protected_attributes_continued 1.5.0 → 1.6.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b10566280e992ec0bc867ca4d2c0b52f29c9e7b98aa197f523bc7e8930634197
|
|
4
|
+
data.tar.gz: b98a820d98f4828e5cd9a94ee96d8072112548b964576cdfab74a73c3660daa1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a57bc937ec7efe500d594ffdf3200b51265c7ff0e1dd14e5188d43a0495840b55728168585da2cc5bba5f1b4fb8cf769e83391eeca6118089251ce7b31012974
|
|
7
|
+
data.tar.gz: e0933854f707e6a810103bd49f3001dd3eecceeb4c08cbca3c69b0c5d7d3758884026c7da594833b3a3eb957dd8a372ff8e68e442680485e0b35388b68aff046
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Protected Attributes Continued
|
|
2
2
|
<a href="https://badge.fury.io/rb/protected_attributes_continued" target="_blank"><img height="21" style='border:0px;height:21px;' border='0' src="https://badge.fury.io/rb/protected_attributes_continued.svg" alt="Gem Version"></a>
|
|
3
|
-
<a href='https://travis-ci.
|
|
3
|
+
<a href='https://travis-ci.com/westonganger/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master' border='0' alt='Build Status' /></a>
|
|
4
4
|
<a href='https://rubygems.org/gems/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://ruby-gem-downloads-badge.herokuapp.com/protected_attributes_continued?label=rubygems&type=total&total_label=downloads&color=brightgreen' border='0' alt='RubyGems Downloads' /></a>
|
|
5
5
|
|
|
6
6
|
> This is the community continued version of `protected_attributes` for Rails 5+. I recommend you only use it to support legacy portions of your application that you do not want to upgrade. The Rails team dropped this feature and switched to `strong_parameters` because of security issues. However some applications simply cannot be upgraded or security like this is a non-issue. To continue supporting this feature going forward lets continue the work here.
|
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
### Original Rails Code - https://github.com/rails/rails/tree/master/activerecord/lib/active_record/associations
|
|
2
|
+
|
|
1
3
|
module ActiveRecord
|
|
2
4
|
module Associations
|
|
3
5
|
class Association
|
|
@@ -10,7 +12,6 @@ module ActiveRecord
|
|
|
10
12
|
record.assign_attributes(attributes, without_protection: true)
|
|
11
13
|
end
|
|
12
14
|
end
|
|
13
|
-
|
|
14
15
|
private :build_record
|
|
15
16
|
end
|
|
16
17
|
|
|
@@ -53,7 +54,6 @@ module ActiveRecord
|
|
|
53
54
|
end
|
|
54
55
|
end
|
|
55
56
|
end
|
|
56
|
-
|
|
57
57
|
private :create_record
|
|
58
58
|
end
|
|
59
59
|
|
|
@@ -76,29 +76,24 @@ module ActiveRecord
|
|
|
76
76
|
end
|
|
77
77
|
|
|
78
78
|
module ThroughAssociation
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
inverse = source_reflection.inverse_of
|
|
85
|
-
target = through_association.target
|
|
86
|
-
|
|
87
|
-
if inverse && target && !target.is_a?(Array)
|
|
88
|
-
attributes[inverse.foreign_key] = target.id
|
|
89
|
-
end
|
|
79
|
+
### Cant use respond_to?(method, true) because its a module instead of a class
|
|
80
|
+
undef :build_record if self.private_instance_methods.include?(:build_record)
|
|
81
|
+
def build_record(attributes, options={})
|
|
82
|
+
inverse = source_reflection.inverse_of
|
|
83
|
+
target = through_association.target
|
|
90
84
|
|
|
91
|
-
|
|
85
|
+
if inverse && target && !target.is_a?(Array)
|
|
86
|
+
attributes[inverse.foreign_key] = target.id
|
|
92
87
|
end
|
|
88
|
+
|
|
89
|
+
super(attributes, options)
|
|
90
|
+
end
|
|
91
|
+
private :build_record
|
|
93
92
|
end
|
|
94
93
|
|
|
95
94
|
class HasManyThroughAssociation
|
|
96
|
-
undef :build_record
|
|
97
|
-
undef :options_for_through_record if respond_to?(:options_for_through_record, false)
|
|
98
|
-
|
|
99
95
|
if ActiveRecord.version >= Gem::Version.new('5.2.3')
|
|
100
96
|
undef :build_through_record
|
|
101
|
-
|
|
102
97
|
def build_through_record(record)
|
|
103
98
|
@through_records[record.object_id] ||= begin
|
|
104
99
|
ensure_mutable
|
|
@@ -115,6 +110,7 @@ module ActiveRecord
|
|
|
115
110
|
private :build_through_record
|
|
116
111
|
end
|
|
117
112
|
|
|
113
|
+
undef :build_record
|
|
118
114
|
def build_record(attributes, options = {})
|
|
119
115
|
ensure_not_nested
|
|
120
116
|
|
|
@@ -133,6 +129,7 @@ module ActiveRecord
|
|
|
133
129
|
end
|
|
134
130
|
private :build_record
|
|
135
131
|
|
|
132
|
+
undef :options_for_through_record if respond_to?(:options_for_through_record, true)
|
|
136
133
|
def options_for_through_record
|
|
137
134
|
[through_scope_attributes, without_protection: true]
|
|
138
135
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: protected_attributes_continued
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Weston Ganger
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activemodel
|
|
@@ -154,7 +154,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
154
154
|
- !ruby/object:Gem::Version
|
|
155
155
|
version: '0'
|
|
156
156
|
requirements: []
|
|
157
|
-
rubygems_version: 3.
|
|
157
|
+
rubygems_version: 3.1.2
|
|
158
158
|
signing_key:
|
|
159
159
|
specification_version: 4
|
|
160
160
|
summary: Protect attributes from mass assignment in Active Record models
|