RubyGems - protected_attributes - Versions diffs - 1.0.7 → 1.0.8 - Mend

protected_attributes 1.0.7 → 1.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

checksums.yaml +4 -4
data/lib/active_model/mass_assignment_security/sanitizer.rb +4 -3
data/lib/active_record/mass_assignment_security/associations.rb +5 -1
data/lib/protected_attributes/version.rb +1 -1
data/test/ar_helper.rb +20 -10
data/test/attribute_sanitization_test.rb +1 -1
data/test/mass_assignment_security_test.rb +24 -0
data/test/models/battle.rb +5 -0
data/test/models/company.rb +0 -90
data/test/models/group.rb +6 -0
data/test/models/membership.rb +8 -0
data/test/models/person.rb +0 -35
data/test/models/pirate.rb +5 -0
data/test/models/team.rb +5 -0
data/test/models/vampire.rb +4 -0
data/test/models/wolf.rb +4 -0
metadata +16 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 15c93e40990d4d4312dbe484bbbc6cb598e2d442
-  data.tar.gz: f1a5f94afb7fc4a9a7de9579e656108608b9799d
+  metadata.gz: 36faf1653ed8ee17a3e6b1ae5bccb2ba3bd0b546
+  data.tar.gz: 614f266410d2a0885bd6d496927cdc5c0e4c9ae3
 SHA512:
-  metadata.gz: 0a04423b815ce4e3a34849ced63a114dec9a905063b0d7b49dc3ae6c1cb353851ae4c2d32b98147d9a4295f98292e9ebd562330e331095635840a5c300c5524b
-  data.tar.gz: 892034d899c89aaf1ae211cd078f4b90e03d38618f8a5a449e4e45509cd902672d634d1896cf62207a3a364785836d9fbd93bf6352891422202ec90dcc6288db
+  metadata.gz: a775497367e9893d23a26983ec37e8c2110a79e13e3a215a94785f18d43e215d5e42ce176325fd5c09ac8a65b771a35630f377536e05b0712c62cf52f73a7818
+  data.tar.gz: cb338465c2fa0f8d37e491f21e411cd195c7d3a875a8d700477c47ab22a17b0687f0ba527da278d1b314707188ea0ddb2197bfcad8d934d28f9fb50f9b7d7b6a

data/lib/active_model/mass_assignment_security/sanitizer.rb CHANGED Viewed

@@ -14,7 +14,7 @@ module ActiveModel
     protected
       def process_removed_attributes(klass, attrs)
-        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+        raise NotImplementedError, "#process_removed_attributes(klass, attrs) is intended to be overwritten by a subclass"
       end
     end
@@ -56,8 +56,9 @@ module ActiveModel
       end
       def process_removed_attributes(klass, attrs)
-        return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
+        unless (attrs - insensitive_attributes).empty?
+          raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
+        end
       end
       def insensitive_attributes

data/lib/active_record/mass_assignment_security/associations.rb CHANGED Viewed

@@ -82,8 +82,12 @@ module ActiveRecord
         record
       end
       private :build_record
+      def options_for_through_record
+        [through_scope_attributes, without_protection: true]
+      end
+      private :options_for_through_record
     end
     class SingularAssociation

data/lib/protected_attributes/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ProtectedAttributes
-  VERSION = "1.0.7"
+  VERSION = "1.0.8"
 end

data/test/ar_helper.rb CHANGED Viewed

@@ -4,14 +4,12 @@ ActiveRecord::Base.establish_connection(adapter: 'sqlite3', database: ':memory:'
 ActiveRecord::Schema.verbose = false
 ActiveRecord::Schema.define do
   create_table :accounts, :force => true do |t|
     t.integer :firm_id
     t.string  :firm_name
     t.integer :credit_limit
   end
   create_table :companies, :force => true do |t|
     t.string  :type
     t.integer :firm_id
@@ -26,38 +24,50 @@ ActiveRecord::Schema.define do
   add_index :companies, [:firm_id, :type, :rating], :name => "company_index"
   add_index :companies, [:firm_id, :type], :name => "company_partial_index", :where => "rating > 10"
   create_table :keyboards, :force => true, :id  => false do |t|
     t.primary_key :key_number
     t.string      :name
   end
   create_table :people, :force => true do |t|
     t.string     :first_name, :null => false
-    t.references :primary_contact
     t.string     :gender, :limit => 1
-    t.references :number1_fan
-    t.integer    :lock_version, :null => false, :default => 0
     t.string     :comments
-    t.integer    :followers_count, :default => 0
     t.references :best_friend
     t.references :best_friend_of
     t.timestamps
   end
   create_table :subscribers, :force => true, :id => false do |t|
     t.string :nick, :null => false
     t.string :name
   end
   add_index :subscribers, :nick, :unique => true
   create_table :tasks, :force => true do |t|
     t.datetime :starting
     t.datetime :ending
   end
+  create_table :pirates, :force => true do |t|
+  end
+  create_table :groups, :force => true do |t|
+  end
+  create_table :memberships, :force => true do |t|
+    t.integer  "group_id"
+    t.integer  "pirate_id"
+  end
+  create_table :teams, :force => true
+  create_table :wolves, :force => true
+  create_table :vampires, :force => true
+  create_table :battles, :force => true do |t|
+    t.integer "team_id"
+    t.integer "battle_id"
+    t.string  "battle_type"
+  end
 end
 QUOTED_TYPE = ActiveRecord::Base.connection.quote_column_name('type')

data/test/attribute_sanitization_test.rb CHANGED Viewed

@@ -246,7 +246,7 @@ class AttributeSanitizationTest < ActiveSupport::TestCase
   def test_protection_against_class_attribute_writers
     attribute_writers = [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
      :default_timezone, :schema_format, :lock_optimistically, :timestamped_migrations, :default_scopes,
-     :connection_handler, :nested_attributes_options, :attribute_types_cached_by_default,
+     :connection_handler, :nested_attributes_options,
      :attribute_method_matchers, :time_zone_aware_attributes, :skip_time_zone_conversion_for_attributes]
     attribute_writers.push(:_attr_readonly) if active_record_40?

data/test/mass_assignment_security_test.rb CHANGED Viewed

@@ -1,6 +1,13 @@
 require 'test_helper'
 require 'active_model/mass_assignment_security'
 require 'models/mass_assignment_specific'
+require 'models/pirate'
+require 'models/group'
+require 'models/membership'
+require 'models/battle'
+require 'models/vampire'
+require 'models/wolf'
+require 'models/team'
 class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
@@ -115,4 +122,21 @@ class MassAssignmentSecurityTest < ActiveModel::TestCase
   ensure
     User.mass_assignment_sanitizer = old_sanitizer
   end
+  def test_concat_has_many_through_association_member
+    group = Group.create!
+    pirate = Pirate.create!
+    group.members << pirate
+    assert_equal pirate.memberships.first, group.memberships.first
+  end
+  def test_concat_has_many_through_polymorphic_association
+    team = Team.create!
+    vampire = Vampire.create!
+    wolf = Wolf.create!
+    team.vampire_battles << vampire
+    wolf.teams << team
+    assert_equal team.wolf_battles.first, wolf
+  end
 end

data/test/models/battle.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class Battle < ActiveRecord::Base
+  attr_accessible []
+  belongs_to :team
+  belongs_to :battle, :polymorphic => true
+end

data/test/models/company.rb CHANGED Viewed

@@ -4,99 +4,9 @@ end
 class Company < AbstractCompany
   attr_protected :rating
-  self.sequence_name = :companies_nonstd_seq
-  validates_presence_of :name
-  has_one :dummy_account, :foreign_key => "firm_id", :class_name => "Account"
-  has_many :contracts
-  has_many :developers, :through => :contracts
-  def arbitrary_method
-    "I am Jack's profound disappointment"
-  end
-  private
-  def private_method
-    "I am Jack's innermost fears and aspirations"
-  end
 end
 class Firm < Company
-  has_many :unsorted_clients, :class_name => "Client"
-  has_many :unsorted_clients_with_symbol, :class_name => :Client
-  has_many :clients_sorted_desc, -> { order "id DESC" }, :class_name => "Client"
-  has_many :clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client"
-  has_many :clients_ordered_by_name, -> { order "name" }, :class_name => "Client"
-  has_many :unvalidated_clients_of_firm, :foreign_key => "client_of", :class_name => "Client", :validate => false
-  has_many :dependent_clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client", :dependent => :destroy
-  has_many :exclusively_dependent_clients_of_firm, -> { order "id" }, :foreign_key => "client_of", :class_name => "Client", :dependent => :delete_all
-  has_many :limited_clients, -> { limit 1 }, :class_name => "Client"
-  has_many :clients_with_interpolated_conditions, ->(firm) { where "rating > #{firm.rating}" }, :class_name => "Client"
-  has_many :clients_like_ms, -> { where("name = 'Microsoft'").order("id") }, :class_name => "Client"
-  has_many :clients_like_ms_with_hash_conditions, -> { where(:name => 'Microsoft').order("id") }, :class_name => "Client"
-  if active_record_40?
-    ActiveSupport::Deprecation.silence do
-      has_many :clients, -> { order "id" }, :dependent => :destroy, :counter_sql =>
-          "SELECT COUNT(*) FROM companies WHERE firm_id = 1 " +
-          "AND (#{QUOTED_TYPE} = 'Client' OR #{QUOTED_TYPE} = 'SpecialClient' OR #{QUOTED_TYPE} = 'VerySpecialClient' )",
-          :before_remove => :log_before_remove,
-          :after_remove  => :log_after_remove
-      has_many :clients_using_sql, :class_name => "Client", :finder_sql => proc { "SELECT * FROM companies WHERE client_of = #{id}" }
-      has_many :clients_using_counter_sql, :class_name => "Client",
-               :finder_sql  => proc { "SELECT * FROM companies WHERE client_of = #{id} " },
-               :counter_sql => proc { "SELECT COUNT(*) FROM companies WHERE client_of = #{id}" }
-      has_many :clients_using_zero_counter_sql, :class_name => "Client",
-               :finder_sql  => proc { "SELECT * FROM companies WHERE client_of = #{id}" },
-               :counter_sql => proc { "SELECT 0 FROM companies WHERE client_of = #{id}" }
-      has_many :no_clients_using_counter_sql, :class_name => "Client",
-               :finder_sql  => 'SELECT * FROM companies WHERE client_of = 1000',
-               :counter_sql => 'SELECT COUNT(*) FROM companies WHERE client_of = 1000'
-      has_many :clients_using_finder_sql, :class_name => "Client", :finder_sql => 'SELECT * FROM companies WHERE 1=1'
-    end
-  end
-  has_many :plain_clients, :class_name => 'Client'
-  has_many :readonly_clients, -> { readonly }, :class_name => 'Client'
-  has_many :clients_using_primary_key, :class_name => 'Client',
-           :primary_key => 'name', :foreign_key => 'firm_name'
-  has_many :clients_using_primary_key_with_delete_all, :class_name => 'Client',
-           :primary_key => 'name', :foreign_key => 'firm_name', :dependent => :delete_all
-  has_many :clients_grouped_by_firm_id, -> { group("firm_id").select("firm_id") }, :class_name => "Client"
-  has_many :clients_grouped_by_name, -> { group("name").select("name") }, :class_name => "Client"
-  has_one :account, :foreign_key => "firm_id", :dependent => :destroy, :validate => true
-  has_one :unvalidated_account, :foreign_key => "firm_id", :class_name => 'Account', :validate => false
-  has_one :account_with_select, -> { select("id, firm_id") }, :foreign_key => "firm_id", :class_name=>'Account'
-  has_one :readonly_account, -> { readonly }, :foreign_key => "firm_id", :class_name => "Account"
-  # added order by id as in fixtures there are two accounts for Rails Core
-  # Oracle tests were failing because of that as the second fixture was selected
-  has_one :account_using_primary_key, -> { order('id') }, :primary_key => "firm_id", :class_name => "Account"
-  has_one :account_using_foreign_and_primary_keys, :foreign_key => "firm_name", :primary_key => "name", :class_name => "Account"
-  has_one :deletable_account, :foreign_key => "firm_id", :class_name => "Account", :dependent => :delete
-  has_one :account_limit_500_with_hash_conditions, -> { where :credit_limit => 500 }, :foreign_key => "firm_id", :class_name => "Account"
-  has_one :unautosaved_account, :foreign_key => "firm_id", :class_name => 'Account', :autosave => false
-  has_many :accounts
-  has_many :unautosaved_accounts, :foreign_key => "firm_id", :class_name => 'Account', :autosave => false
-  has_many :association_with_references, -> { references(:foo) }, :class_name => 'Client'
-  def log
-    @log ||= []
-  end
-  private
-    def log_before_remove(record)
-      log << "before_remove#{record.id}"
-    end
-    def log_after_remove(record)
-      log << "after_remove#{record.id}"
-    end
 end
 class Corporation < Company

data/test/models/group.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class Group < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+  has_many :memberships, :dependent => :destroy
+  has_many :members, :through => :memberships, :source => :pirate
+end

data/test/models/membership.rb ADDED Viewed

@@ -0,0 +1,8 @@
+class Membership < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+  belongs_to :group
+  belongs_to :pirate
+  attr_accessible []
+end

data/test/models/person.rb CHANGED Viewed

@@ -1,38 +1,3 @@
-class Person < ActiveRecord::Base
-  has_many :readers
-  has_many :secure_readers
-  has_one  :reader
-  has_many :posts, :through => :readers
-  has_many :secure_posts, :through => :secure_readers
-  has_many :posts_with_no_comments, -> { includes(:comments).where('comments.id is null').references(:comments) },
-                                    :through => :readers, :source => :post
-  has_many :followers, foreign_key: 'friend_id', class_name: 'Friendship'
-  has_many :references
-  has_many :bad_references
-  has_many :fixed_bad_references, -> { where :favourite => true }, :class_name => 'BadReference'
-  has_one  :favourite_reference, -> { where 'favourite=?', true }, :class_name => 'Reference'
-  has_many :posts_with_comments_sorted_by_comment_id, -> { includes(:comments).order('comments.id') }, :through => :readers, :source => :post
-  has_many :jobs, :through => :references
-  has_many :jobs_with_dependent_destroy,    :source => :job, :through => :references, :dependent => :destroy
-  has_many :jobs_with_dependent_delete_all, :source => :job, :through => :references, :dependent => :delete_all
-  has_many :jobs_with_dependent_nullify,    :source => :job, :through => :references, :dependent => :nullify
-  belongs_to :primary_contact, :class_name => 'Person'
-  has_many :agents, :class_name => 'Person', :foreign_key => 'primary_contact_id'
-  has_many :agents_of_agents, :through => :agents, :source => :agents
-  belongs_to :number1_fan, :class_name => 'Person'
-  has_many :agents_posts,         :through => :agents,       :source => :posts
-  has_many :agents_posts_authors, :through => :agents_posts, :source => :author
-  scope :males,   -> { where(:gender => 'M') }
-  scope :females, -> { where(:gender => 'F') }
-end
 class LoosePerson < ActiveRecord::Base
   self.table_name = 'people'

data/test/models/pirate.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class Pirate < ActiveRecord::Base
+  self.mass_assignment_sanitizer = :strict
+  has_many :memberships
+end

data/test/models/team.rb ADDED Viewed

@@ -0,0 +1,5 @@
+class Team < ActiveRecord::Base
+  has_many :battles
+  has_many :wolf_battles, :through => :battles, :class_name => 'Wolf', :source => :battle, :source_type => 'Wolf'
+  has_many :vampire_battles, :through => :battles, :class_name => 'Vampire', :source => :battle, :source_type => 'Vampire'
+end

data/test/models/vampire.rb ADDED Viewed

@@ -0,0 +1,4 @@
+class Vampire < ActiveRecord::Base
+  has_many :battles, :as => :battle
+  has_many :teams, :through => :battles
+end

data/test/models/wolf.rb ADDED Viewed

@@ -0,0 +1,4 @@
+class Wolf < ActiveRecord::Base
+  has_many :battles, :as => :battle
+  has_many :teams, :through => :battles
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protected_attributes
 version: !ruby/object:Gem::Version
-  version: 1.0.7
+  version: 1.0.8
 platform: ruby
 authors:
 - David Heinemeier Hansson
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-03-13 00:00:00.000000000 Z
+date: 2014-06-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -133,12 +133,19 @@ files:
 - test/mass_assignment_security/sanitizer_test.rb
 - test/mass_assignment_security/white_list_test.rb
 - test/mass_assignment_security_test.rb
+- test/models/battle.rb
 - test/models/company.rb
+- test/models/group.rb
 - test/models/keyboard.rb
 - test/models/mass_assignment_specific.rb
+- test/models/membership.rb
 - test/models/person.rb
+- test/models/pirate.rb
 - test/models/subscriber.rb
 - test/models/task.rb
+- test/models/team.rb
+- test/models/vampire.rb
+- test/models/wolf.rb
 - test/test_helper.rb
 homepage: https://github.com/rails/protected_attributes
 licenses:
@@ -174,10 +181,17 @@ test_files:
 - test/mass_assignment_security/sanitizer_test.rb
 - test/mass_assignment_security/white_list_test.rb
 - test/mass_assignment_security_test.rb
+- test/models/battle.rb
 - test/models/company.rb
+- test/models/group.rb
 - test/models/keyboard.rb
 - test/models/mass_assignment_specific.rb
+- test/models/membership.rb
 - test/models/person.rb
+- test/models/pirate.rb
 - test/models/subscriber.rb
 - test/models/task.rb
+- test/models/team.rb
+- test/models/vampire.rb
+- test/models/wolf.rb
 - test/test_helper.rb