private_person 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    NDk2ZjIyOTkxZWY4MjI5YzVjYWMxMjRlNGYwYzQyYjA4MGMyNjM0YQ==
+  data.tar.gz: !binary |-
+    ODc4N2VmY2I2ZTg1MDAyM2RjNjkyOTgyZmNjYzUxNGViNWI5ZjJjMg==
+!binary "U0hBNTEy":
+  metadata.gz: !binary |-
+    NGI5NDAzMTE0MjY2MTEzMTFlM2JhNDZhNjJiNmY1OGE2N2QyNzViZjMxZDQz
+    MGI2OGJiZWU4ZjYwOTE5NzE2ODdiMzNlMzU4NTNiYjZmYjc0NjAzNmUyMzA5
+    NjRmYTM5NGZmMjMxYmQzMzIwOGNlNmMwMjllMzg3ZDY5YjgxNmI=
+  data.tar.gz: !binary |-
+    OTMxNDAzZjNmNGRlNjY1ODQxMTQxNmIwNTAyNDhkNzViZTQ5NmU2YmMzMDkw
+    NTUyZGZhZTk1YWY5YzUyNzdjYzJiYWI1NzdkOWU3N2RmZGFhNTg4N2NmOWE3
+    MzYyMmJhMmVlYWM1Nzc3YzQ5MDhjOWFjZDc2YWFkZWZhY2MxMWE=

data/.document

@@ -0,0 +1,5 @@
+lib/**/*.rb
+bin/*
+- 
+features/**/*.feature
+LICENSE.txt

data/.rspec

@@ -0,0 +1 @@
+--color

data/Gemfile

@@ -0,0 +1,21 @@
+source 'http://rubygems.org'
+# Add dependencies required to use your gem here.
+# Example:
+#   gem 'activesupport', '>= 2.3.5'
+
+# Add dependencies to develop your gem here.
+# Include everything needed to run rake, tests, features, etc.
+group :development, :test do
+  gem 'rdoc'
+  gem 'bundler'
+  gem 'jeweler'
+  gem 'sqlite3'
+  gem 'rspec'
+  gem 'rspec-rails'
+  gem 'shoulda-matchers'
+  gem 'factory_girl_rails'
+  gem 'database_cleaner'
+  gem 'acts_as_follower'
+end
+
+gem 'rails'

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2013 Sour Cherry Web
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,18 @@
+= PrivatePerson
+
+Private person is an active record extension gem that allows a model to be given privacy settings over arbitrary models and polymorphic relations, putting users' accounts in control of their own privacy policies.
+
+== Contributing to Person
+ 
+* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet.
+* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it.
+* Fork the project.
+* Start a feature/bugfix branch.
+* Commit and push until you are happy with your contribution.
+* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
+* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+
+== Copyright
+
+Copyright (c) 2013 Sour Cherry Web. See LICENSE.txt for further details.
+

data/Rakefile

@@ -0,0 +1,49 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'rake'
+
+require 'jeweler'
+Jeweler::Tasks.new do |gem|
+  # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
+  gem.name = "private_person"
+  gem.homepage = "http://github.com/nerakdon/private_person"
+  gem.license = "MIT"
+  gem.summary = %Q{Private person puts your users in control of their own privacy policies.}
+  gem.description = %Q{Private person is an active record extension gem that allows a model to be given privacy settings over arbitrary models and polymorphic relations, putting users' accounts in control of their own privacy policies.}
+  gem.email = "webmaster@sourcherryweb.com"
+  gem.authors = ["Karen Lundgren"]
+  # dependencies defined in Gemfile
+end
+Jeweler::RubygemsDotOrgTasks.new
+
+require 'rspec/core'
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = FileList['spec/**/*_spec.rb']
+end
+
+RSpec::Core::RakeTask.new(:rcov) do |spec|
+  spec.pattern = 'spec/**/*_spec.rb'
+  spec.rcov = false
+end
+
+task :default => :spec
+
+require 'rdoc/task'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "private_person #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.0

data/lib/generators/private_person/install/install_generator.rb

@@ -0,0 +1,31 @@
+module PrivatePerson
+  class InstallGenerator < Rails::Generators::Base
+    source_root File.expand_path("../templates", __FILE__)
+    require File.expand_path('../../utils', __FILE__)
+    include Generators::Utils
+    include Rails::Generators::Migration
+    
+    def hello
+      output "With PrivatePerson, you can put your users in control of their own privacy policies.", :magenta
+    end
+
+    def add_migrations
+      unless ActiveRecord::Base.connection.table_exists? 'permissions'
+        migration_template 'migrate/create_permissions_table.rb', 'db/migrate/create_permissions_table.rb' rescue output $!.message
+      end
+    end
+    
+    def self.next_migration_number(dirname)
+      if ActiveRecord::Base.timestamped_migrations
+        unless @prev_migration_nr
+          @prev_migration_nr = Time.now.utc.strftime("%Y%m%d%H%M%S").to_i
+        else
+          @prev_migration_nr += 1
+        end
+        @prev_migration_nr.to_s
+      else
+        "%.3d" % (current_migration_number(dirname) + 1)
+      end
+    end
+  end
+end

data/lib/generators/private_person/install/templates/migrate/create_permissions_table.rb

@@ -0,0 +1,18 @@
+class CreatePermissionsTable < ActiveRecord::Migration
+  def self.up
+    create_table :permissions do |t|
+      t.string      :permissor_type
+      t.integer     :permissor_id
+      t.string      :permissible_type
+      t.integer     :permissible_id
+      t.string      :relationship_type, :default => 'none'
+      t.timestamps
+    end
+
+    add_index :permissions, [:permissor_type, :permissor_id]
+    add_index :permissions, [:permissible_type, :permissible_id]
+  end
+  def self.down
+    drop_table :permissions
+  end
+end

data/lib/generators/private_person/utils.rb

@@ -0,0 +1,16 @@
+module PrivatePerson
+  module Generators
+    module Utils
+      def output(output, color = :green)
+        say("           -  #{output}", color)
+      end
+
+      def ask_for(wording, default_value = nil, override_if_present_value = nil)
+        override_if_present_value.present? ?
+          display("Using [#{override_if_present_value}] for question '#{wording}'") && override_if_present_value :
+          ask("           ?  #{wording} Press <enter> for [#{default_value}] >", :yellow).presence || default_value
+      end
+    end
+  end
+end
+

data/lib/private_person/models/permissible.rb

@@ -0,0 +1,16 @@
+module PrivatePerson
+  module Permissible
+    def acts_as_permissible(params = {})
+      if params[:by].nil?
+        raise 'Called acts_as_permissible, but without a :by parameter.'
+      end
+      class_attribute :by
+      self.by = params[:by]
+
+      class_eval do
+        has_many :permissions, :as => :permissible
+        has_many :permissors, :through => :permissions, :as => :permissor
+      end
+    end
+  end
+end

data/lib/private_person/models/permission.rb

@@ -0,0 +1,58 @@
+class Permission < ActiveRecord::Base
+  belongs_to :permissor, :polymorphic => true
+  belongs_to :permissible, :polymorphic => true
+
+  attr_accessible :permissible, :permissible_type, :permissible_id, :relationship_type
+  validates_presence_of :permissor, :permissible_type, :relationship_type
+
+  def self.find_all_by_permissor(permissor)
+    where("permissor_type = ? AND permissor_id = ?", permissor.class.name, permissor.id)
+  end
+
+  def self.find_all_by_permissible(permissible)
+    where("permissible_type = ? AND permissible_id = ?", permissible.class.name, permissible.id)
+  end
+
+  def self.find_all_by_wildcard(permissible_type)
+    where(:permissible_type => permissible_type, :permissible_id => nil)
+  end
+
+  def self.find_all_by_relationship_type(relationship_type)
+    if relationship_type == 'public'
+      return where("relationship_type = 'public'")
+    end
+    if(self.permissible_types.include? relationship_type)
+      return where("relationship_type = ? OR relationship_type = 'public'", relationship_type)
+    end
+    return where(0)
+  end
+
+  def self.blocked
+    where('NOT(relationship_type IN (?))', self.permissible_types)
+  end
+
+  def self.legitimate
+    where('relationship_type IN (?)', self.permissible_types)
+  end
+
+  def self.permissible_types
+    permissible_types = ['public']
+    for record in self.group('permissor_type').group('permissor_id')
+      permissor = record.permissor_type.constantize.find(record.permissor_id)
+      unless permissor.nil?
+        for method in permissor.class.of
+          permissible_types << method.to_s
+        end
+      end
+    end
+    permissible_types.compact
+  end
+
+  def existing_types
+    existing_types = ['public']
+    for method in permissor.class.of
+      existing_types << method.to_s
+    end
+    existing_types
+  end
+end

data/lib/private_person/models/permissor.rb

@@ -0,0 +1,17 @@
+module PrivatePerson
+  module Permissor
+    def acts_as_permissor(params = {})
+      if params[:of].nil?
+        raise 'Called acts_as_permissor, but without an :of parameter.'
+      end
+      class_attribute :of
+      self.of = params[:of]
+      class_name = params[:class_name] || params[:of].to_s.classify
+      class_name.constantize.acts_as_permitted
+      class_eval do
+        has_many :permissions, :as => :permissor
+        has_many :permissibles, :through => :permissions, :as => :permissible
+      end
+    end
+  end
+end

data/lib/private_person/models/permitted.rb

@@ -0,0 +1,44 @@
+module PrivatePerson
+  module Permitted
+    def acts_as_permitted
+      class_eval do
+        def is_permitted?(permissor, permissible)
+          if Permission.find_all_by_permissible(permissible).blocked.exists?
+            return false
+          end
+          wildcards = permissions_by(permissor).find_all_by_wildcard(permissible.class.name).legitimate
+          if wildcards.exists?
+            return true
+          end
+          permissions = permissions_by(permissor).find_all_by_permissible(permissible).legitimate
+          if permissions.exists?
+            return true
+          end
+          return false
+        end
+
+        def permissions_by(permissor)
+          Permission.find_all_by_permissor(permissor).find_all_by_relationship_type(relationship_to(permissor))
+        end
+
+        def relationship_to(permissor)
+          # First check for an efficient method
+          for relationship_method in permissor.class.of
+            is_method = ('is_' + relationship_method.to_s.singularize + '_of?').to_sym
+            if respond_to?(is_method) and self.send(is_method, permissor)
+              return relationship_method.to_s
+            end
+          end
+          # Then check for a slow method
+          for relationship_method in permissor.class.of
+            relationship_members = permissor.send(relationship_method.to_sym)
+            if relationship_members.exists?(:id => self.id)
+              return relationship_method.to_s
+            end
+          end
+          return nil
+        end
+      end
+    end
+  end
+end

data/lib/private_person/version.rb

@@ -0,0 +1,7 @@
+module PrivatePerson
+  VERSION = File.read(File.expand_path('../../../VERSION', __FILE__))
+
+  def self.version_string
+    "PrivatePerson version #{PrivatePerson::VERSION}"
+  end
+end

data/lib/private_person.rb

@@ -0,0 +1,14 @@
+module PrivatePerson
+  require 'rails'
+  require 'private_person/version'
+  require 'private_person/models/permissor'
+  require 'private_person/models/permission'
+  require 'private_person/models/permissible'
+  require 'private_person/models/permitted'
+end
+
+if defined?(ActiveRecord::Base)
+  ActiveRecord::Base.extend PrivatePerson::Permitted
+  ActiveRecord::Base.extend PrivatePerson::Permissor
+  ActiveRecord::Base.extend PrivatePerson::Permissible
+end

data/private_person.gemspec

@@ -0,0 +1,127 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "private_person"
+  s.version = "0.1.0"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Karen Lundgren"]
+  s.date = "2013-09-07"
+  s.description = "Private person is an active record extension gem that allows a model to be given privacy settings over arbitrary models and polymorphic relations, putting users' accounts in control of their own privacy policies."
+  s.email = "webmaster@sourcherryweb.com"
+  s.extra_rdoc_files = [
+    "LICENSE.txt",
+    "README.rdoc"
+  ]
+  s.files = [
+    ".document",
+    ".rspec",
+    "Gemfile",
+    "LICENSE.txt",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/generators/private_person/install/install_generator.rb",
+    "lib/generators/private_person/install/templates/migrate/create_permissions_table.rb",
+    "lib/generators/private_person/utils.rb",
+    "lib/private_person.rb",
+    "lib/private_person/models/permissible.rb",
+    "lib/private_person/models/permission.rb",
+    "lib/private_person/models/permissor.rb",
+    "lib/private_person/models/permitted.rb",
+    "lib/private_person/version.rb",
+    "private_person.gemspec",
+    "script/rails",
+    "spec/dummy/.rspec",
+    "spec/dummy/Rakefile",
+    "spec/dummy/app/models/follow.rb",
+    "spec/dummy/app/models/page.rb",
+    "spec/dummy/app/models/user.rb",
+    "spec/dummy/config.ru",
+    "spec/dummy/config/application.rb",
+    "spec/dummy/config/boot.rb",
+    "spec/dummy/config/database.yml",
+    "spec/dummy/config/environment.rb",
+    "spec/dummy/config/environments/development.rb",
+    "spec/dummy/config/environments/production.rb",
+    "spec/dummy/config/environments/test.rb",
+    "spec/dummy/config/initializers/backtrace_silencers.rb",
+    "spec/dummy/config/initializers/inflections.rb",
+    "spec/dummy/config/initializers/mime_types.rb",
+    "spec/dummy/config/initializers/secret_token.rb",
+    "spec/dummy/config/initializers/session_store.rb",
+    "spec/dummy/config/initializers/wrap_parameters.rb",
+    "spec/dummy/config/locales/devise.en.yml",
+    "spec/dummy/config/locales/en.yml",
+    "spec/dummy/config/routes.rb",
+    "spec/dummy/db/development.sqlite3",
+    "spec/dummy/db/migrate/20130906211525_create_permissions_table.rb",
+    "spec/dummy/db/migrate/20130906213557_create_users_table.rb",
+    "spec/dummy/db/migrate/20130906213612_create_pages_table.rb",
+    "spec/dummy/db/migrate/20130907010108_acts_as_follower_migration.rb",
+    "spec/dummy/db/schema.rb",
+    "spec/dummy/db/test.sqlite3",
+    "spec/dummy/script/rails",
+    "spec/factories/pages.rb",
+    "spec/factories/permissions.rb",
+    "spec/factories/users.rb",
+    "spec/models/page_spec.rb",
+    "spec/models/permission_spec.rb",
+    "spec/models/user_spec.rb",
+    "spec/private_person_spec.rb",
+    "spec/spec_helper.rb",
+    "spec/support/permissions_support.rb",
+    "spec/support/users_support.rb"
+  ]
+  s.homepage = "http://github.com/nerakdon/private_person"
+  s.licenses = ["MIT"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = "2.0.7"
+  s.summary = "Private person puts your users in control of their own privacy policies."
+
+  if s.respond_to? :specification_version then
+    s.specification_version = 4
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rails>, [">= 0"])
+      s.add_development_dependency(%q<rdoc>, [">= 0"])
+      s.add_development_dependency(%q<bundler>, [">= 0"])
+      s.add_development_dependency(%q<jeweler>, [">= 0"])
+      s.add_development_dependency(%q<sqlite3>, [">= 0"])
+      s.add_development_dependency(%q<rspec>, [">= 0"])
+      s.add_development_dependency(%q<rspec-rails>, [">= 0"])
+      s.add_development_dependency(%q<shoulda-matchers>, [">= 0"])
+      s.add_development_dependency(%q<factory_girl_rails>, [">= 0"])
+      s.add_development_dependency(%q<database_cleaner>, [">= 0"])
+      s.add_development_dependency(%q<acts_as_follower>, [">= 0"])
+    else
+      s.add_dependency(%q<rails>, [">= 0"])
+      s.add_dependency(%q<rdoc>, [">= 0"])
+      s.add_dependency(%q<bundler>, [">= 0"])
+      s.add_dependency(%q<jeweler>, [">= 0"])
+      s.add_dependency(%q<sqlite3>, [">= 0"])
+      s.add_dependency(%q<rspec>, [">= 0"])
+      s.add_dependency(%q<rspec-rails>, [">= 0"])
+      s.add_dependency(%q<shoulda-matchers>, [">= 0"])
+      s.add_dependency(%q<factory_girl_rails>, [">= 0"])
+      s.add_dependency(%q<database_cleaner>, [">= 0"])
+      s.add_dependency(%q<acts_as_follower>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<rails>, [">= 0"])
+    s.add_dependency(%q<rdoc>, [">= 0"])
+    s.add_dependency(%q<bundler>, [">= 0"])
+    s.add_dependency(%q<jeweler>, [">= 0"])
+    s.add_dependency(%q<sqlite3>, [">= 0"])
+    s.add_dependency(%q<rspec>, [">= 0"])
+    s.add_dependency(%q<rspec-rails>, [">= 0"])
+    s.add_dependency(%q<shoulda-matchers>, [">= 0"])
+    s.add_dependency(%q<factory_girl_rails>, [">= 0"])
+    s.add_dependency(%q<database_cleaner>, [">= 0"])
+    s.add_dependency(%q<acts_as_follower>, [">= 0"])
+  end
+end
+

data/script/rails

@@ -0,0 +1,6 @@
+#!/usr/bin/env ruby1.8
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+APP_PATH = File.expand_path('../../spec/dummy/config/application',  __FILE__)
+require File.expand_path('../../spec/dummy/config/boot',  __FILE__)
+require 'rails/commands'

data/spec/dummy/.rspec

@@ -0,0 +1 @@
+--color

data/spec/dummy/Rakefile

@@ -0,0 +1,7 @@
+#!/usr/bin/env rake
+# Add your own tasks in files placed in lib/tasks ending in .rake,
+# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
+
+require File.expand_path('../config/application', __FILE__)
+
+Dummy::Application.load_tasks

data/spec/dummy/app/models/follow.rb

@@ -0,0 +1,14 @@
+class Follow < ActiveRecord::Base
+
+  extend ActsAsFollower::FollowerLib
+  extend ActsAsFollower::FollowScopes
+
+  # NOTE: Follows belong to the "followable" interface, and also to followers
+  belongs_to :followable, :polymorphic => true
+  belongs_to :follower,   :polymorphic => true
+
+  def block!
+    self.update_attribute(:blocked, true)
+  end
+
+end

data/spec/dummy/app/models/page.rb

@@ -0,0 +1,4 @@
+class Page < ActiveRecord::Base
+  acts_as_permissible :by => :user
+  belongs_to :user
+end

data/spec/dummy/app/models/user.rb

@@ -0,0 +1,30 @@
+class User < ActiveRecord::Base
+  acts_as_follower
+  acts_as_followable
+
+  acts_as_permissor :of => [:following_users, :user_followers, :following_of_followings, :follower_of_followers], :class_name => 'User'
+
+  def following_of_followings
+    ids = []
+    for user in following_users
+      ids |= user.following_users
+    end
+    User.where(:id => ids)
+  end
+
+  def follower_of_followers
+    ids = []
+    for user in user_followers
+      ids |= user.user_followers
+    end
+    User.where(:id => ids)
+  end
+
+  def is_following_user_of?(item)
+    self.followed_by?(item)
+  end
+
+  def is_user_follower_of?(item)
+    item.followed_by?(self)
+  end
+end

data/spec/dummy/config/application.rb

@@ -0,0 +1,56 @@
+require File.expand_path('../boot', __FILE__)
+
+# Pick the frameworks you want:
+require "active_record/railtie"
+# require "rails/test_unit/railtie"
+
+Bundler.require
+require "private_person"
+require 'acts_as_follower'
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Custom directories with classes and modules you want to be autoloadable.
+    # config.autoload_paths += %W(#{config.root}/extras)
+
+    # Only load the plugins named here, in the order given (default is alphabetical).
+    # :all can be used as a placeholder for all plugins not explicitly named.
+    # config.plugins = [ :exception_notification, :ssl_requirement, :all ]
+
+    # Activate observers that should always be running.
+    # config.active_record.observers = :cacher, :garbage_collector, :forum_observer
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+
+    # Configure the default encoding used in templates for Ruby 1.9.
+    config.encoding = "utf-8"
+
+    # Configure sensitive parameters which will be filtered from the log file.
+    config.filter_parameters += [:password]
+
+    # Enable escaping HTML in JSON.
+    config.active_support.escape_html_entities_in_json = true
+
+    # Use SQL instead of Active Record's schema dumper when creating the database.
+    # This is necessary if your schema can't be completely dumped by the schema dumper,
+    # like if you have constraints or database-specific column types
+    # config.active_record.schema_format = :sql
+
+    # Enforce whitelist mode for mass assignment.
+    # This will create an empty whitelist of attributes available for mass-assignment for all models
+    # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
+    # parameters by using an attr_accessible or attr_protected declaration.
+    config.active_record.whitelist_attributes = true
+  end
+end
+

data/spec/dummy/config/boot.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+gemfile = File.expand_path('../../../../Gemfile', __FILE__)
+
+if File.exist?(gemfile)
+  ENV['BUNDLE_GEMFILE'] = gemfile
+  require 'bundler'
+  Bundler.setup
+end
+
+$:.unshift File.expand_path('../../../../lib', __FILE__)