protected_attributes_continued 1.6.0 → 1.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +22 -5
- data/lib/active_record/mass_assignment_security.rb +1 -0
- data/lib/active_record/mass_assignment_security/association_relation.rb +45 -0
- data/lib/active_record/mass_assignment_security/associations.rb +29 -1
- data/lib/active_record/mass_assignment_security/attribute_assignment.rb +11 -3
- data/lib/protected_attributes/version.rb +1 -1
- metadata +4 -17
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 86d47e2aa9219271973c37cb944a3b5722c1d9667718eee090fbf3fe4df2c1de
|
4
|
+
data.tar.gz: c548ba06b3f2f884b2e6ec4e7ef8252755af23c837c2394d9212a9858e8334e9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 74a4ee291ffbd2be19f45ddbee0bdd1b2b489bee22a4298399f814e140094551846bbf50cd4ac481c0ded209f8a80fa0cffb8d1c75c9d73c471d2eae00a133f2
|
7
|
+
data.tar.gz: c86f600a36c43204c193fd10558f7808857f578c4edbe3cf7af6425be7c7ba7ccc41c65c113305404f8dc18a90576550e66e605cc32185865f0642bd56053d8c
|
data/README.md
CHANGED
@@ -1,9 +1,9 @@
|
|
1
1
|
# Protected Attributes Continued
|
2
2
|
<a href="https://badge.fury.io/rb/protected_attributes_continued" target="_blank"><img height="21" style='border:0px;height:21px;' border='0' src="https://badge.fury.io/rb/protected_attributes_continued.svg" alt="Gem Version"></a>
|
3
|
-
<a href='https://
|
3
|
+
<a href='https://github.com/westonganger/protected_attributes_continued/actions' target='_blank'><img src="https://github.com/westonganger/protected_attributes_continued/workflows/Tests/badge.svg" style="max-width:100%;" height='21' style='border:0px;height:21px;' border='0' alt="CI Status"></a>
|
4
4
|
<a href='https://rubygems.org/gems/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://ruby-gem-downloads-badge.herokuapp.com/protected_attributes_continued?label=rubygems&type=total&total_label=downloads&color=brightgreen' border='0' alt='RubyGems Downloads' /></a>
|
5
5
|
|
6
|
-
> This is the community continued version of `protected_attributes` for Rails 5+.
|
6
|
+
> This is the community continued version of [`protected_attributes`](https://github.com/rails/protected_attributes) for Rails 5+. The Rails team dropped this feature and switched to `strong_parameters`. However some applications simply cannot be upgraded or the reduced granularity in params management is a non-issue. To continue supporting this feature going forward we continue the work here.
|
7
7
|
|
8
8
|
Protect attributes from mass-assignment in Active Record models. This gem adds the class methods `attr_accessible` and `attr_protected` to declare white or black lists of attributes.
|
9
9
|
|
@@ -98,7 +98,9 @@ Any protected attributes violation raises `ActiveModel::MassAssignmentSecurity::
|
|
98
98
|
|
99
99
|
## Contributing
|
100
100
|
|
101
|
-
|
101
|
+
For quicker feedback during gem development or debugging feel free to use the provided `rake console` task. It is defined within the [`Rakefile`](./Rakefile).
|
102
|
+
|
103
|
+
We test multiple versions of `Rails` using the `appraisal` gem. Please use the following steps to test using `appraisal`.
|
102
104
|
|
103
105
|
1. `bundle exec appraisal install`
|
104
106
|
2. `bundle exec appraisal rake test`
|
@@ -107,7 +109,7 @@ We use the `appraisal` gem for testing multiple versions of `Rails`. Please use
|
|
107
109
|
|
108
110
|
Created & Maintained by [Weston Ganger](https://westonganger.com) - [@westonganger](https://github.com/westonganger)
|
109
111
|
|
110
|
-
Originally forked from the dead/unmaintained `protected_attributes` gem by the Rails team.
|
112
|
+
Originally forked from the dead/unmaintained [`protected_attributes`](https://github.com/rails/protected_attributes) gem by the Rails team.
|
111
113
|
|
112
114
|
## A Simple and Similar strong_params Alternative
|
113
115
|
|
@@ -116,9 +118,24 @@ While I do utilize this gem in some legacy projects. The latest approach I have
|
|
116
118
|
```ruby
|
117
119
|
### Model
|
118
120
|
class Post < ActiveRecord::Base
|
121
|
+
has_many :comments
|
122
|
+
|
123
|
+
accepts_nested_attributes_for :comments, allow_destroy: true
|
124
|
+
|
119
125
|
def self.strong_params(params)
|
120
|
-
params.permit(:post).permit(
|
126
|
+
params.permit(:post).permit(*PERMITTED_ATTRIBUTES)
|
121
127
|
end
|
128
|
+
|
129
|
+
PERMITTED_PARAMETERS = [
|
130
|
+
:id,
|
131
|
+
:name,
|
132
|
+
:content,
|
133
|
+
:published_at,
|
134
|
+
{
|
135
|
+
comments_attributes: Comment::PERMITTED_PARAMETERS,
|
136
|
+
}
|
137
|
+
].freeze
|
138
|
+
|
122
139
|
end
|
123
140
|
|
124
141
|
### Controller
|
@@ -7,6 +7,7 @@ require "active_record/mass_assignment_security/nested_attributes"
|
|
7
7
|
require "active_record/mass_assignment_security/persistence"
|
8
8
|
require "active_record/mass_assignment_security/reflection"
|
9
9
|
require "active_record/mass_assignment_security/relation"
|
10
|
+
require "active_record/mass_assignment_security/association_relation"
|
10
11
|
require "active_record/mass_assignment_security/validations"
|
11
12
|
require "active_record/mass_assignment_security/associations"
|
12
13
|
require "active_record/mass_assignment_security/inheritance"
|
@@ -0,0 +1,45 @@
|
|
1
|
+
module ActiveRecord
|
2
|
+
class AssociationRelation
|
3
|
+
undef :new
|
4
|
+
undef :create
|
5
|
+
undef :create!
|
6
|
+
|
7
|
+
def build(attributes = nil, options = {}, &block)
|
8
|
+
block = protected_attributes_scope_block('new', block)
|
9
|
+
scoping { @association.build(attributes, options, &block) }
|
10
|
+
end
|
11
|
+
alias new build
|
12
|
+
|
13
|
+
def create(attributes = nil, options = {}, &block)
|
14
|
+
block = protected_attributes_scope_block('create', block)
|
15
|
+
scoping { @association.create(attributes, options, &block) }
|
16
|
+
end
|
17
|
+
|
18
|
+
def create!(attributes = nil, options = {}, &block)
|
19
|
+
block = protected_attributes_scope_block('create!', block)
|
20
|
+
scoping { @association.create!(attributes, options, &block) }
|
21
|
+
end
|
22
|
+
|
23
|
+
private
|
24
|
+
|
25
|
+
if ActiveRecord.gem_version < Gem::Version.new('6.0')
|
26
|
+
|
27
|
+
def protected_attributes_scope_block(_label, block)
|
28
|
+
block
|
29
|
+
end
|
30
|
+
|
31
|
+
elsif ActiveRecord.gem_version < Gem::Version.new('6.1')
|
32
|
+
|
33
|
+
def protected_attributes_scope_block(label, block)
|
34
|
+
_deprecated_scope_block(label, &block)
|
35
|
+
end
|
36
|
+
|
37
|
+
else
|
38
|
+
|
39
|
+
def protected_attributes_scope_block(_label, block)
|
40
|
+
current_scope_restoring_block(&block)
|
41
|
+
end
|
42
|
+
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -55,6 +55,18 @@ module ActiveRecord
|
|
55
55
|
end
|
56
56
|
end
|
57
57
|
private :create_record
|
58
|
+
|
59
|
+
if ActiveRecord.version >= Gem::Version.new("6.0.4") && ActiveRecord.version < Gem::Version.new("6.1")
|
60
|
+
undef :build_record
|
61
|
+
|
62
|
+
def build_record(attributes, options)
|
63
|
+
previous = klass.current_scope(true) if block_given?
|
64
|
+
super
|
65
|
+
ensure
|
66
|
+
klass.current_scope = previous if previous
|
67
|
+
end
|
68
|
+
private :build_record
|
69
|
+
end
|
58
70
|
end
|
59
71
|
|
60
72
|
class CollectionProxy
|
@@ -92,7 +104,23 @@ module ActiveRecord
|
|
92
104
|
end
|
93
105
|
|
94
106
|
class HasManyThroughAssociation
|
95
|
-
if ActiveRecord.version >= Gem::Version.new('
|
107
|
+
if ActiveRecord.version >= Gem::Version.new('6.1')
|
108
|
+
undef :build_through_record
|
109
|
+
def build_through_record(record)
|
110
|
+
@through_records[record] ||= begin
|
111
|
+
ensure_mutable
|
112
|
+
|
113
|
+
attributes = through_scope_attributes
|
114
|
+
attributes[source_reflection.name] = record
|
115
|
+
attributes[source_reflection.foreign_type] = options[:source_type] if options[:source_type]
|
116
|
+
|
117
|
+
# Pass in `without_protection: true` here because `options_for_through_record`
|
118
|
+
# was removed in https://github.com/rails/rails/pull/35799
|
119
|
+
through_association.build(attributes, without_protection: true)
|
120
|
+
end
|
121
|
+
end
|
122
|
+
private :build_through_record
|
123
|
+
elsif ActiveRecord.version >= Gem::Version.new('5.2.3')
|
96
124
|
undef :build_through_record
|
97
125
|
def build_through_record(record)
|
98
126
|
@through_records[record.object_id] ||= begin
|
@@ -12,9 +12,17 @@ module ActiveRecord
|
|
12
12
|
|
13
13
|
# The primary key and inheritance column can never be set by mass-assignment for security reasons.
|
14
14
|
def attributes_protected_by_default
|
15
|
-
|
16
|
-
|
17
|
-
|
15
|
+
begin
|
16
|
+
default = [primary_key, inheritance_column]
|
17
|
+
|
18
|
+
if !primary_key.eql?('id')
|
19
|
+
default << 'id'
|
20
|
+
end
|
21
|
+
rescue ActiveRecord::NoDatabaseError
|
22
|
+
default = []
|
23
|
+
end
|
24
|
+
|
25
|
+
return default
|
18
26
|
end
|
19
27
|
end
|
20
28
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: protected_attributes_continued
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.8.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Weston Ganger
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-07-13 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activemodel
|
@@ -66,20 +66,6 @@ dependencies:
|
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
68
|
version: '5.0'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: sqlite3
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - ">="
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - ">="
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0'
|
83
69
|
- !ruby/object:Gem::Dependency
|
84
70
|
name: mocha
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
@@ -122,6 +108,7 @@ files:
|
|
122
108
|
- lib/active_model/mass_assignment_security/permission_set.rb
|
123
109
|
- lib/active_model/mass_assignment_security/sanitizer.rb
|
124
110
|
- lib/active_record/mass_assignment_security.rb
|
111
|
+
- lib/active_record/mass_assignment_security/association_relation.rb
|
125
112
|
- lib/active_record/mass_assignment_security/associations.rb
|
126
113
|
- lib/active_record/mass_assignment_security/attribute_assignment.rb
|
127
114
|
- lib/active_record/mass_assignment_security/core.rb
|
@@ -154,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
154
141
|
- !ruby/object:Gem::Version
|
155
142
|
version: '0'
|
156
143
|
requirements: []
|
157
|
-
rubygems_version: 3.1.
|
144
|
+
rubygems_version: 3.1.4
|
158
145
|
signing_key:
|
159
146
|
specification_version: 4
|
160
147
|
summary: Protect attributes from mass assignment in Active Record models
|