protected_attributes_continued 1.6.0 → 1.8.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b10566280e992ec0bc867ca4d2c0b52f29c9e7b98aa197f523bc7e8930634197
4
- data.tar.gz: b98a820d98f4828e5cd9a94ee96d8072112548b964576cdfab74a73c3660daa1
3
+ metadata.gz: 86d47e2aa9219271973c37cb944a3b5722c1d9667718eee090fbf3fe4df2c1de
4
+ data.tar.gz: c548ba06b3f2f884b2e6ec4e7ef8252755af23c837c2394d9212a9858e8334e9
5
5
  SHA512:
6
- metadata.gz: a57bc937ec7efe500d594ffdf3200b51265c7ff0e1dd14e5188d43a0495840b55728168585da2cc5bba5f1b4fb8cf769e83391eeca6118089251ce7b31012974
7
- data.tar.gz: e0933854f707e6a810103bd49f3001dd3eecceeb4c08cbca3c69b0c5d7d3758884026c7da594833b3a3eb957dd8a372ff8e68e442680485e0b35388b68aff046
6
+ metadata.gz: 74a4ee291ffbd2be19f45ddbee0bdd1b2b489bee22a4298399f814e140094551846bbf50cd4ac481c0ded209f8a80fa0cffb8d1c75c9d73c471d2eae00a133f2
7
+ data.tar.gz: c86f600a36c43204c193fd10558f7808857f578c4edbe3cf7af6425be7c7ba7ccc41c65c113305404f8dc18a90576550e66e605cc32185865f0642bd56053d8c
data/README.md CHANGED
@@ -1,9 +1,9 @@
1
1
  # Protected Attributes Continued
2
2
  <a href="https://badge.fury.io/rb/protected_attributes_continued" target="_blank"><img height="21" style='border:0px;height:21px;' border='0' src="https://badge.fury.io/rb/protected_attributes_continued.svg" alt="Gem Version"></a>
3
- <a href='https://travis-ci.com/westonganger/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master' border='0' alt='Build Status' /></a>
3
+ <a href='https://github.com/westonganger/protected_attributes_continued/actions' target='_blank'><img src="https://github.com/westonganger/protected_attributes_continued/workflows/Tests/badge.svg" style="max-width:100%;" height='21' style='border:0px;height:21px;' border='0' alt="CI Status"></a>
4
4
  <a href='https://rubygems.org/gems/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://ruby-gem-downloads-badge.herokuapp.com/protected_attributes_continued?label=rubygems&type=total&total_label=downloads&color=brightgreen' border='0' alt='RubyGems Downloads' /></a>
5
5
 
6
- > This is the community continued version of `protected_attributes` for Rails 5+. I recommend you only use it to support legacy portions of your application that you do not want to upgrade. The Rails team dropped this feature and switched to `strong_parameters` because of security issues. However some applications simply cannot be upgraded or security like this is a non-issue. To continue supporting this feature going forward lets continue the work here.
6
+ > This is the community continued version of [`protected_attributes`](https://github.com/rails/protected_attributes) for Rails 5+. The Rails team dropped this feature and switched to `strong_parameters`. However some applications simply cannot be upgraded or the reduced granularity in params management is a non-issue. To continue supporting this feature going forward we continue the work here.
7
7
 
8
8
  Protect attributes from mass-assignment in Active Record models. This gem adds the class methods `attr_accessible` and `attr_protected` to declare white or black lists of attributes.
9
9
 
@@ -98,7 +98,9 @@ Any protected attributes violation raises `ActiveModel::MassAssignmentSecurity::
98
98
 
99
99
  ## Contributing
100
100
 
101
- We use the `appraisal` gem for testing multiple versions of `Rails`. Please use the following steps to test using `appraisal`.
101
+ For quicker feedback during gem development or debugging feel free to use the provided `rake console` task. It is defined within the [`Rakefile`](./Rakefile).
102
+
103
+ We test multiple versions of `Rails` using the `appraisal` gem. Please use the following steps to test using `appraisal`.
102
104
 
103
105
  1. `bundle exec appraisal install`
104
106
  2. `bundle exec appraisal rake test`
@@ -107,7 +109,7 @@ We use the `appraisal` gem for testing multiple versions of `Rails`. Please use
107
109
 
108
110
  Created & Maintained by [Weston Ganger](https://westonganger.com) - [@westonganger](https://github.com/westonganger)
109
111
 
110
- Originally forked from the dead/unmaintained `protected_attributes` gem by the Rails team.
112
+ Originally forked from the dead/unmaintained [`protected_attributes`](https://github.com/rails/protected_attributes) gem by the Rails team.
111
113
 
112
114
  ## A Simple and Similar strong_params Alternative
113
115
 
@@ -116,9 +118,24 @@ While I do utilize this gem in some legacy projects. The latest approach I have
116
118
  ```ruby
117
119
  ### Model
118
120
  class Post < ActiveRecord::Base
121
+ has_many :comments
122
+
123
+ accepts_nested_attributes_for :comments, allow_destroy: true
124
+
119
125
  def self.strong_params(params)
120
- params.permit(:post).permit(:name, :content, :published_at)
126
+ params.permit(:post).permit(*PERMITTED_ATTRIBUTES)
121
127
  end
128
+
129
+ PERMITTED_PARAMETERS = [
130
+ :id,
131
+ :name,
132
+ :content,
133
+ :published_at,
134
+ {
135
+ comments_attributes: Comment::PERMITTED_PARAMETERS,
136
+ }
137
+ ].freeze
138
+
122
139
  end
123
140
 
124
141
  ### Controller
@@ -7,6 +7,7 @@ require "active_record/mass_assignment_security/nested_attributes"
7
7
  require "active_record/mass_assignment_security/persistence"
8
8
  require "active_record/mass_assignment_security/reflection"
9
9
  require "active_record/mass_assignment_security/relation"
10
+ require "active_record/mass_assignment_security/association_relation"
10
11
  require "active_record/mass_assignment_security/validations"
11
12
  require "active_record/mass_assignment_security/associations"
12
13
  require "active_record/mass_assignment_security/inheritance"
@@ -0,0 +1,45 @@
1
+ module ActiveRecord
2
+ class AssociationRelation
3
+ undef :new
4
+ undef :create
5
+ undef :create!
6
+
7
+ def build(attributes = nil, options = {}, &block)
8
+ block = protected_attributes_scope_block('new', block)
9
+ scoping { @association.build(attributes, options, &block) }
10
+ end
11
+ alias new build
12
+
13
+ def create(attributes = nil, options = {}, &block)
14
+ block = protected_attributes_scope_block('create', block)
15
+ scoping { @association.create(attributes, options, &block) }
16
+ end
17
+
18
+ def create!(attributes = nil, options = {}, &block)
19
+ block = protected_attributes_scope_block('create!', block)
20
+ scoping { @association.create!(attributes, options, &block) }
21
+ end
22
+
23
+ private
24
+
25
+ if ActiveRecord.gem_version < Gem::Version.new('6.0')
26
+
27
+ def protected_attributes_scope_block(_label, block)
28
+ block
29
+ end
30
+
31
+ elsif ActiveRecord.gem_version < Gem::Version.new('6.1')
32
+
33
+ def protected_attributes_scope_block(label, block)
34
+ _deprecated_scope_block(label, &block)
35
+ end
36
+
37
+ else
38
+
39
+ def protected_attributes_scope_block(_label, block)
40
+ current_scope_restoring_block(&block)
41
+ end
42
+
43
+ end
44
+ end
45
+ end
@@ -55,6 +55,18 @@ module ActiveRecord
55
55
  end
56
56
  end
57
57
  private :create_record
58
+
59
+ if ActiveRecord.version >= Gem::Version.new("6.0.4") && ActiveRecord.version < Gem::Version.new("6.1")
60
+ undef :build_record
61
+
62
+ def build_record(attributes, options)
63
+ previous = klass.current_scope(true) if block_given?
64
+ super
65
+ ensure
66
+ klass.current_scope = previous if previous
67
+ end
68
+ private :build_record
69
+ end
58
70
  end
59
71
 
60
72
  class CollectionProxy
@@ -92,7 +104,23 @@ module ActiveRecord
92
104
  end
93
105
 
94
106
  class HasManyThroughAssociation
95
- if ActiveRecord.version >= Gem::Version.new('5.2.3')
107
+ if ActiveRecord.version >= Gem::Version.new('6.1')
108
+ undef :build_through_record
109
+ def build_through_record(record)
110
+ @through_records[record] ||= begin
111
+ ensure_mutable
112
+
113
+ attributes = through_scope_attributes
114
+ attributes[source_reflection.name] = record
115
+ attributes[source_reflection.foreign_type] = options[:source_type] if options[:source_type]
116
+
117
+ # Pass in `without_protection: true` here because `options_for_through_record`
118
+ # was removed in https://github.com/rails/rails/pull/35799
119
+ through_association.build(attributes, without_protection: true)
120
+ end
121
+ end
122
+ private :build_through_record
123
+ elsif ActiveRecord.version >= Gem::Version.new('5.2.3')
96
124
  undef :build_through_record
97
125
  def build_through_record(record)
98
126
  @through_records[record.object_id] ||= begin
@@ -12,9 +12,17 @@ module ActiveRecord
12
12
 
13
13
  # The primary key and inheritance column can never be set by mass-assignment for security reasons.
14
14
  def attributes_protected_by_default
15
- default = [ primary_key, inheritance_column ]
16
- default << 'id' unless primary_key.eql? 'id'
17
- default
15
+ begin
16
+ default = [primary_key, inheritance_column]
17
+
18
+ if !primary_key.eql?('id')
19
+ default << 'id'
20
+ end
21
+ rescue ActiveRecord::NoDatabaseError
22
+ default = []
23
+ end
24
+
25
+ return default
18
26
  end
19
27
  end
20
28
 
@@ -1,3 +1,3 @@
1
1
  module ProtectedAttributes
2
- VERSION = "1.6.0".freeze
2
+ VERSION = "1.8.2".freeze
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: protected_attributes_continued
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.6.0
4
+ version: 1.8.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Weston Ganger
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-10-01 00:00:00.000000000 Z
11
+ date: 2021-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activemodel
@@ -66,20 +66,6 @@ dependencies:
66
66
  - - ">="
67
67
  - !ruby/object:Gem::Version
68
68
  version: '5.0'
69
- - !ruby/object:Gem::Dependency
70
- name: sqlite3
71
- requirement: !ruby/object:Gem::Requirement
72
- requirements:
73
- - - ">="
74
- - !ruby/object:Gem::Version
75
- version: '0'
76
- type: :development
77
- prerelease: false
78
- version_requirements: !ruby/object:Gem::Requirement
79
- requirements:
80
- - - ">="
81
- - !ruby/object:Gem::Version
82
- version: '0'
83
69
  - !ruby/object:Gem::Dependency
84
70
  name: mocha
85
71
  requirement: !ruby/object:Gem::Requirement
@@ -122,6 +108,7 @@ files:
122
108
  - lib/active_model/mass_assignment_security/permission_set.rb
123
109
  - lib/active_model/mass_assignment_security/sanitizer.rb
124
110
  - lib/active_record/mass_assignment_security.rb
111
+ - lib/active_record/mass_assignment_security/association_relation.rb
125
112
  - lib/active_record/mass_assignment_security/associations.rb
126
113
  - lib/active_record/mass_assignment_security/attribute_assignment.rb
127
114
  - lib/active_record/mass_assignment_security/core.rb
@@ -154,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
154
141
  - !ruby/object:Gem::Version
155
142
  version: '0'
156
143
  requirements: []
157
- rubygems_version: 3.1.2
144
+ rubygems_version: 3.1.4
158
145
  signing_key:
159
146
  specification_version: 4
160
147
  summary: Protect attributes from mass assignment in Active Record models