protected_attributes_continued 1.7.0 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4cc976fa47e5942c610f0ba64d976c46e83797255c60fd504f79e30677164632
-  data.tar.gz: 3127f37fc4fb6222ed6fbef07fedbe449a65fd5caa919d3a43bc65c17f86c2c2
+  metadata.gz: 3a53af38e43c5d8fee4bf8cb3f199422844d27b7104ac13e3c31b7bdc7af192a
+  data.tar.gz: 318cd88bd28f923e8ba90c5dc9e8e837cab4427501adde30b1797ab24234c96d
 SHA512:
-  metadata.gz: f7776d77b1898ee1b0b9713102a1be01c9de945f7cb23160a00a3af4f205f15f05ca9e6f58bc5510e4cb68606174fe1d6a835a9a2756ff866cd7849a54fcadaf
-  data.tar.gz: c821bb84db6db202e524a535c7b098e2976cd423946e95325fc421f88d35077e645e166ae10f9f01f82de0e52d2decdb1781690806392a661ea9d8fecd8444de
+  metadata.gz: d9dcf4759ad7112b4b8d3191c28458ae8aa36503ae945fc481ca798e1c3e4f86bc815fc63da6d0dee616f88b70563c30e8d5a19da6ac26c05eecdf99172a2540
+  data.tar.gz: d3ffa567d9ce6896bb1ddd398a796eef5bedbf090dc08e8b00db56cdc4b132cc9776ed42b48a637382b1027dff2f40a419a8f7f4e965132ac996b21b00043e90

data/README.md

@@ -1,9 +1,9 @@
 # Protected Attributes Continued
 <a href="https://badge.fury.io/rb/protected_attributes_continued" target="_blank"><img height="21" style='border:0px;height:21px;' border='0' src="https://badge.fury.io/rb/protected_attributes_continued.svg" alt="Gem Version"></a>
-<a href='https://travis-ci.com/westonganger/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master' border='0' alt='Build Status' /></a>
+<a href='https://github.com/westonganger/protected_attributes_continued/actions' target='_blank'><img src="https://github.com/westonganger/protected_attributes_continued/workflows/Tests/badge.svg" style="max-width:100%;" height='21' style='border:0px;height:21px;' border='0' alt="CI Status"></a>
 <a href='https://rubygems.org/gems/protected_attributes_continued' target='_blank'><img height='21' style='border:0px;height:21px;' src='https://ruby-gem-downloads-badge.herokuapp.com/protected_attributes_continued?label=rubygems&type=total&total_label=downloads&color=brightgreen' border='0' alt='RubyGems Downloads' /></a>
 
-> This is the community continued version of [`protected_attributes`](https://github.com/rails/protected_attributes) for Rails 5+. I recommend you only use it to support legacy portions of your application that you do not want to upgrade. The Rails team dropped this feature and switched to `strong_parameters` because of security issues. However some applications simply cannot be upgraded or security like this is a non-issue. To continue supporting this feature going forward lets continue the work here.
+> This is the community continued version of [`protected_attributes`](https://github.com/rails/protected_attributes) for Rails 5+. The Rails team dropped this feature and switched to `strong_parameters`. However some applications simply cannot be upgraded or the reduced granularity in params management is a non-issue. To continue supporting this feature going forward we continue the work here.
 
 Protect attributes from mass-assignment in Active Record models. This gem adds the class methods `attr_accessible` and `attr_protected` to declare white or black lists of attributes.
 
@@ -98,7 +98,7 @@ Any protected attributes violation raises `ActiveModel::MassAssignmentSecurity::
 
 ## Contributing
 
-For quicker feedback during gem development or debugging feel free to use the provided `rake console` task. It is defined within the [`Rakefile`](https://github.com/westonganger/protected_attributes_continued/blob/master/Rakefile).
+For quicker feedback during gem development or debugging feel free to use the provided `rake console` task. It is defined within the [`Rakefile`](./Rakefile).
 
 We test multiple versions of `Rails` using the `appraisal` gem. Please use the following steps to test using `appraisal`.
 
@@ -118,9 +118,24 @@ While I do utilize this gem in some legacy projects. The latest approach I have
 ```ruby
 ### Model
 class Post < ActiveRecord::Base
+  has_many :comments
+
+  accepts_nested_attributes_for :comments, allow_destroy: true
+  
   def self.strong_params(params)
-    params.permit(:post).permit(:name, :content, :published_at)
+    params.permit(:post).permit(*PERMITTED_ATTRIBUTES)
   end
+  
+  PERMITTED_PARAMETERS = [
+    :id,
+    :name,
+    :content,
+    :published_at,
+    {
+      comments_attributes: Comment::PERMITTED_PARAMETERS,
+    }
+  ].freeze
+  
 end
 
 ### Controller

data/lib/active_record/mass_assignment_security/association_relation.rb

@@ -1,27 +1,33 @@
-if ActiveRecord::VERSION::MAJOR >= 6
+module ActiveRecord
+  class AssociationRelation
+    undef :new
+    undef :create
+    undef :create!
 
-  module ActiveRecord
-    class AssociationRelation
-      undef :new
-      undef :create
-      undef :create!
-
-      def build(attributes = nil, options = {}, &block)
-        block = _deprecated_scope_block("new", &block)
+    def build(attributes = nil, options = {}, &block)
+      if ActiveRecord::VERSION::STRING.to_f < 5.2
         scoping { @association.build(attributes, options, &block) }
+      else
+        @association.build(attributes, options, &block)
       end
-      alias new build
+    end
+    alias new build
 
-      def create(attributes = nil, options = {}, &block)
-        block = _deprecated_scope_block("create", &block)
+    def create(attributes = nil, options = {}, &block)
+      if ActiveRecord::VERSION::STRING.to_f < 5.2
         scoping { @association.create(attributes, options, &block) }
+      else
+        @association.create(attributes, options, &block)
       end
+    end
 
-      def create!(attributes = nil, options = {}, &block)
-        block = _deprecated_scope_block("create!", &block)
+    def create!(attributes = nil, options = {}, &block)
+      if ActiveRecord::VERSION::STRING.to_f < 5.2
         scoping { @association.create!(attributes, options, &block) }
+      else
+        @association.create!(attributes, options, &block)
       end
     end
-  end
 
+  end
 end

data/lib/active_record/mass_assignment_security/attribute_assignment.rb

@@ -12,9 +12,17 @@ module ActiveRecord
 
         # The primary key and inheritance column can never be set by mass-assignment for security reasons.
         def attributes_protected_by_default
-          default = [ primary_key, inheritance_column ]
-          default << 'id' unless primary_key.eql? 'id'
-          default
+          begin
+            default = [primary_key, inheritance_column]
+
+            if !primary_key.eql?('id')
+              default << 'id'
+            end
+          rescue ActiveRecord::NoDatabaseError
+            default = []
+          end
+
+          return default
         end
       end
 

data/lib/protected_attributes/version.rb

@@ -1,3 +1,3 @@
 module ProtectedAttributes
-  VERSION = "1.7.0".freeze
+  VERSION = "1.8.0".freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protected_attributes_continued
 version: !ruby/object:Gem::Version
-  version: 1.7.0
+  version: 1.8.0
 platform: ruby
 authors:
 - Weston Ganger
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-10-25 00:00:00.000000000 Z
+date: 2021-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
@@ -66,20 +66,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '5.0'
-- !ruby/object:Gem::Dependency
-  name: sqlite3
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement