array, parent_key, controller_name, action)
+      write_to_log(message: ".moderate has already been called on params.require(:#{parent_key}): #{stack_array.join("\n")}",
+                   action: action,
+                   controller: controller_name)
+    end
     def non_scalar_value_filter(params, key, controller_name, action)
       if has_key?(key) && !permitted_scalar?(self[key])
         params[key] = self[key].class.new
@@ -47,6 +71,14 @@ module ModerateParameters
       end
     end
+    def array_of_permitted_scalars?(value)
+      if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
+        return true unless block_given?
+        yield value
+      end
+    end
     def non_scalar?(value)
       value.is_a?(Array) || value.is_a?(Parameters)
     end

data/lib/moderate_parameters/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ModerateParameters
-  VERSION = '0.3.2'
+  VERSION = '0.4.1'
 end

data/moderate_parameters.gemspec CHANGED Viewed

@@ -36,14 +36,14 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3.1'
-  spec.add_dependency 'actionpack', '>= 4.2', '< 6.1'
-  spec.add_dependency 'activemodel', '>= 4.2', '< 6.1'
-  spec.add_dependency 'activesupport', '>= 4.2', '< 6.1'
-  spec.add_dependency 'railties', '>= 4.2', '< 6.1'
+  spec.add_dependency 'actionpack', '>= 4.2', '< 6.2'
+  spec.add_dependency 'activemodel', '>= 4.2', '< 6.2'
+  spec.add_dependency 'activesupport', '>= 4.2', '< 6.2'
+  spec.add_dependency 'railties', '>= 4.2', '< 6.2'
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'pry', '~> 0.12.2'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
   spec.add_development_dependency 'appraisal', '2.2.0'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: moderate_parameters
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.1
 platform: ruby
 authors:
 - Kyle Boe
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-03 00:00:00.000000000 Z
+date: 2021-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -19,7 +19,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -59,7 +59,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -69,7 +69,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -79,7 +79,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -89,7 +89,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -124,14 +124,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ metadata:
   homepage_uri: https://github.com/hintmedia/moderate_parameters
   source_code_uri: https://github.com/hintmedia/moderate_parameters
   changelog_uri: https://github.com/hintmedia/moderate_parameters/blob/master/CHANGELOG.md
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -241,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key:
+signing_key:
 specification_version: 4
 summary: Protected Attributes to Strong Parameters migration tool
 test_files: []