params_cleaner 0.3.1 → 0.4.0

data/lib/params_cleaner.rb

@@ -1,70 +1,54 @@
+require "ostruct"
 require "active_support/concern"
+require "active_support/core_ext/hash/deep_merge"
 require "active_support/core_ext/hash/slice"
 require "active_support/hash_with_indifferent_access"
+require "./lib/params_cleaner/whitelist"
 
 module ParamsCleaner
   extend ActiveSupport::Concern
 
-  VERSION = "0.3.1"
+  VERSION = "0.4.0"
 
-  def clean_params(root_params = params, top_level = true)
-    cleaned_params = root_params.map do |key, value|
-      if value.kind_of?(Hash)
-        _clean_hash(key, value)
-      elsif value.kind_of?(Array)
-        _clean_array(key, value)
-      else
-        _clean_value(key, value, top_level)
-      end
+  def clean_params
+    sanitized_params = _applicable_whitelists.map do |whitelist|
+      whitelist.sanitize(params)
     end
 
-    cleaned_params_hash = Hash[cleaned_params]
-    HashWithIndifferentAccess.new(cleaned_params_hash)
-  end
-
-  def _clean_array(key, value)
-    cleaned_values = value.map do |sub_value|
-      _clean_hash(key, sub_value).last
+    sanitized_params.inject(HashWithIndifferentAccess.new) do |new_params, sanitized|
+      new_params.deep_merge(sanitized)
     end
-    [key, cleaned_values]
   end
 
-  def _clean_hash(key, value)
-    allowed_keys = value.slice(*self.class._allowed_nested[key.to_sym])
-    clean_values = clean_params(allowed_keys, false)
-    [key, clean_values]
+  def _action_whitelists
+    self.class._action_whitelists
   end
 
-  def _clean_value(key, value, top_level)
-    return [key, value] unless top_level
+  def _applicable_whitelists
+    [_action_whitelists[:_all_], _action_whitelists[_current_action_name]].compact
+  end
 
-    if self.class._allowed_top_level.include?(key.to_sym)
-      [key, value]
+  def _current_action_name
+    if respond_to?(:action_name)
+      action_name.to_sym
     else
-      []
+      nil
     end
   end
 
   module ClassMethods
     def allowed_params(*params_groups)
-      @allowed_top_level = []
-      @allowed_nested = {}
-
-      params_groups.each do |params_group|
-        if params_group.is_a?(Hash)
-          @allowed_nested = params_group
-        else
-          @allowed_top_level << params_group
-        end
-      end
+      @action_whitelists ||= {}
+      @action_whitelists[:_all_] = Whitelist.new(params_groups)
     end
 
-    def _allowed_nested
-      @allowed_nested
+    def allowed_params_for(action, *params_groups)
+      @action_whitelists ||= {}
+      @action_whitelists[action] = Whitelist.new(params_groups)
     end
 
-    def _allowed_top_level
-      @allowed_top_level
+    def _action_whitelists
+      @action_whitelists
     end
   end
 end

data/lib/params_cleaner/whitelist.rb

@@ -0,0 +1,59 @@
+module ParamsCleaner
+  class Whitelist
+    def initialize(whitelist)
+      @whitelist = whitelist
+    end
+
+    def sanitize(params, top_level = true)
+      cleaned_params = params.map do |key, value|
+        if value.kind_of?(Hash)
+          _clean_hash(key, value)
+        elsif value.kind_of?(Array)
+          _clean_array(key, value)
+        else
+          _clean_value(key, value, top_level)
+        end
+      end
+
+      cleaned_params_hash = Hash[cleaned_params]
+      HashWithIndifferentAccess.new(cleaned_params_hash)
+    end
+
+    def _allowed_nested
+      @whitelist.detect { |params_group| params_group.is_a?(Hash) } || {}
+    end
+
+    def _allowed_top_level
+      params_groups = []
+      @whitelist.each do |params_group|
+        unless params_group.is_a?(Hash)
+          params_groups << params_group
+        end
+      end
+      params_groups
+    end
+
+    def _clean_array(key, value)
+      cleaned_values = value.map do |sub_value|
+        _clean_hash(key, sub_value).last
+      end
+      [key, cleaned_values]
+    end
+
+    def _clean_hash(key, value)
+      allowed_keys = value.slice(*_allowed_nested[key.to_sym])
+      clean_values = sanitize(allowed_keys, false)
+      [key, clean_values]
+    end
+
+    def _clean_value(key, value, top_level)
+      return [key, value] unless top_level
+
+      if _allowed_top_level.include?(key.to_sym)
+        [key, value]
+      else
+        []
+      end
+    end
+  end
+end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: params_cleaner
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.4.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-12 00:00:00.000000000 Z
+date: 2012-08-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70189384326480 !ruby/object:Gem::Requirement
+  requirement: &70327972553720 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,7 +21,7 @@ dependencies:
         version: 3.0.0
   type: :runtime
   prerelease: false
-  version_requirements: *70189384326480
+  version_requirements: *70327972553720
 description: Rails mass assignment protection in the controller
 email:
 - drew@drewolson.org
@@ -29,6 +29,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- lib/params_cleaner/whitelist.rb
 - lib/params_cleaner.rb
 homepage: https://github.com/drewolson/params_cleaner
 licenses: []
@@ -44,7 +45,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2480936313182704854
+      hash: -3481307884209043138
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -53,7 +54,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: -2480936313182704854
+      hash: -3481307884209043138
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.15