RubyGems - moderate_parameters - Versions diffs - 0.3.2 → 0.4.1 - Mend

moderate_parameters 0.3.2 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/Gemfile.lock +40 -39
data/README.md +14 -1
data/lib/moderate_parameters/breadcrumbs.rb +63 -7
data/lib/moderate_parameters/logger.rb +3 -1
data/lib/moderate_parameters/parameters.rb +33 -1
data/lib/moderate_parameters/version.rb +1 -1
data/moderate_parameters.gemspec +5 -5
metadata +15 -15

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba33050049dd8c5032eae5d421dd37b9e6aab9bd399f3c414fcd44f3659932bd
-  data.tar.gz: 1f1d1d4401fa487a322e56ce1654b0943df2c114807791248222c90e463e6566
+  metadata.gz: 23eafaba8b9f64135a3edf48864f37138116d8a42697ced5b468c08bdf9cb874
+  data.tar.gz: c7d77caed1f34d990f5dcd8249f82cb986e43c331faec8fb93a0687b3f6c93a9
 SHA512:
-  metadata.gz: 941f550a839d2d6bd48321cdb9627eab93226dc5d655c009f4073f97d6a77f4fc6d1945803143b99314fced7d341fe1604f78a11488ffd4e94ccdc92f3925777
-  data.tar.gz: 5dbd1d0c60870bd8b0aa3749fcd685a5599d029c40797cc9f988141458df8b7b0a834c1340e0c1567788f44bbe7f855f122f227b65d0162167a7dba00a41c837
+  metadata.gz: ffa210ee922ad715e48ea4e9382b8b6725a15c25fad3eed0ea7790aeab1828edc4809df68e82e45ff50579b8cd3d3374694801e44c78fc552eed9a51d923cd6f
+  data.tar.gz: 18c087330c98ab59bd2c535389f6a58a255466053460665909ad3417822aef991a060712ee59162a6735f0a0c740843e81c48ba6a09a98e322ddd645fcdcf988

data/Gemfile.lock CHANGED Viewed

@@ -1,74 +1,76 @@
 PATH
   remote: .
   specs:
-    moderate_parameters (0.3.0)
-      actionpack (>= 4.2, < 6.1)
-      activemodel (>= 4.2, < 6.1)
-      activesupport (>= 4.2, < 6.1)
-      railties (>= 4.2, < 6.1)
+    moderate_parameters (0.4.1)
+      actionpack (>= 4.2, < 6.2)
+      activemodel (>= 4.2, < 6.2)
+      activesupport (>= 4.2, < 6.2)
+      railties (>= 4.2, < 6.2)
 GEM
   remote: https://rubygems.org/
   specs:
-    actionpack (6.0.2.1)
-      actionview (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
-      rack (~> 2.0, >= 2.0.8)
+    actionpack (6.1.4.1)
+      actionview (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
+      rack (~> 2.0, >= 2.0.9)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actionview (6.0.2.1)
-      activesupport (= 6.0.2.1)
+    actionview (6.1.4.1)
+      activesupport (= 6.1.4.1)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activemodel (6.0.2.1)
-      activesupport (= 6.0.2.1)
-    activesupport (6.0.2.1)
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activesupport (6.1.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     appraisal (2.2.0)
       bundler
       rake
       thor (>= 0.14.0)
     builder (3.2.4)
     coderay (1.1.2)
-    concurrent-ruby (1.1.5)
+    concurrent-ruby (1.1.9)
     crass (1.0.6)
     diff-lcs (1.3)
-    erubi (1.9.0)
-    i18n (1.8.2)
+    erubi (1.10.0)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
-    loofah (2.4.0)
+    loofah (2.12.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     method_source (0.9.2)
-    mini_portile2 (2.4.0)
-    minitest (5.14.0)
-    nokogiri (1.10.7)
-      mini_portile2 (~> 2.4.0)
+    mini_portile2 (2.6.1)
+    minitest (5.14.4)
+    nokogiri (1.12.5)
+      mini_portile2 (~> 2.6.1)
+      racc (~> 1.4)
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
-    rack (2.1.1)
+    racc (1.6.0)
+    rack (2.2.3)
     rack-test (1.1.0)
       rack (>= 1.0, < 3)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.3.0)
+    rails-html-sanitizer (1.4.2)
       loofah (~> 2.3)
-    railties (6.0.2.1)
-      actionpack (= 6.0.2.1)
-      activesupport (= 6.0.2.1)
+    railties (6.1.4.1)
+      actionpack (= 6.1.4.1)
+      activesupport (= 6.1.4.1)
       method_source
-      rake (>= 0.8.7)
-      thor (>= 0.20.3, < 2.0)
-    rake (10.5.0)
+      rake (>= 0.13)
+      thor (~> 1.0)
+    rake (13.0.1)
     rspec (3.9.0)
       rspec-core (~> 3.9.0)
       rspec-expectations (~> 3.9.0)
@@ -85,10 +87,9 @@ GEM
     rspec_junit_formatter (0.4.1)
       rspec-core (>= 2, < 4, != 2.12.0)
     thor (1.0.1)
-    thread_safe (0.3.6)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    zeitwerk (2.2.2)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    zeitwerk (2.5.1)
 PLATFORMS
   ruby
@@ -98,7 +99,7 @@ DEPENDENCIES
   bundler (~> 2.0)
   moderate_parameters!
   pry (~> 0.12.2)
-  rake (~> 10.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
   rspec_junit_formatter (= 0.4.1)

data/README.md CHANGED Viewed

@@ -5,6 +5,8 @@
 By [Hint.io](https://hint.io)
+[![Gem Version](https://badge.fury.io/rb/moderate_parameters.svg)](https://badge.fury.io/rb/moderate_parameters) ![CI](https://github.com/hintmedia/moderate_parameters/workflows/CI/badge.svg) ![Appraisals](https://github.com/hintmedia/moderate_parameters/workflows/Appraisals/badge.svg) [![Maintainability](https://api.codeclimate.com/v1/badges/4971eb01d5bd98dbac8b/maintainability)](https://codeclimate.com/github/hintmedia/moderate_parameters/maintainability)
 In our experience with [UpgradeRails](https://www.upgraderails.com), the migration from [protected_attributes](https://github.com/rails/protected_attributes) to [strong_parameters](https://api.rubyonrails.org/classes/ActionController/StrongParameters.html) can leave more questions than answers. It can be difficult to determine what data is originating from within the app and what is coming from the internet.
 Moderate Parameters is a set of tools providing logging of data sources in the controller by extending `ActionController::Parameters` functionality.
@@ -111,7 +113,7 @@ end
 We can then hit submit data from the form at `/people/new` and see that no new lines are added to the `moderate_parameters.log` file.
-This means that we can remove `moderate_parameters` and move to using `permit` as a part of `strong_parameters`:
+This means that we can remove `moderate_parameters` and move to using `permit` as the final migration step of `strong_parameters`:
 ```ruby
 class PeopleController < ActionController::Base
@@ -129,6 +131,17 @@ class PeopleController < ActionController::Base
 end
 ```
+It is only _**AFTER**_ this final step of the `strong_parameters` migration has been completed that you can safely remove the `protected_attributes` line in the model:
+```ruby
+class Person < ActiveRecord::Base
+  # attr_accessible :name, :age, :height
+  . . .
+end
+```
 ## Contributing
 Bug reports and pull requests are welcome on GitHub at https://github.com/hintmedia/moderate_parameters. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

data/lib/moderate_parameters/breadcrumbs.rb CHANGED Viewed

@@ -2,34 +2,90 @@
 module ModerateParameters
   module Breadcrumbs
-    def [](key)
-      internal_param_logging(key, 'read', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def []=(key, _value)
+      internal_param_logging(key, key?(key) ? 'overwritten' : 'added', caller_locations)
       super
     end
-    def []=(key, value)
-      internal_param_logging(key, 'overwritten', caller_locations) if ModerateParameters.breadcrumbs_enabled
+    def merge!(other_hash)
+      internal_method_logging('merge!', other_hash.keys, caller_locations)
+      super
+    end
+    def reverse_merge!(other_hash)
+      internal_method_logging('reverse_merge!', other_hash.keys, caller_locations)
       super
     end
     def extract!(*keys)
-      internal_method_logging('extract!', keys, caller_locations) if ModerateParameters.breadcrumbs_enabled
+      internal_method_logging('extract!', keys, caller_locations)
+      super
+    end
+    def slice!(*keys)
+      internal_method_logging('slice!', keys, caller_locations)
+      super
+    end
+    def delete(*keys, &block)
+      internal_method_logging('delete', keys, caller_locations)
+      super
+    end
+    def reject!(&block)
+      internal_block_logging('reject!', caller_locations)
+      super
+    end
+    # Alias for #reject!
+    def delete_if(&block)
+      internal_block_logging('delete_if', caller_locations)
+      super
+    end
+    def select!(&block)
+      internal_block_logging('select!', caller_locations)
+      super
+    end
+    # Alias for #select!
+    def keep_if(&block)
+      internal_block_logging('keep_if', caller_locations)
       super
     end
     private
+    def needs_logged?
+      ModerateParameters.breadcrumbs_enabled &&
+      instance_variable_get(:@moderate_params_object_id) &&
+      !permitted?
+    end
     def internal_param_logging(key, action, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
         payload[:message] = "#{key} is being #{action} on: #{stack_array.join("\n")}"
       end
     end
-    def internal_method_logging(method, keys, stack_array)
+    def internal_method_logging(method, args, stack_array)
+      return unless needs_logged?
+      ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
+        payload[:caller_locations] = stack_array
+        payload[:message] = "#{method} is being called with #{args} on: #{stack_array.join("\n")}"
+      end
+    end
+    def internal_block_logging(method, stack_array)
+      return unless needs_logged?
       ActiveSupport::Notifications.instrument('moderate_parameters') do |payload|
         payload[:caller_locations] = stack_array
-        payload[:message] = "#{method} is being called with #{keys} on: #{stack_array.join("\n")}"
+        payload[:message] = "#{method} is being called with a block on: #{stack_array.join("\n")}"
       end
     end
   end

data/lib/moderate_parameters/logger.rb CHANGED Viewed

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 ActiveSupport::Notifications.subscribe('moderate_parameters') do |_, _, _, _, payload|
-  (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  (ModerateParameters.logger || ActiveSupport::Logger.new('/dev/null')).info(
+    "#{payload[:controller]}##{payload[:action]} #{payload[:message]}"
+  )
 end

data/lib/moderate_parameters/parameters.rb CHANGED Viewed

@@ -2,7 +2,17 @@
 module ModerateParameters
   module Parameters
+    MP_OBJECT_ID = :@moderate_params_object_id
+    MP_PARENT_KEY = :@moderate_params_parent_key
     def moderate(controller_name, action, *filters)
+      log_duplicate_moderate_warning(
+        caller_locations,
+        instance_variable_get(MP_PARENT_KEY),
+        controller_name,
+        action
+      ) if instance_variable_get(MP_OBJECT_ID)
       params = self.class.new
       filters.each do |filter|
@@ -19,7 +29,15 @@ module ModerateParameters
       end
       incoming_params_logging(params, controller_name, action)
-      dup.permit!
+      duplicate_params = dup
+      instance_variable_set(MP_OBJECT_ID, duplicate_params.object_id)
+      duplicate_params.permit!
+    end
+    def require(key)
+      return super if key.is_a?(Array) || self[key].blank?
+      self[key].instance_variable_set(MP_PARENT_KEY, key)
+      super
     end
     private
@@ -38,6 +56,12 @@ module ModerateParameters
       end
     end
+    def log_duplicate_moderate_warning(stack_array, parent_key, controller_name, action)
+      write_to_log(message: ".moderate has already been called on params.require(:#{parent_key}): #{stack_array.join("\n")}",
+                   action: action,
+                   controller: controller_name)
+    end
     def non_scalar_value_filter(params, key, controller_name, action)
       if has_key?(key) && !permitted_scalar?(self[key])
         params[key] = self[key].class.new
@@ -47,6 +71,14 @@ module ModerateParameters
       end
     end
+    def array_of_permitted_scalars?(value)
+      if value.is_a?(Array) && value.all? { |element| permitted_scalar?(element) }
+        return true unless block_given?
+        yield value
+      end
+    end
     def non_scalar?(value)
       value.is_a?(Array) || value.is_a?(Parameters)
     end

data/lib/moderate_parameters/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module ModerateParameters
-  VERSION = '0.3.2'
+  VERSION = '0.4.1'
 end

data/moderate_parameters.gemspec CHANGED Viewed

@@ -36,14 +36,14 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.3.1'
-  spec.add_dependency 'actionpack', '>= 4.2', '< 6.1'
-  spec.add_dependency 'activemodel', '>= 4.2', '< 6.1'
-  spec.add_dependency 'activesupport', '>= 4.2', '< 6.1'
-  spec.add_dependency 'railties', '>= 4.2', '< 6.1'
+  spec.add_dependency 'actionpack', '>= 4.2', '< 6.2'
+  spec.add_dependency 'activemodel', '>= 4.2', '< 6.2'
+  spec.add_dependency 'activesupport', '>= 4.2', '< 6.2'
+  spec.add_dependency 'railties', '>= 4.2', '< 6.2'
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'pry', '~> 0.12.2'
-  spec.add_development_dependency 'rake', '~> 10.0'
+  spec.add_development_dependency 'rake', '~> 13.0'
   spec.add_development_dependency 'rspec', '~> 3.0'
   spec.add_development_dependency 'rspec_junit_formatter', '0.4.1'
   spec.add_development_dependency 'appraisal', '2.2.0'

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: moderate_parameters
 version: !ruby/object:Gem::Version
-  version: 0.3.2
+  version: 0.4.1
 platform: ruby
 authors:
 - Kyle Boe
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-03 00:00:00.000000000 Z
+date: 2021-10-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -19,7 +19,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
@@ -39,7 +39,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -49,7 +49,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -59,7 +59,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -69,7 +69,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
@@ -79,7 +79,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -89,7 +89,7 @@ dependencies:
         version: '4.2'
     - - "<"
       - !ruby/object:Gem::Version
-        version: '6.1'
+        version: '6.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -124,14 +124,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -225,7 +225,7 @@ metadata:
   homepage_uri: https://github.com/hintmedia/moderate_parameters
   source_code_uri: https://github.com/hintmedia/moderate_parameters
   changelog_uri: https://github.com/hintmedia/moderate_parameters/blob/master/CHANGELOG.md
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -241,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.3
-signing_key:
+signing_key:
 specification_version: 4
 summary: Protected Attributes to Strong Parameters migration tool
 test_files: []