neo4j 7.1.4 → 7.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 59a1f4ff6343398b192ac132595f0165fc65fec2
-  data.tar.gz: e08ab0b4e2cf7716cf7b0ed085082a052360de77
+  metadata.gz: fa5400aef5ceed374df507212001259434a2550c
+  data.tar.gz: eb182d51d5f9107155dcc3cc7db72018b0ca16ca
 SHA512:
-  metadata.gz: bd2af749c6b804e50ab8ca138124a570802f7eafbb75583a3487e3748af238d86c0bd3517fbe424aa99ed83b2e635e190bcfb90b93917e59c2b4ba45dec4fe12
-  data.tar.gz: 0e75718feea9d08f69322c69c3989c8b0d367f423910f8ff8b701386cb146fbada6a00ce9da80f79fee11cee484b8887e90132c83834edbd9cdd0c5c477a425e
+  metadata.gz: d12724bd745a9d23b43a63f90a6bcd18114727035229cea23cf744db4ea0482832e4c44696246224f34b93ea3d3d091afa49bf8096b3a80ec695a92d68cb42c3
+  data.tar.gz: 609c35501f8b8a2ac5588820867d3c972f1ca1ce5dbe73456a3ff4f2de62e1f6a943eefcd2eb5098053bbc474dbf65baa63d0b6639f947f533f685e1a58accde

data/CHANGELOG.md

@@ -3,11 +3,11 @@ All notable changes to this project will be documented in this file.
 This file should follow the standards specified on [http://keepachangelog.com/]
 This project adheres to [Semantic Versioning](http://semver.org/).
 
-## [7.1.4] - 09-20-2016
+## [7.2.0] - 08-23-2016
 
-### Fixed
+### Added
 
-- `where` clause with question mark parameter and array values only using the first element (see #1247 #1290)
+- Backporting #1245 to 7.x versions. It implements the [`ForbiddenAttributesProtection` API](http://edgeapi.rubyonrails.org/classes/ActionController/StrongParameters.html) from ActiveRecord.
 
 ## [7.1.3] - 08-18-2016
 
@@ -34,12 +34,6 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 - Gemspec dependency requirements were modified where ActiveModel, ActiveSupport, and Railties are concerned. The gem now requires >= 4.0, < 5.1.
 - `ActiveModel::Serializers::Xml` is only included if supported if available.
 
-## [7.0.16] - 09-20-2016
-
-### Fixed
-
-- `where` clause with question mark parameter and array values only using the first element (see #1247 #1290)
-
 ## [7.0.15] - 08-18-2016
 
 ### Changed

data/lib/neo4j.rb

@@ -40,6 +40,7 @@ require 'neo4j/shared/typecaster'
 require 'neo4j/shared/initialize'
 require 'neo4j/shared/query_factory'
 require 'neo4j/shared/cypher'
+require 'neo4j/shared/permitted_attributes'
 require 'neo4j/shared'
 
 require 'neo4j/active_rel/callbacks'

data/lib/neo4j/active_node.rb

@@ -44,10 +44,11 @@ module Neo4j
     include Neo4j::ActiveNode::Scope
     include Neo4j::ActiveNode::Dependent
     include Neo4j::ActiveNode::Enum
+    include Neo4j::Shared::PermittedAttributes
 
     def initialize(args = nil)
-      symbol_args = args.is_a?(Hash) ? args.symbolize_keys : args
-      super(symbol_args)
+      args = sanitize_input_parameters(args)
+      super(args)
     end
 
     def neo4j_obj

data/lib/neo4j/active_node/query/query_proxy_link.rb

@@ -12,11 +12,7 @@ module Neo4j
           end
 
           def args(var, rel_var)
-            if @arg.respond_to?(:call)
-              @arg.call(var, rel_var)
-            else
-              [@arg] + @args
-            end
+            @arg.respond_to?(:call) ? @arg.call(var, rel_var) : [@arg, @args].flatten
           end
 
           class << self

data/lib/neo4j/active_rel.rb

@@ -18,13 +18,14 @@ module Neo4j
     include Neo4j::ActiveRel::Query
     include Neo4j::ActiveRel::Types
     include Neo4j::Shared::Enum
+    include Neo4j::Shared::PermittedAttributes
 
     class FrozenRelError < Neo4j::Error; end
 
     def initialize(from_node = nil, to_node = nil, args = nil)
       load_nodes(node_or_nil(from_node), node_or_nil(to_node))
       resolved_args = hash_or_nil(from_node, args)
-      symbol_args = resolved_args.is_a?(Hash) ? resolved_args.symbolize_keys : resolved_args
+      symbol_args = sanitize_input_parameters(resolved_args)
       super(symbol_args)
     end
 
@@ -60,26 +61,7 @@ module Neo4j
     end
 
     def hash_or_nil(node_or_hash, hash_or_nil)
-      node_or_hash.is_a?(Hash) ? node_or_hash : hash_or_nil
-    end
-
-    module ClassMethods
-      [:create, :create!].each do |meth|
-        define_method(meth) do |from_node_or_args = nil, to_node = nil, args = nil|
-          return super(from_node_or_args) if from_node_or_args.is_a?(Hash)
-          args_hash = args || {}
-          args_with_node!(:from_node, from_node_or_args, args_hash)
-          args_with_node!(:to_node, to_node, args_hash)
-          super(args_hash)
-        end
-      end
-
-      private
-
-      def args_with_node!(key, node, args)
-        args[key] = node if node.is_a?(Neo4j::ActiveNode)
-        args
-      end
+      hash_or_parameter?(node_or_hash) ? node_or_hash : hash_or_nil
     end
   end
 end

data/lib/neo4j/active_rel/persistence.rb

@@ -55,26 +55,13 @@ module Neo4j::ActiveRel
     module ClassMethods
       # Creates a new relationship between objects
       # @param [Hash] props the properties the new relationship should have
-      def create(props = {})
-        relationship_props = extract_association_attributes!(props) || {}
-        new(props).tap do |obj|
-          relationship_props.each do |prop, value|
-            obj.send("#{prop}=", value)
-          end
-          obj.save
-        end
+      def create(*args)
+        new(*args).tap(&:save)
       end
 
       # Same as #create, but raises an error if there is a problem during save.
       def create!(*args)
-        props = args[0] || {}
-        relationship_props = extract_association_attributes!(props) || {}
-        new(props).tap do |obj|
-          relationship_props.each do |prop, value|
-            obj.send("#{prop}=", value)
-          end
-          obj.save!
-        end
+        new(*args).tap(&:save!)
       end
 
       def create_method

data/lib/neo4j/shared/permitted_attributes.rb

@@ -0,0 +1,28 @@
+module Neo4j::Shared
+  module PermittedAttributes
+    extend ActiveSupport::Concern
+    include ActiveModel::ForbiddenAttributesProtection
+
+    def process_attributes(attributes)
+      attributes = sanitize_input_parameters(attributes)
+      super(attributes)
+    end
+
+    def attributes=(attributes)
+      attributes = sanitize_input_parameters(attributes)
+      super(attributes)
+    end
+
+    protected
+
+    # Check if an argument is a string or an ActionController::Parameters
+    def hash_or_parameter?(args)
+      args.is_a?(Hash) || args.respond_to?(:to_unsafe_h)
+    end
+
+    def sanitize_input_parameters(attributes)
+      attributes = sanitize_for_mass_assignment(attributes)
+      attributes.respond_to?(:symbolize_keys) ? attributes.symbolize_keys : attributes
+    end
+  end
+end

data/lib/neo4j/version.rb

@@ -1,3 +1,3 @@
 module Neo4j
-  VERSION = '7.1.4'
+  VERSION = '7.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: neo4j
 version: !ruby/object:Gem::Version
-  version: 7.1.4
+  version: 7.2.0
 platform: ruby
 authors:
 - Andreas Ronge, Brian Underwood, Chris Grigg
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-09-20 00:00:00.000000000 Z
+date: 2016-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: orm_adapter
@@ -232,7 +232,6 @@ files:
 - Gemfile
 - README.md
 - bin/neo4j-jars
-- bin/rake
 - config/locales/en.yml
 - config/neo4j/add_classnames.yml
 - config/neo4j/config.yml
@@ -304,6 +303,7 @@ files:
 - lib/neo4j/shared/initialize.rb
 - lib/neo4j/shared/marshal.rb
 - lib/neo4j/shared/mass_assignment.rb
+- lib/neo4j/shared/permitted_attributes.rb
 - lib/neo4j/shared/persistence.rb
 - lib/neo4j/shared/property.rb
 - lib/neo4j/shared/query_factory.rb

data/bin/rake

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'rake' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require 'pathname'
-ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile',
-                                           Pathname.new(__FILE__).realpath)
-
-require 'rubygems'
-require 'bundler/setup'
-
-load Gem.bin_path('rake', 'rake')