protected_attributes 1.0.7 → 1.0.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15c93e40990d4d4312dbe484bbbc6cb598e2d442
-  data.tar.gz: f1a5f94afb7fc4a9a7de9579e656108608b9799d
+  metadata.gz: 36faf1653ed8ee17a3e6b1ae5bccb2ba3bd0b546
+  data.tar.gz: 614f266410d2a0885bd6d496927cdc5c0e4c9ae3
 SHA512:
-  metadata.gz: 0a04423b815ce4e3a34849ced63a114dec9a905063b0d7b49dc3ae6c1cb353851ae4c2d32b98147d9a4295f98292e9ebd562330e331095635840a5c300c5524b
-  data.tar.gz: 892034d899c89aaf1ae211cd078f4b90e03d38618f8a5a449e4e45509cd902672d634d1896cf62207a3a364785836d9fbd93bf6352891422202ec90dcc6288db
+  metadata.gz: a775497367e9893d23a26983ec37e8c2110a79e13e3a215a94785f18d43e215d5e42ce176325fd5c09ac8a65b771a35630f377536e05b0712c62cf52f73a7818
+  data.tar.gz: cb338465c2fa0f8d37e491f21e411cd195c7d3a875a8d700477c47ab22a17b0687f0ba527da278d1b314707188ea0ddb2197bfcad8d934d28f9fb50f9b7d7b6a

data/lib/active_model/mass_assignment_security/sanitizer.rb

@@ -14,7 +14,7 @@ module ActiveModel
     protected
 
       def process_removed_attributes(klass, attrs)
-        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+        raise NotImplementedError, "#process_removed_attributes(klass, attrs) is intended to be overwritten by a subclass"
       end
     end
 
@@ -56,8 +56,9 @@ module ActiveModel
       end
 
       def process_removed_attributes(klass, attrs)
-        return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
+        unless (attrs - insensitive_attributes).empty?
+          raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
+        end
       end
 
       def insensitive_attributes

data/lib/active_record/mass_assignment_security/associations.rb

@@ -82,8 +82,12 @@ module ActiveRecord
 
         record
       end
-
       private :build_record
+
+      def options_for_through_record
+        [through_scope_attributes, without_protection: true]
+      end
+      private :options_for_through_record
     end
 
     class SingularAssociation

data/lib/protected_attributes/version.rb

@@ -1,3 +1,3 @@
 module ProtectedAttributes
-  VERSION = "1.0.7"
+  VERSION = "1.0.8"
 end

data/test/ar_helper.rb

@@ -4,14 +4,12 @@ ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:'
 
 ActiveRecord::Schema.verbose = false
 ActiveRecord::Schema.define do
-
   create_table :accounts, :force => true do |t|
     t.integer :firm_id
     t.string  :firm_name
     t.integer :credit_limit
   end
 
-
   create_table :companies, :force => true do |t|
     t.string  :type
     t.integer :firm_id
@@ -26,38 +24,50 @@ ActiveRecord::Schema.define do
   add_index :companies, [:firm_id, :type, :rating], :name => "company_index"
   add_index :companies, [:firm_id, :type], :name => "company_partial_index", :where => "rating > 10"
 
-
   create_table :keyboards, :force => true, :id  => false do |t|
     t.primary_key :key_number
     t.string      :name
   end
 
-
   create_table :people, :force => true do |t|
     t.string     :first_name, :null => false
-    t.references :primary_contact
     t.string     :gender, :limit => 1
-    t.references :number1_fan
-    t.integer    :lock_version, :null => false, :default => 0
     t.string     :comments
-    t.integer    :followers_count, :default => 0
     t.references :best_friend
     t.references :best_friend_of
     t.timestamps
   end
 
-
   create_table :subscribers, :force => true, :id => false do |t|
     t.string :nick, :null => false
     t.string :name
   end
   add_index :subscribers, :nick, :unique => true
 
-
   create_table :tasks, :force => true do |t|
     t.datetime :starting
     t.datetime :ending
   end
+
+  create_table :pirates, :force => true do |t|
+  end
+
+  create_table :groups, :force => true do |t|
+  end
+
+  create_table :memberships, :force => true do |t|
+    t.integer  "group_id"
+    t.integer  "pirate_id"
+  end
+
+  create_table :teams, :force => true
+  create_table :wolves, :force => true
+  create_table :vampires, :force => true
+  create_table :battles, :force => true do |t|
+    t.integer "team_id"
+    t.integer "battle_id"
+    t.string  "battle_type"
+  end
 end
 
 QUOTED_TYPE = ActiveRecord::Base.connection.quote_column_name('type')

data/test/attribute_sanitization_test.rb

@@ -246,7 +246,7 @@ class AttributeSanitizationTest < ActiveSupport::TestCase
   def test_protection_against_class_attribute_writers
     attribute_writers = [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
      :default_timezone, :schema_format, :lock_optimistically, :timestamped_migrations, :default_scopes,
-     :connection_handler, :nested_attributes_options, :attribute_types_cached_by_default,
+     :connection_handler, :nested_attributes_options,
      :attribute_method_matchers, :time_zone_aware_attributes, :skip_time_zone_conversion_for_attributes]
 
     attribute_writers.push(:_attr_readonly) if active_record_40?

data/test/mass_assignment_security_test.rb

@@ -1,6 +1,13 @@
 require 'test_helper'
 require 'active_model/mass_assignment_security'
 require 'models/mass_assignment_specific'
+require 'models/pirate'
+require 'models/group'
+require 'models/membership'
+require 'models/battle'
+require 'models/vampire'
+require 'models/wolf'
+require 'models/team'
 
 class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
 
@@ -115,4 +122,21 @@ class MassAssignmentSecurityTest < ActiveModel::TestCase
   ensure
     User.mass_assignment_sanitizer = old_sanitizer
   end
+
+  def test_concat_has_many_through_association_member
+    group = Group.create!
+    pirate = Pirate.create!
+    group.members << pirate
+    assert_equal pirate.memberships.first, group.memberships.first
+  end
+
+  def test_concat_has_many_through_polymorphic_association
+    team = Team.create!
+    vampire = Vampire.create!
+    wolf = Wolf.create!
+
+    team.vampire_battles << vampire
+    wolf.teams << team
+    assert_equal team.wolf_battles.first, wolf
+  end
 end

data/test/models/battle.rb

@@ -0,0 +1,5 @@
+class Battle < ActiveRecord::Base
+  attr_accessible []
+  belongs_to :team
+  belongs_to :battle, :polymorphic => true
+end

data/test/models/company.rb

@@ -4,99 +4,9 @@ end
 
 class Company < AbstractCompany
   attr_protected :rating
-  self.sequence_name = :companies_nonstd_seq
-
-  validates_presence_of :name
-
-  has_one :dummy_account, :foreign_key => "firm_id", :class_name => "Account"
-  has_many :contracts
-  has_many :developers, :through => :contracts
-
-  def arbitrary_method
-    "I am Jack's profound disappointment"
-  end
-
-  private
-
-  def private_method
-    "I am Jack's innermost fears and aspirations"
-  end
 end
 
 class Firm < Company
-  has_many :unsorted_clients, :class_name => "Client"
-  has_many :unsorted_clients_with_symbol, :class_name => :Client
-  has_many :clients_sorted_desc, -> { order "id DESC" }, :class_name => "Client"
-  has_many :clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client"
-  has_many :clients_ordered_by_name, -> { order "name" }, :class_name => "Client"
-  has_many :unvalidated_clients_of_firm, :foreign_key => "client_of", :class_name => "Client", :validate => false
-  has_many :dependent_clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client", :dependent => :destroy
-  has_many :exclusively_dependent_clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client", :dependent => :delete_all
-  has_many :limited_clients, -> { limit 1 }, :class_name => "Client"
-  has_many :clients_with_interpolated_conditions, ->(firm) { where "rating > #{firm.rating}" }, :class_name => "Client"
-  has_many :clients_like_ms, -> { where("name = 'Microsoft'").order("id") }, :class_name => "Client"
-  has_many :clients_like_ms_with_hash_conditions, -> { where(:name => 'Microsoft').order("id") }, :class_name => "Client"
-
-  if active_record_40?
-    ActiveSupport::Deprecation.silence do
-      has_many :clients, -> { order "id" }, :dependent => :destroy, :counter_sql =>
-          "SELECT COUNT(*) FROM companies WHERE firm_id = 1 " +
-          "AND (#{QUOTED_TYPE} = 'Client' OR #{QUOTED_TYPE} = 'SpecialClient' OR #{QUOTED_TYPE} = 'VerySpecialClient' )",
-          :before_remove => :log_before_remove,
-          :after_remove  => :log_after_remove
-      has_many :clients_using_sql, :class_name => "Client", :finder_sql => proc { "SELECT * FROM companies WHERE client_of = #{id}" }
-      has_many :clients_using_counter_sql, :class_name => "Client",
-               :finder_sql  => proc { "SELECT * FROM companies WHERE client_of = #{id} " },
-               :counter_sql => proc { "SELECT COUNT(*) FROM companies WHERE client_of = #{id}" }
-      has_many :clients_using_zero_counter_sql, :class_name => "Client",
-               :finder_sql  => proc { "SELECT * FROM companies WHERE client_of = #{id}" },
-               :counter_sql => proc { "SELECT 0 FROM companies WHERE client_of = #{id}" }
-      has_many :no_clients_using_counter_sql, :class_name => "Client",
-               :finder_sql  => 'SELECT * FROM companies WHERE client_of = 1000',
-               :counter_sql => 'SELECT COUNT(*) FROM companies WHERE client_of = 1000'
-      has_many :clients_using_finder_sql, :class_name => "Client", :finder_sql => 'SELECT * FROM companies WHERE 1=1'
-    end
-  end
-
-  has_many :plain_clients, :class_name => 'Client'
-  has_many :readonly_clients, -> { readonly }, :class_name => 'Client'
-  has_many :clients_using_primary_key, :class_name => 'Client',
-           :primary_key => 'name', :foreign_key => 'firm_name'
-  has_many :clients_using_primary_key_with_delete_all, :class_name => 'Client',
-           :primary_key => 'name', :foreign_key => 'firm_name', :dependent => :delete_all
-  has_many :clients_grouped_by_firm_id, -> { group("firm_id").select("firm_id") }, :class_name => "Client"
-  has_many :clients_grouped_by_name, -> { group("name").select("name") }, :class_name => "Client"
-
-  has_one :account, :foreign_key => "firm_id", :dependent => :destroy, :validate => true
-  has_one :unvalidated_account, :foreign_key => "firm_id", :class_name => 'Account', :validate => false
-  has_one :account_with_select, -> { select("id, firm_id") }, :foreign_key => "firm_id", :class_name=>'Account'
-  has_one :readonly_account, -> { readonly }, :foreign_key => "firm_id", :class_name => "Account"
-  # added order by id as in fixtures there are two accounts for Rails Core
-  # Oracle tests were failing because of that as the second fixture was selected
-  has_one :account_using_primary_key, -> { order('id') }, :primary_key => "firm_id", :class_name => "Account"
-  has_one :account_using_foreign_and_primary_keys, :foreign_key => "firm_name", :primary_key => "name", :class_name => "Account"
-  has_one :deletable_account, :foreign_key => "firm_id", :class_name => "Account", :dependent => :delete
-
-  has_one :account_limit_500_with_hash_conditions, -> { where :credit_limit => 500 }, :foreign_key => "firm_id", :class_name => "Account"
-
-  has_one :unautosaved_account, :foreign_key => "firm_id", :class_name => 'Account', :autosave => false
-  has_many :accounts
-  has_many :unautosaved_accounts, :foreign_key => "firm_id", :class_name => 'Account', :autosave => false
-
-  has_many :association_with_references, -> { references(:foo) }, :class_name => 'Client'
-
-  def log
-    @log ||= []
-  end
-
-  private
-    def log_before_remove(record)
-      log << "before_remove#{record.id}"
-    end
-
-    def log_after_remove(record)
-      log << "after_remove#{record.id}"
-    end
 end
 
 class Corporation < Company

data/test/models/group.rb

@@ -0,0 +1,6 @@
+class Group < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+
+  has_many :memberships, :dependent => :destroy
+  has_many :members, :through => :memberships, :source => :pirate
+end

data/test/models/membership.rb

@@ -0,0 +1,8 @@
+class Membership < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+
+  belongs_to :group
+  belongs_to :pirate
+
+  attr_accessible []
+end

data/test/models/person.rb

@@ -1,38 +1,3 @@
-class Person < ActiveRecord::Base
-  has_many :readers
-  has_many :secure_readers
-  has_one  :reader
-
-  has_many :posts, :through => :readers
-  has_many :secure_posts, :through => :secure_readers
-  has_many :posts_with_no_comments, -> { includes(:comments).where('comments.id is null').references(:comments) },
-                                    :through => :readers, :source => :post
-
-  has_many :followers, foreign_key: 'friend_id', class_name: 'Friendship'
-
-  has_many :references
-  has_many :bad_references
-  has_many :fixed_bad_references, -> { where :favourite => true }, :class_name => 'BadReference'
-  has_one  :favourite_reference, -> { where 'favourite=?', true }, :class_name => 'Reference'
-  has_many :posts_with_comments_sorted_by_comment_id, -> { includes(:comments).order('comments.id') }, :through => :readers, :source => :post
-
-  has_many :jobs, :through => :references
-  has_many :jobs_with_dependent_destroy,    :source => :job, :through => :references, :dependent => :destroy
-  has_many :jobs_with_dependent_delete_all, :source => :job, :through => :references, :dependent => :delete_all
-  has_many :jobs_with_dependent_nullify,    :source => :job, :through => :references, :dependent => :nullify
-
-  belongs_to :primary_contact, :class_name => 'Person'
-  has_many :agents, :class_name => 'Person', :foreign_key => 'primary_contact_id'
-  has_many :agents_of_agents, :through => :agents, :source => :agents
-  belongs_to :number1_fan, :class_name => 'Person'
-
-  has_many :agents_posts,         :through => :agents,       :source => :posts
-  has_many :agents_posts_authors, :through => :agents_posts, :source => :author
-
-  scope :males,   -> { where(:gender => 'M') }
-  scope :females, -> { where(:gender => 'F') }
-end
-
 class LoosePerson < ActiveRecord::Base
   self.table_name = 'people'
 

data/test/models/pirate.rb

@@ -0,0 +1,5 @@
+class Pirate < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+
+  has_many :memberships
+end

data/test/models/team.rb

@@ -0,0 +1,5 @@
+class Team < ActiveRecord::Base
+  has_many :battles
+  has_many :wolf_battles, :through => :battles, :class_name => 'Wolf', :source => :battle, :source_type => 'Wolf'
+  has_many :vampire_battles, :through => :battles, :class_name => 'Vampire', :source => :battle, :source_type => 'Vampire'
+end

data/test/models/vampire.rb

@@ -0,0 +1,4 @@
+class Vampire < ActiveRecord::Base
+  has_many :battles, :as => :battle
+  has_many :teams, :through => :battles
+end

data/test/models/wolf.rb

@@ -0,0 +1,4 @@
+class Wolf < ActiveRecord::Base
+  has_many :battles, :as => :battle
+  has_many :teams, :through => :battles
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protected_attributes
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-03-13 00:00:00.000000000 Z
+date: 2014-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -133,12 +133,19 @@ files:
 - test/mass_assignment_security/sanitizer_test.rb
 - test/mass_assignment_security/white_list_test.rb
 - test/mass_assignment_security_test.rb
+- test/models/battle.rb
 - test/models/company.rb
+- test/models/group.rb
 - test/models/keyboard.rb
 - test/models/mass_assignment_specific.rb
+- test/models/membership.rb
 - test/models/person.rb
+- test/models/pirate.rb
 - test/models/subscriber.rb
 - test/models/task.rb
+- test/models/team.rb
+- test/models/vampire.rb
+- test/models/wolf.rb
 - test/test_helper.rb
 homepage: https://github.com/rails/protected_attributes
 licenses:
@@ -174,10 +181,17 @@ test_files:
 - test/mass_assignment_security/sanitizer_test.rb
 - test/mass_assignment_security/white_list_test.rb
 - test/mass_assignment_security_test.rb
+- test/models/battle.rb
 - test/models/company.rb
+- test/models/group.rb
 - test/models/keyboard.rb
 - test/models/mass_assignment_specific.rb
+- test/models/membership.rb
 - test/models/person.rb
+- test/models/pirate.rb
 - test/models/subscriber.rb
 - test/models/task.rb
+- test/models/team.rb
+- test/models/vampire.rb
+- test/models/wolf.rb
 - test/test_helper.rb