protected_attributes 1.0.2 → 1.0.3
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7e99fd841a54df63ccc0d5147824eb665ef8396a
|
|
4
|
+
data.tar.gz: c37af9718bcd15937e1e195ae7c7bd3c742f728a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cd7137d9cfc8e5ef5d6263ecb4e82a94fbf4b66f7fd4d3fb2bd287b7dfb2a5ce04cb1bfd87fb4f84f42252c20ba86613f137afdff172673308fbaed950096ba2
|
|
7
|
+
data.tar.gz: 41c9d8e77b681dde22d0469685c9ef7d2aa1237a8ef86bf5ce40950a3028dbe727741e1ed352a7867115256924d0364dd39e3944a28bcdbc371f939429fa6c5e
|
data/README.md
CHANGED
|
@@ -37,11 +37,11 @@ A much better way, because it follows the whitelist-principle, is the `attr_acce
|
|
|
37
37
|
|
|
38
38
|
If you want to set a protected attribute, you will to have to assign it individually:
|
|
39
39
|
|
|
40
|
-
params[:user] # => {:name => "owned", :
|
|
40
|
+
params[:user] # => {:name => "owned", :is_admin => true}
|
|
41
41
|
@user = User.new(params[:user])
|
|
42
|
-
@user.
|
|
43
|
-
@user.
|
|
44
|
-
@user.
|
|
42
|
+
@user.is_admin # => false, not mass-assigned
|
|
43
|
+
@user.is_admin = true
|
|
44
|
+
@user.is_admin # => true
|
|
45
45
|
|
|
46
46
|
When assigning attributes in Active Record using `attributes=` the `:default` role will be used. To assign attributes using different roles you should use `assign_attributes` which accepts an optional `:as` options parameter. If no `:as` option is provided then the `:default` role will be used.
|
|
47
47
|
You can also bypass mass-assignment security by using the `:without_protection` option. Here is an example:
|
|
@@ -4,6 +4,9 @@ module ActiveRecord
|
|
|
4
4
|
extend ActiveSupport::Concern
|
|
5
5
|
|
|
6
6
|
module ClassMethods
|
|
7
|
+
|
|
8
|
+
REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
|
|
9
|
+
|
|
7
10
|
def accepts_nested_attributes_for(*attr_names)
|
|
8
11
|
options = { :allow_destroy => false, :update_only => false }
|
|
9
12
|
options.update(attr_names.extract_options!)
|
|
@@ -52,7 +55,7 @@ module ActiveRecord
|
|
|
52
55
|
assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes)
|
|
53
56
|
|
|
54
57
|
elsif attributes['id'].present? && !assignment_opts[:without_protection]
|
|
55
|
-
raise_nested_attributes_record_not_found(association_name, attributes['id'])
|
|
58
|
+
raise_nested_attributes_record_not_found!(association_name, attributes['id'])
|
|
56
59
|
|
|
57
60
|
elsif !reject_new_record?(association_name, attributes)
|
|
58
61
|
method = "build_#{association_name}"
|
|
@@ -130,7 +133,7 @@ module ActiveRecord
|
|
|
130
133
|
elsif assignment_opts[:without_protection]
|
|
131
134
|
association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
|
|
132
135
|
else
|
|
133
|
-
raise_nested_attributes_record_not_found(association_name, attributes['id'])
|
|
136
|
+
raise_nested_attributes_record_not_found!(association_name, attributes['id'])
|
|
134
137
|
end
|
|
135
138
|
end
|
|
136
139
|
end
|
data/test/models/person.rb
CHANGED
|
@@ -69,7 +69,7 @@ class NestedPerson < ActiveRecord::Base
|
|
|
69
69
|
attr_accessible :best_friend_attributes, :best_friend_first_name, :as => :admin
|
|
70
70
|
|
|
71
71
|
has_one :best_friend, :class_name => 'NestedPerson', :foreign_key => :best_friend_id
|
|
72
|
-
accepts_nested_attributes_for :best_friend, :update_only => true
|
|
72
|
+
accepts_nested_attributes_for :best_friend, :update_only => true, :reject_if => :all_blank
|
|
73
73
|
|
|
74
74
|
def comments=(new_comments)
|
|
75
75
|
raise RuntimeError
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: protected_attributes
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- David Heinemeier Hansson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2013-06-
|
|
11
|
+
date: 2013-06-29 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activemodel
|
|
@@ -16,7 +16,7 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '>='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 4.0.0
|
|
19
|
+
version: 4.0.0
|
|
20
20
|
- - <
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
22
|
version: '5.0'
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - '>='
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 4.0.0
|
|
29
|
+
version: 4.0.0
|
|
30
30
|
- - <
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
32
|
version: '5.0'
|
|
@@ -36,7 +36,7 @@ dependencies:
|
|
|
36
36
|
requirements:
|
|
37
37
|
- - '>='
|
|
38
38
|
- !ruby/object:Gem::Version
|
|
39
|
-
version: 4.0.0
|
|
39
|
+
version: 4.0.0
|
|
40
40
|
- - <
|
|
41
41
|
- !ruby/object:Gem::Version
|
|
42
42
|
version: '5.0'
|
|
@@ -46,7 +46,7 @@ dependencies:
|
|
|
46
46
|
requirements:
|
|
47
47
|
- - '>='
|
|
48
48
|
- !ruby/object:Gem::Version
|
|
49
|
-
version: 4.0.0
|
|
49
|
+
version: 4.0.0
|
|
50
50
|
- - <
|
|
51
51
|
- !ruby/object:Gem::Version
|
|
52
52
|
version: '5.0'
|
|
@@ -56,7 +56,7 @@ dependencies:
|
|
|
56
56
|
requirements:
|
|
57
57
|
- - '>='
|
|
58
58
|
- !ruby/object:Gem::Version
|
|
59
|
-
version: 4.0.0
|
|
59
|
+
version: 4.0.0
|
|
60
60
|
- - <
|
|
61
61
|
- !ruby/object:Gem::Version
|
|
62
62
|
version: '5.0'
|
|
@@ -66,7 +66,7 @@ dependencies:
|
|
|
66
66
|
requirements:
|
|
67
67
|
- - '>='
|
|
68
68
|
- !ruby/object:Gem::Version
|
|
69
|
-
version: 4.0.0
|
|
69
|
+
version: 4.0.0
|
|
70
70
|
- - <
|
|
71
71
|
- !ruby/object:Gem::Version
|
|
72
72
|
version: '5.0'
|