RubyGems - protected_attributes_continued - Versions diffs - 1.2.4 → 1.3.0 - Mend

protected_attributes_continued 1.2.4 → 1.3.0

Files changed (12) hide show

checksums.yaml +4 -4
data/README.md +23 -20
data/lib/active_model/mass_assignment_security.rb +1 -5
data/lib/active_record/mass_assignment_security.rb +0 -4
data/lib/active_record/mass_assignment_security/core.rb +15 -0
data/lib/active_record/mass_assignment_security/inheritance.rb +3 -1
data/lib/active_record/mass_assignment_security/nested_attributes.rb +2 -6
data/lib/active_record/mass_assignment_security/relation.rb +3 -3
data/lib/protected_attributes.rb +0 -1
data/lib/protected_attributes/version.rb +1 -1
data/lib/protected_attributes_continued.rb +0 -18
metadata +19 -45

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 56c3f71108cf6ddd82e5741e05fcec365779f2e3
-  data.tar.gz: ea0bc67a868cdb1a851c7049c0f0dd089311f8c7
+  metadata.gz: 2eb844e472b4ede262323c067507b498ad29bd27
+  data.tar.gz: a2c7241c8c82757901c5e065d39a0adbc8dfd5bb
 SHA512:
-  metadata.gz: b13e67349efef0c75fa9f6661048245185e4c4996a07d9c1a31f338078cb9eaea1054de1687c2d1cfcd0e965d217a91278d8e4a8b710860a767d2e6c57896823
-  data.tar.gz: 3e5a645d5fd009a65c8071198696afab5a5548ebe60afe3012952a2260e26d5c0382aa78a368603e2fa6a35db0f0c94528dc555e914ab393cba05a77aaa8dcd1
+  metadata.gz: 7d9e0f27404e0f676ed38fc118da71dbc1e9dfa682bb632de1eadc33a96299277793b017467b0f3746ebdbf3bfe80aba726399124536b035b63e5f8827562e6b
+  data.tar.gz: 1ccfdcb731a28be930dee878c1d1d474ecb41a5f40636d96a899d6a8d26a09c8fde2ab403d98da73b1663f539df5ee2c1f48040be585932d474ce1d398c9e94b

data/README.md CHANGED Viewed

@@ -2,24 +2,26 @@
 [![Build Status](https://api.travis-ci.org/westonganger/protected_attributes_continued.svg?branch=master)](https://travis-ci.org/westonganger/protected_attributes_continued)
-This is the community continued version of `protected_attributes`. I have created this new repo and changed the name because the Rails team refuses to support the `protected_attributes` gem for Rails 5. For people who would like to continue using this feature in their Rails 5 apps lets continue here. I am currently_using this successfully in number of Rails 5 production apps.
+This is the community continued version of `protected_attributes`. It works with Rails 5 only and I recommend you only use it to support legacy portions of your application that you do not want to upgrade. Note that this feature was dropped by the Rails team and switched to strong_parameters because of security issues, just so you understand your risks. This is in use successfully in some of my Rails 5 apps in which security like this is a non-issue. For people who would like to continue using this feature in their Rails 5 apps lets continue the work here.
 Protect attributes from mass-assignment in Active Record models.
 This plugin adds the class methods `attr_accessible` and `attr_protected` to your models to be able to declare white or black lists of attributes.
 ## Installation
 Add this line to your application's `Gemfile`:
-    gem 'protected_attributes_continued'
+```ruby
+gem 'protected_attributes_continued'
+```
 And then execute:
-    bundle install
+```ruby
+bundle install
+```
 ## Usage
@@ -32,19 +34,19 @@ attr_protected :admin
 `attr_protected` also optionally takes a role option using `:as` which allows you to define multiple mass-assignment groupings. If no role is defined then attributes will be added to the `:default` role.
 ```ruby
-attr_protected :last_login, :as => :admin
+attr_protected :last_login, as: :admin
 ```
 A much better way, because it follows the whitelist-principle, is the `attr_accessible` method. It is the exact opposite of `attr_protected`, because it takes a list of attributes that will be mass-assigned if present. Any other attributes will be ignored. This way you won’t forget to protect attributes when adding new ones in the course of development. Here is an example:
 ```ruby
 attr_accessible :name
-attr_accessible :name, :is_admin, :as => :admin
+attr_accessible :name, :is_admin, as: :admin
 ```
 If you want to set a protected attribute, you will have to assign it individually:
 ```ruby
-params[:user] # => {:name => "owned", :is_admin => true}
+params[:user] # => {name: "owned", is_admin: true}
 @user = User.new(params[:user])
 @user.is_admin # => false, not mass-assigned
 @user.is_admin = true
@@ -58,15 +60,15 @@ You can also bypass mass-assignment security by using the `:without_protection`
 ```ruby
 @user = User.new
-@user.assign_attributes(:name => 'Josh', :is_admin => true)
+@user.assign_attributes(name: 'Josh', is_admin: true)
 @user.name # => Josh
 @user.is_admin # => false
-@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :as => :admin)
+@user.assign_attributes({ name: 'Josh', is_admin: true }, as: :admin)
 @user.name # => Josh
 @user.is_admin # => true
-@user.assign_attributes({ :name => 'Josh', :is_admin => true }, :without_protection => true)
+@user.assign_attributes({ name: 'Josh', is_admin: true }, without_protection: true)
 @user.name # => Josh
 @user.is_admin # => true
 ```
@@ -74,18 +76,18 @@ You can also bypass mass-assignment security by using the `:without_protection`
 In a similar way, `new`, `create`, `create!`, `update_attributes` and `update_attributes!` methods all respect mass-assignment security and accept either `:as` or `:without_protection` options. For example:
 ```ruby
-@user = User.new({ :name => 'Sebastian', :is_admin => true }, :as => :admin)
+@user = User.new({ name: 'Sebastian', is_admin: true }, as: :admin)
 @user.name # => Sebastian
 @user.is_admin # => true
-@user = User.create({ :name => 'Sebastian', :is_admin => true }, :without_protection => true)
+@user = User.create({ name: 'Sebastian', is_admin: true }, without_protection: true)
 @user.name # => Sebastian
 @user.is_admin # => true
 ```
 By default the gem will use the strong parameters protection when assigning attribute, unless your model has `attr_accessible` or `attr_protected` calls.
-### Errors
+## Errors
 By default, attributes in the params hash which are not allowed to be updated are just ignored. If you prefer an exception to be raised configure:
@@ -95,10 +97,11 @@ config.active_record.mass_assignment_sanitizer = :strict
 Any protected attributes violation raises `ActiveModel::MassAssignmentSecurity::Error` then.
-## Contributing
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+# Credits
+Created and Maintained by [Weston Ganger - @westonganger](https://github.com/westonganger)
+Originally forked from the dead/unmaintained `protected_attributes` gem by the Rails team.
+<a href='https://ko-fi.com/A5071NK' target='_blank'><img height='32' style='border:0px;height:32px;' src='https://az743702.vo.msecnd.net/cdn/kofi1.png?v=a' border='0' alt='Buy Me a Coffee' /></a>

data/lib/active_model/mass_assignment_security.rb CHANGED Viewed

@@ -323,11 +323,7 @@ module ActiveModel
       #   customer.assign_attributes(name: 'David')
       #   # => StandardError: StandardError
       def mass_assignment_sanitizer=(value)
-        self._mass_assignment_sanitizer = if value.is_a?(Symbol)
-          const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
-        else
-          value
-        end
+        self._mass_assignment_sanitizer = value.is_a?(Symbol) ? const_get(:"#{value.to_s.camelize}Sanitizer").new(self) : value
       end
       private

data/lib/active_record/mass_assignment_security.rb CHANGED Viewed

@@ -1,9 +1,5 @@
 require "active_record"
-def active_record_40?
-  ActiveRecord::VERSION::MAJOR == 4 && ActiveRecord::VERSION::MINOR == 0
-end
 require "active_record/mass_assignment_security/associations"
 require "active_record/mass_assignment_security/attribute_assignment"
 require "active_record/mass_assignment_security/core"

data/lib/active_record/mass_assignment_security/core.rb CHANGED Viewed

@@ -2,6 +2,20 @@ module ActiveRecord
   module MassAssignmentSecurity
     module Core
+      def initialize(attributes = nil, options = {})
+        self.class.define_attribute_methods
+        @attributes = self.class._default_attributes.deep_dup
+        init_internals
+        initialize_internals_callback
+        # +options+ argument is only needed to make protected_attributes gem easier to hook.
+        init_attributes(attributes, options) if attributes
+        yield self if block_given?
+        _run_initialize_callbacks
+      end
       private
       def init_attributes(attributes, options)
@@ -12,6 +26,7 @@ module ActiveRecord
         super
         @mass_assignment_options = nil
       end
     end
   end
 end

data/lib/active_record/mass_assignment_security/inheritance.rb CHANGED Viewed

@@ -4,7 +4,9 @@ module ActiveRecord
       extend ActiveSupport::Concern
       module ClassMethods
-      private
+        private
         # Detect the subclass from the inheritance column of attrs. If the inheritance column value
         # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound
         # If this is a StrongParameters hash, and access to inheritance_column is not permitted,

data/lib/active_record/mass_assignment_security/nested_attributes.rb CHANGED Viewed

@@ -15,11 +15,7 @@ module ActiveRecord
           attr_names.each do |association_name|
             if reflection = reflect_on_association(association_name)
-              if active_record_40?
-                reflection.options[:autosave] = true
-              else
-                reflection.autosave = true
-              end
+              reflection.autosave = true
               add_autosave_association_callbacks(reflection)
               nested_attributes_options = self.nested_attributes_options.dup
@@ -28,7 +24,7 @@ module ActiveRecord
               type = (reflection.collection? ? :collection : :one_to_one)
-              generated_methods_module = active_record_40? ? generated_feature_methods : generated_association_methods
+              generated_methods_module = generated_association_methods
               # def pirate_attributes=(attributes)
               #   assign_nested_attributes_for_one_to_one_association(:pirate, attributes, mass_assignment_options)

data/lib/active_record/mass_assignment_security/relation.rb CHANGED Viewed

@@ -50,15 +50,15 @@ module ActiveRecord
     end
     def find_or_initialize_by(attributes, options = {}, &block)
-      find_by(attributes) || new(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || new(attributes, options, &block)
     end
     def find_or_create_by(attributes, options = {}, &block)
-      find_by(attributes) || create(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || create(attributes, options, &block)
     end
     def find_or_create_by!(attributes, options = {}, &block)
-      find_by(attributes) || create!(attributes, options, &block)
+      find_by(attributes.respond_to?(:to_unsafe_h) ? attributes.to_unsafe_h : attributes) || create!(attributes, options, &block)
     end
   end

data/lib/protected_attributes.rb CHANGED Viewed

@@ -1,4 +1,3 @@
-require 'active_record/core'
 require "active_model/mass_assignment_security"
 require "protected_attributes/railtie" if defined? Rails::Railtie
 require "protected_attributes/version"

data/lib/protected_attributes/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module ProtectedAttributes
-  VERSION = "1.2.4"
+  VERSION = "1.3.0"
 end

data/lib/protected_attributes_continued.rb CHANGED Viewed

@@ -1,19 +1 @@
 require "protected_attributes"
-module ActiveRecord
-  module Core
-    def initialize(attributes = nil, options = {})
-      @attributes = self.class._default_attributes.dup
-      self.class.define_attribute_methods
-      init_internals
-      initialize_internals_callback
-      # +options+ argument is only needed to make protected_attributes gem easier to hook.
-      init_attributes(attributes, options) if attributes
-      yield self if block_given?
-      _run_initialize_callbacks
-    end
-  end
-end

metadata CHANGED Viewed

@@ -1,96 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: protected_attributes_continued
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.3.0
 platform: ruby
 authors:
-- David Heinemeier Hansson
 - Weston Ganger
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-09-22 00:00:00.000000000 Z
+date: 2017-05-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activemodel
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: activerecord
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: actionpack
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: railties
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 4.0.1
-    - - "<"
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '6.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: sqlite3
   requirement: !ruby/object:Gem::Requirement
@@ -121,7 +96,6 @@ dependencies:
         version: '0'
 description: Protect attributes from mass assignment
 email:
-- david@loudthinking.com
 - westonganger@gmail.com
 executables: []
 extensions: []
@@ -167,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.5.1
+rubygems_version: 2.6.8
 signing_key:
 specification_version: 4
 summary: Protect attributes from mass assignment in Active Record models