protected_attributes_continued 1.2.0

data/lib/active_model/mass_assignment_security/permission_set.rb

@@ -0,0 +1,40 @@
+require 'set'
+
+module ActiveModel
+  module MassAssignmentSecurity
+    class PermissionSet < Set #:nodoc:
+
+      def +(values)
+        super(values.compact.map(&:to_s))
+      end
+
+      def include?(key)
+        super(remove_multiparameter_id(key))
+      end
+
+      def deny?(key)
+        raise NotImplementedError, "#deny?(key) supposed to be overwritten"
+      end
+
+    protected
+
+      def remove_multiparameter_id(key)
+        key.to_s.gsub(/\(.+/, '')
+      end
+    end
+
+    class WhiteList < PermissionSet #:nodoc:
+
+      def deny?(key)
+        !include?(key)
+      end
+    end
+
+    class BlackList < PermissionSet #:nodoc:
+
+      def deny?(key)
+        include?(key)
+      end
+    end
+  end
+end

data/lib/active_model/mass_assignment_security/sanitizer.rb

@@ -0,0 +1,75 @@
+module ActiveModel
+  module MassAssignmentSecurity
+    class Sanitizer #:nodoc:
+      # Returns all attributes not denied by the authorizer.
+      def sanitize(klass, attributes, authorizer)
+        rejected = []
+        sanitized_attributes = attributes.reject do |key, value|
+          rejected << key if authorizer.deny?(key)
+        end
+        process_removed_attributes(klass, rejected) unless rejected.empty?
+        sanitized_attributes
+      end
+
+    protected
+
+      def process_removed_attributes(klass, attrs)
+        raise NotImplementedError, "#process_removed_attributes(klass, attrs) is intended to be overwritten by a subclass"
+      end
+    end
+
+    class LoggerSanitizer < Sanitizer #:nodoc:
+      def initialize(target)
+        @target = target
+        super()
+      end
+
+      def logger
+        @target.logger
+      end
+
+      def logger?
+        @target.respond_to?(:logger) && @target.logger
+      end
+
+      def backtrace
+        if defined? Rails.backtrace_cleaner
+          Rails.backtrace_cleaner.clean(caller)
+        else
+          caller
+        end
+      end
+
+      def process_removed_attributes(klass, attrs)
+        if logger?
+          logger.warn do
+            "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" +
+                backtrace.map { |trace| "\t#{trace}" }.join("\n")
+          end
+        end
+      end
+    end
+
+    class StrictSanitizer < Sanitizer #:nodoc:
+      def initialize(target = nil)
+        super()
+      end
+
+      def process_removed_attributes(klass, attrs)
+        unless (attrs - insensitive_attributes).empty?
+          raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
+        end
+      end
+
+      def insensitive_attributes
+        ['id']
+      end
+    end
+
+    class Error < StandardError #:nodoc:
+      def initialize(klass, attrs)
+        super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}")
+      end
+    end
+  end
+end

data/lib/active_record/mass_assignment_security.rb

@@ -0,0 +1,29 @@
+require "active_record"
+
+def active_record_40?
+  ActiveRecord::VERSION::MAJOR == 4 && ActiveRecord::VERSION::MINOR == 0
+end
+
+require "active_record/mass_assignment_security/associations"
+require "active_record/mass_assignment_security/attribute_assignment"
+require "active_record/mass_assignment_security/core"
+require "active_record/mass_assignment_security/nested_attributes"
+require "active_record/mass_assignment_security/persistence"
+require "active_record/mass_assignment_security/reflection"
+require "active_record/mass_assignment_security/relation"
+require "active_record/mass_assignment_security/validations"
+require "active_record/mass_assignment_security/associations"
+require "active_record/mass_assignment_security/inheritance"
+
+class ActiveRecord::Base
+  include ActiveRecord::MassAssignmentSecurity::Core
+  include ActiveRecord::MassAssignmentSecurity::AttributeAssignment
+  include ActiveRecord::MassAssignmentSecurity::Persistence
+  include ActiveRecord::MassAssignmentSecurity::Validations
+  include ActiveRecord::MassAssignmentSecurity::NestedAttributes
+  include ActiveRecord::MassAssignmentSecurity::Inheritance
+end
+
+class ActiveRecord::SchemaMigration < ActiveRecord::Base
+  attr_accessible :version
+end

data/lib/active_record/mass_assignment_security/associations.rb

@@ -0,0 +1,154 @@
+module ActiveRecord
+  module Associations
+    class Association
+      undef :build_record
+
+      def build_record(attributes, options)
+        reflection.build_association(attributes, options) do |record|
+          attributes = create_scope.except(*(record.changed - [reflection.foreign_key]))
+          record.assign_attributes(attributes, without_protection: true)
+        end
+      end
+
+      private :build_record
+    end
+
+    class CollectionAssociation
+      undef :build
+      undef :create
+      undef :create!
+
+      def build(attributes = {}, options = {}, &block)
+        if attributes.is_a?(Array)
+          attributes.collect { |attr| build(attr, options, &block) }
+        else
+          add_to_target(build_record(attributes, options)) do |record|
+            yield(record) if block_given?
+          end
+        end
+      end
+
+      def create(attributes = {}, options = {}, &block)
+        create_record(attributes, options, &block)
+      end
+
+      def create!(attributes = {}, options = {}, &block)
+        create_record(attributes, options, true, &block)
+      end
+
+      def create_record(attributes, options, raise = false, &block)
+        unless owner.persisted?
+          raise ActiveRecord::RecordNotSaved, "You cannot call create unless the parent is saved"
+        end
+
+        if attributes.is_a?(Array)
+          attributes.collect { |attr| create_record(attr, options, raise, &block) }
+        else
+          transaction do
+            add_to_target(build_record(attributes, options)) do |record|
+              yield(record) if block_given?
+              insert_record(record, true, raise)
+            end
+          end
+        end
+      end
+
+      private :create_record
+    end
+
+    class CollectionProxy
+      undef :create
+      undef :create!
+
+      def build(attributes = {}, options = {}, &block)
+        @association.build(attributes, options, &block)
+      end
+      alias_method :new, :build
+
+      def create(attributes = {}, options = {}, &block)
+        @association.create(attributes, options, &block)
+      end
+
+      def create!(attributes = {}, options = {}, &block)
+        @association.create!(attributes, options, &block)
+      end
+    end
+
+    module ThroughAssociation
+      undef :build_record if respond_to?(:build_record, false)
+
+      private
+
+        def build_record(attributes, options={})
+          inverse = source_reflection.inverse_of
+          target = through_association.target
+
+          if inverse && target && !target.is_a?(Array)
+            attributes[inverse.foreign_key] = target.id
+          end
+
+          super(attributes, options)
+        end
+    end
+
+    class HasManyThroughAssociation
+      undef :build_record
+      undef :options_for_through_record if respond_to?(:options_for_through_record, false)
+
+      def build_record(attributes, options = {})
+        ensure_not_nested
+
+        record = super(attributes, options)
+
+        inverse = source_reflection.inverse_of
+        if inverse
+          if inverse.macro == :has_many
+            record.send(inverse.name) << build_through_record(record)
+          elsif inverse.macro == :has_one
+            record.send("#{inverse.name}=", build_through_record(record))
+          end
+        end
+
+        record
+      end
+      private :build_record
+
+      def options_for_through_record
+        [through_scope_attributes, without_protection: true]
+      end
+      private :options_for_through_record
+    end
+
+    class SingularAssociation
+      undef :create
+      undef :create!
+      undef :build
+
+      def create(attributes = {}, options = {}, &block)
+        create_record(attributes, options, &block)
+      end
+
+      def create!(attributes = {}, options = {}, &block)
+        create_record(attributes, options, true, &block)
+      end
+
+      def build(attributes = {}, options = {})
+        record = build_record(attributes, options)
+        yield(record) if block_given?
+        set_new_record(record)
+        record
+      end
+
+      def create_record(attributes, options = {}, raise_error = false)
+        record = build_record(attributes, options)
+        yield(record) if block_given?
+        saved = record.save
+        set_new_record(record)
+        raise RecordInvalid.new(record) if !saved && raise_error
+        record
+      end
+
+      private :create_record
+    end
+  end
+end

data/lib/active_record/mass_assignment_security/attribute_assignment.rb

@@ -0,0 +1,88 @@
+require 'active_model/mass_assignment_security'
+require 'active_record'
+
+module ActiveRecord
+  module MassAssignmentSecurity
+    module AttributeAssignment
+      extend ActiveSupport::Concern
+      include ActiveModel::MassAssignmentSecurity
+
+      module ClassMethods
+        private
+
+        # The primary key and inheritance column can never be set by mass-assignment for security reasons.
+        def attributes_protected_by_default
+          default = [ primary_key, inheritance_column ]
+          default << 'id' unless primary_key.eql? 'id'
+          default
+        end
+      end
+
+      # Allows you to set all the attributes for a particular mass-assignment
+      # security role by passing in a hash of attributes with keys matching
+      # the attribute names (which again matches the column names) and the role
+      # name using the :as option.
+      #
+      # To bypass mass-assignment security you can use the :without_protection => true
+      # option.
+      #
+      #   class User < ActiveRecord::Base
+      #     attr_accessible :name
+      #     attr_accessible :name, :is_admin, :as => :admin
+      #   end
+      #
+      #   user = User.new
+      #   user.assign_attributes({ :name => 'Josh', :is_admin => true })
+      #   user.name       # => "Josh"
+      #   user.is_admin?  # => false
+      #
+      #   user = User.new
+      #   user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
+      #   user.name       # => "Josh"
+      #   user.is_admin?  # => true
+      #
+      #   user = User.new
+      #   user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
+      #   user.name       # => "Josh"
+      #   user.is_admin?  # => true
+      def assign_attributes(new_attributes, options = {})
+        return if new_attributes.blank?
+
+        attributes                  = new_attributes.stringify_keys
+        multi_parameter_attributes  = []
+        nested_parameter_attributes = []
+        previous_options            = @mass_assignment_options
+        @mass_assignment_options    = options
+
+        unless options[:without_protection]
+          attributes = sanitize_for_mass_assignment(attributes, mass_assignment_role)
+        end
+
+        attributes.each do |k, v|
+          if k.include?("(")
+            multi_parameter_attributes << [ k, v ]
+          elsif v.is_a?(Hash)
+            nested_parameter_attributes << [ k, v ]
+          else
+            _assign_attribute(k, v)
+          end
+        end
+
+        assign_nested_parameter_attributes(nested_parameter_attributes) unless nested_parameter_attributes.empty?
+        assign_multiparameter_attributes(multi_parameter_attributes) unless multi_parameter_attributes.empty?
+      ensure
+        @mass_assignment_options = previous_options
+      end
+
+      protected
+
+      def mass_assignment_options
+        @mass_assignment_options ||= {}
+      end
+
+      def mass_assignment_role
+        mass_assignment_options[:as] || :default
+      end
+    end
+  end
+end

data/lib/active_record/mass_assignment_security/core.rb

@@ -0,0 +1,17 @@
+module ActiveRecord
+  module MassAssignmentSecurity
+    module Core
+
+      private
+
+      def init_attributes(attributes, options)
+        assign_attributes(attributes, options)
+      end
+
+      def init_internals
+        super
+        @mass_assignment_options = nil
+      end
+    end
+  end
+end

data/lib/active_record/mass_assignment_security/inheritance.rb

@@ -0,0 +1,23 @@
+module ActiveRecord
+  module MassAssignmentSecurity
+    module Inheritance
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+      private
+        # Detect the subclass from the inheritance column of attrs. If the inheritance column value
+        # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound
+        # If this is a StrongParameters hash, and access to inheritance_column is not permitted,
+        # this will ignore the inheritance column and return nil
+        def subclass_from_attributes?(attrs)
+          active_authorizer[:default].deny?(inheritance_column) ? nil : super
+        end
+
+        # Support Active Record <= 4.0.3, which uses the old method signature.
+        def subclass_from_attrs(attrs)
+          active_authorizer[:default].deny?(inheritance_column) ? nil : super
+        end
+      end
+    end
+  end
+end

data/lib/active_record/mass_assignment_security/nested_attributes.rb

@@ -0,0 +1,157 @@
+module ActiveRecord
+  module MassAssignmentSecurity
+    module NestedAttributes
+      extend ActiveSupport::Concern
+
+      module ClassMethods
+
+        REJECT_ALL_BLANK_PROC = proc { |attributes| attributes.all? { |key, value| key == '_destroy' || value.blank? } }
+
+        def accepts_nested_attributes_for(*attr_names)
+          options = { :allow_destroy => false, :update_only => false }
+          options.update(attr_names.extract_options!)
+          options.assert_valid_keys(:allow_destroy, :reject_if, :limit, :update_only)
+          options[:reject_if] = REJECT_ALL_BLANK_PROC if options[:reject_if] == :all_blank
+
+          attr_names.each do |association_name|
+            if reflection = reflect_on_association(association_name)
+              if active_record_40?
+                reflection.options[:autosave] = true
+              else
+                reflection.autosave = true
+              end
+              add_autosave_association_callbacks(reflection)
+
+              nested_attributes_options = self.nested_attributes_options.dup
+              nested_attributes_options[association_name.to_sym] = options
+              self.nested_attributes_options = nested_attributes_options
+
+              type = (reflection.collection? ? :collection : :one_to_one)
+
+              generated_methods_module = active_record_40? ? generated_feature_methods : generated_association_methods
+
+              # def pirate_attributes=(attributes)
+              #   assign_nested_attributes_for_one_to_one_association(:pirate, attributes, mass_assignment_options)
+              # end
+              generated_methods_module.module_eval <<-eoruby, __FILE__, __LINE__ + 1
+                if method_defined?(:#{association_name}_attributes=)
+                  remove_method(:#{association_name}_attributes=)
+                end
+                def #{association_name}_attributes=(attributes)
+                  assign_nested_attributes_for_#{type}_association(:#{association_name}, attributes, mass_assignment_options)
+                end
+              eoruby
+            else
+              raise ArgumentError, "No association found for name `#{association_name}'. Has it been defined yet?"
+            end
+          end
+        end
+      end
+
+      private
+
+      UNASSIGNABLE_KEYS = %w( id _destroy )
+
+      def assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {})
+        options = self.nested_attributes_options[association_name]
+        attributes = attributes.with_indifferent_access
+
+        if  (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) &&
+            (options[:update_only] || record.id.to_s == attributes['id'].to_s)
+          assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes)
+
+        elsif attributes['id'].present? && !assignment_opts[:without_protection]
+          raise_nested_attributes_record_not_found!(association_name, attributes['id'])
+
+        elsif !reject_new_record?(association_name, attributes)
+          method = "build_#{association_name}"
+          if respond_to?(method)
+            send(method, attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+          else
+            raise ArgumentError, "Cannot build association `#{association_name}'. Are you trying to build a polymorphic one-to-one association?"
+          end
+        end
+      end
+
+      def assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {})
+        options = self.nested_attributes_options[association_name]
+
+        unless attributes_collection.is_a?(Hash) || attributes_collection.is_a?(Array)
+          raise ArgumentError, "Hash or Array expected, got #{attributes_collection.class.name} (#{attributes_collection.inspect})"
+        end
+
+        if limit = options[:limit]
+          limit = case limit
+          when Symbol
+            send(limit)
+          when Proc
+            limit.call
+          else
+            limit
+          end
+
+          if limit && attributes_collection.size > limit
+            raise ::ActiveRecord::NestedAttributes::TooManyRecords, "Maximum #{limit} records are allowed. Got #{attributes_collection.size} records instead."
+          end
+        end
+
+        if attributes_collection.is_a? Hash
+          keys = attributes_collection.keys
+          attributes_collection = if keys.include?('id') || keys.include?(:id)
+            [attributes_collection]
+          else
+            attributes_collection.values
+          end
+        end
+
+        association = association(association_name)
+
+        existing_records = if association.loaded?
+          association.target
+        else
+          attribute_ids = attributes_collection.map {|a| a['id'] || a[:id] }.compact
+          attribute_ids.empty? ? [] : association.scope.where(association.klass.primary_key => attribute_ids)
+        end
+
+        attributes_collection.each do |attributes|
+          attributes = attributes.with_indifferent_access
+
+          if attributes['id'].blank?
+            unless reject_new_record?(association_name, attributes)
+              association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+            end
+          elsif existing_record = existing_records.detect { |record| record.id.to_s == attributes['id'].to_s }
+            unless association.loaded? || call_reject_if(association_name, attributes)
+              # Make sure we are operating on the actual object which is in the association's
+              # proxy_target array (either by finding it, or adding it if not found)
+              target_record = association.target.detect { |record| record == existing_record }
+
+              if target_record
+                existing_record = target_record
+              else
+                association.add_to_target(existing_record)
+              end
+            end
+
+            if !call_reject_if(association_name, attributes)
+              assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy], assignment_opts)
+            end
+          elsif assignment_opts[:without_protection]
+            association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+          else
+            raise_nested_attributes_record_not_found!(association_name, attributes['id'])
+          end
+        end
+      end
+
+      def assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts)
+        record.assign_attributes(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
+        record.mark_for_destruction if has_destroy_flag?(attributes) && allow_destroy
+      end
+
+      def unassignable_keys(assignment_opts)
+        assignment_opts[:without_protection] ? UNASSIGNABLE_KEYS - %w[id] : UNASSIGNABLE_KEYS
+      end
+    end
+  end
+end