protector 0.4.1 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: e15f3c1ee4395642576ca756587e32adc363b461
-  data.tar.gz: f18f5e9a33d866c903e7f8be1db3425daa97ad67
+  metadata.gz: 260447659aefa18d02fe15039a7f33ba3d8c39e7
+  data.tar.gz: 82d8f778b44ed5b10063d9b527df7b841181315d
 SHA512:
-  metadata.gz: 61613c761e8e2193ed7d87521e1469af9fb9997f7bf0dc52f247302f179df8bbeee6f2eef3d636447d0cc250b706b819af88b2493e02e1c56b85f0a831e92eeb
-  data.tar.gz: 18fd32ceb5907097d297a61f73db4a2b0aa5fe306d606cd735e6796ac49fec7852758912a6745d5052e4e69f8ef864b6405c3fb9a907f78e6f81b31adac4a450
+  metadata.gz: f4b8e1b04ccef3bc2650f3b210fded9a83306a792cd60909ccef8c8aacb73b6a56d083506d619ae10d9baf97c4e2e4b2979f8518aa49bfa592ef15748d0253b5
+  data.tar.gz: 377952116d10b58e86e0c151ac89aa2bbf7e41cd94ee756e14497dd0cf2f11303d7bcdafa6380d557e4577400ced122f08c521766f38de0eb91188f7bc04d960

data/.gitignore

@@ -15,3 +15,4 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+spec/internal/log

data/Appraisals

@@ -8,6 +8,19 @@ appraise "AR_4" do
   gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
 end
 
+appraise "Rails_3.2" do
+  gem "combustion", github: 'pat/combustion'
+  gem "rails", "3.2.13"
+  gem "strong_parameters"
+  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
+end
+
+appraise "Rails_4" do
+  gem "combustion", github: 'pat/combustion'
+  gem "rails", "4.0.0"
+  gem "activerecord-jdbcsqlite3-adapter", platform: :jruby, github: "jruby/activerecord-jdbc-adapter"
+end
+
 appraise "Sequel" do
   gem "sequel", "3.30.0"
 end

data/Gemfile

@@ -5,8 +5,6 @@ gem 'rake'
 gem 'colored'
 gem 'pry'
 gem 'rspec'
-gem 'guard'
-gem 'guard-rspec'
 
 gem 'appraisal'
 

data/README.md

@@ -20,7 +20,8 @@ We are working hard to extend the list with:
 
 Protector is an extension and therefore hides deeply inside your ORM library making itself compatible to the most gems you use. Sometimes however, you might need additional integration to take the best from it:
 
-  * [Protector::SimpleForm](https://github.com/deversus/protector-simple_form)
+  * [Protector and Strong Parameters](https://github.com/inossidabile/protector/wiki/Protector-and-Strong-Parameters)
+  * [Protector and SimpleForm](https://github.com/inossidabile/protector/wiki/Protector-and-SimpleForm)
 
 ## Basics
 
@@ -207,9 +208,10 @@ Where "ActiveRecord" is the adapter you are about to use. It can be "Sequel", "D
 
 ## Options
 
-Use `Protector.option = value` to assign an option. Available options are:
+Use `Protector.config.option = value` to assign an option. Available options are:
 
   * **paranoid**: makes scope management white-listed. If set to `true` will force Protector to return empty scope when no scope was given within a protection block.
+  * **strong_parameters**: set to `false` to disable built-in [Strong Parameters integration](https://github.com/inossidabile/protector/wiki/Protector-and-Strong-Parameters).
 
 Protector features basic Rails integration so you can assign options using `config.protector.option = value` at your `config/*.rb`.
 

data/gemfiles/AR_3.2.gemfile.lock

@@ -10,7 +10,7 @@ GIT
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.4.1)
+    protector (0.5.0)
       activesupport
       i18n
 

data/gemfiles/AR_4.gemfile.lock

@@ -1,12 +1,16 @@
 GIT
   remote: git://github.com/jruby/activerecord-jdbc-adapter.git
-  revision: 178d6177ae874a00e07f514e293eaa58d26dca5d
+  revision: cf50772153fbf0db5e8a4a2025da32954e625df1
   specs:
+    activerecord-jdbc-adapter (1.3.0.beta2)
+    activerecord-jdbcsqlite3-adapter (1.3.0.beta2)
+      activerecord-jdbc-adapter (~> 1.3.0.beta2)
+      jdbc-sqlite3 (~> 3.7.2)
 
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.4.1)
+    protector (0.5.0)
       activesupport
       i18n
 
@@ -33,6 +37,7 @@ GEM
       rake
     arel (4.0.0)
     atomic (1.1.10)
+    atomic (1.1.10-java)
     builder (3.1.4)
     coderay (1.0.9)
     colored (1.2)
@@ -45,6 +50,7 @@ GEM
       thor
     diff-lcs (1.2.4)
     ffi (1.9.0)
+    ffi (1.9.0-java)
     formatador (0.2.4)
     guard (1.8.1)
       formatador (>= 0.2.4)
@@ -56,6 +62,7 @@ GEM
       guard (>= 1.8)
       rspec (~> 2.13)
     i18n (0.6.4)
+    jdbc-sqlite3 (3.7.2)
     listen (1.2.2)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
@@ -69,6 +76,11 @@ GEM
       coderay (~> 1.0.5)
       method_source (~> 0.8)
       slop (~> 3.4)
+    pry (0.9.12.2-java)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+      spoon (~> 0.0)
     rake (10.1.0)
     rb-fsevent (0.9.3)
     rb-inotify (0.9.0)
@@ -91,6 +103,8 @@ GEM
       simplecov-html (~> 0.7.1)
     simplecov-html (0.7.1)
     slop (3.4.5)
+    spoon (0.0.4)
+      ffi
     sqlite3 (1.3.7)
     thor (0.18.1)
     thread_safe (0.1.0)
@@ -98,6 +112,7 @@ GEM
     tzinfo (0.3.37)
 
 PLATFORMS
+  java
   ruby
 
 DEPENDENCIES

data/gemfiles/Rails_3.2.gemfile

@@ -0,0 +1,21 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rake"
+gem "colored"
+gem "pry"
+gem "rspec"
+gem "guard"
+gem "guard-rspec"
+gem "appraisal"
+gem "sqlite3", :platform=>:ruby
+gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
+gem "coveralls", :require=>false
+gem "ruby-prof", :platform=>:ruby
+gem "combustion", :github=>"pat/combustion"
+gem "rails", "3.2.13"
+gem "strong_parameters"
+gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
+
+gemspec :path=>"../"

data/gemfiles/Rails_3.2.gemfile.lock

@@ -0,0 +1,196 @@
+GIT
+  remote: git://github.com/jruby/activerecord-jdbc-adapter.git
+  revision: cf50772153fbf0db5e8a4a2025da32954e625df1
+  specs:
+    activerecord-jdbc-adapter (1.3.0.beta2)
+    activerecord-jdbcsqlite3-adapter (1.3.0.beta2)
+      activerecord-jdbc-adapter (~> 1.3.0.beta2)
+      jdbc-sqlite3 (~> 3.7.2)
+
+GIT
+  remote: git://github.com/pat/combustion.git
+  revision: 5141f8412cff75c496692f49755d38d23e587db8
+  specs:
+    combustion (0.5.0)
+      activesupport (>= 3.0.0)
+      railties (>= 3.0.0)
+      thor (>= 0.14.6)
+
+PATH
+  remote: /Users/inossidabile/Repos/protector
+  specs:
+    protector (0.5.0)
+      activesupport
+      i18n
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (3.2.13)
+      actionpack (= 3.2.13)
+      mail (~> 2.5.3)
+    actionpack (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (3.0.2)
+    builder (3.0.4)
+    coderay (1.0.9)
+    colored (1.2)
+    colorize (0.5.8)
+    coveralls (0.6.7)
+      colorize
+      multi_json (~> 1.3)
+      rest-client
+      simplecov (>= 0.7)
+      thor
+    diff-lcs (1.2.4)
+    erubis (2.7.0)
+    ffi (1.9.0)
+    ffi (1.9.0-java)
+    formatador (0.2.4)
+    guard (1.8.1)
+      formatador (>= 0.2.4)
+      listen (>= 1.0.0)
+      lumberjack (>= 1.0.2)
+      pry (>= 0.9.10)
+      thor (>= 0.14.6)
+    guard-rspec (3.0.2)
+      guard (>= 1.8)
+      rspec (~> 2.13)
+    hike (1.2.3)
+    i18n (0.6.1)
+    jdbc-sqlite3 (3.7.2)
+    journey (1.0.4)
+    json (1.8.0)
+    json (1.8.0-java)
+    listen (1.2.2)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      rb-kqueue (>= 0.2)
+    lumberjack (1.0.4)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    method_source (0.8.1)
+    mime-types (1.23)
+    multi_json (1.7.7)
+    polyglot (0.3.3)
+    pry (0.9.12.2)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    pry (0.9.12.2-java)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+      spoon (~> 0.0)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13)
+      actionmailer (= 3.2.13)
+      actionpack (= 3.2.13)
+      activerecord (= 3.2.13)
+      activeresource (= 3.2.13)
+      activesupport (= 3.2.13)
+      bundler (~> 1.0)
+      railties (= 3.2.13)
+    railties (3.2.13)
+      actionpack (= 3.2.13)
+      activesupport (= 3.2.13)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.1.0)
+    rb-fsevent (0.9.3)
+    rb-inotify (0.9.0)
+      ffi (>= 0.5.0)
+    rb-kqueue (0.2.0)
+      ffi (>= 0.5.0)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.2)
+    rspec-expectations (2.14.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.1)
+    ruby-prof (0.13.0)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    slop (3.4.5)
+    spoon (0.0.4)
+      ffi
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sqlite3 (1.3.7)
+    strong_parameters (0.2.1)
+      actionpack (~> 3.0)
+      activemodel (~> 3.0)
+      railties (~> 3.0)
+    thor (0.18.1)
+    tilt (1.4.1)
+    treetop (1.4.14)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbcsqlite3-adapter!
+  appraisal
+  colored
+  combustion!
+  coveralls
+  guard
+  guard-rspec
+  jdbc-sqlite3
+  protector!
+  pry
+  rails (= 3.2.13)
+  rake
+  rspec
+  ruby-prof
+  sqlite3
+  strong_parameters

data/gemfiles/Rails_4.gemfile

@@ -0,0 +1,20 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rake"
+gem "colored"
+gem "pry"
+gem "rspec"
+gem "guard"
+gem "guard-rspec"
+gem "appraisal"
+gem "sqlite3", :platform=>:ruby
+gem "jdbc-sqlite3", :platform=>:jruby, :require=>"jdbc/sqlite3"
+gem "coveralls", :require=>false
+gem "ruby-prof", :platform=>:ruby
+gem "combustion", :github=>"pat/combustion"
+gem "rails", "4.0.0"
+gem "activerecord-jdbcsqlite3-adapter", :platform=>:jruby, :github=>"jruby/activerecord-jdbc-adapter"
+
+gemspec :path=>"../"

data/gemfiles/Rails_4.gemfile.lock

@@ -0,0 +1,186 @@
+GIT
+  remote: git://github.com/jruby/activerecord-jdbc-adapter.git
+  revision: cf50772153fbf0db5e8a4a2025da32954e625df1
+  specs:
+    activerecord-jdbc-adapter (1.3.0.beta2)
+    activerecord-jdbcsqlite3-adapter (1.3.0.beta2)
+      activerecord-jdbc-adapter (~> 1.3.0.beta2)
+      jdbc-sqlite3 (~> 3.7.2)
+
+GIT
+  remote: git://github.com/pat/combustion.git
+  revision: 5141f8412cff75c496692f49755d38d23e587db8
+  specs:
+    combustion (0.5.0)
+      activesupport (>= 3.0.0)
+      railties (>= 3.0.0)
+      thor (>= 0.14.6)
+
+PATH
+  remote: /Users/inossidabile/Repos/protector
+  specs:
+    protector (0.5.0)
+      activesupport
+      i18n
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    actionmailer (4.0.0)
+      actionpack (= 4.0.0)
+      mail (~> 2.5.3)
+    actionpack (4.0.0)
+      activesupport (= 4.0.0)
+      builder (~> 3.1.0)
+      erubis (~> 2.7.0)
+      rack (~> 1.5.2)
+      rack-test (~> 0.6.2)
+    activemodel (4.0.0)
+      activesupport (= 4.0.0)
+      builder (~> 3.1.0)
+    activerecord (4.0.0)
+      activemodel (= 4.0.0)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.0)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.3)
+    activesupport (4.0.0)
+      i18n (~> 0.6, >= 0.6.4)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    appraisal (0.5.2)
+      bundler
+      rake
+    arel (4.0.0)
+    atomic (1.1.10)
+    atomic (1.1.10-java)
+    builder (3.1.4)
+    coderay (1.0.9)
+    colored (1.2)
+    colorize (0.5.8)
+    coveralls (0.6.7)
+      colorize
+      multi_json (~> 1.3)
+      rest-client
+      simplecov (>= 0.7)
+      thor
+    diff-lcs (1.2.4)
+    erubis (2.7.0)
+    ffi (1.9.0)
+    ffi (1.9.0-java)
+    formatador (0.2.4)
+    guard (1.8.1)
+      formatador (>= 0.2.4)
+      listen (>= 1.0.0)
+      lumberjack (>= 1.0.2)
+      pry (>= 0.9.10)
+      thor (>= 0.14.6)
+    guard-rspec (3.0.2)
+      guard (>= 1.8)
+      rspec (~> 2.13)
+    hike (1.2.3)
+    i18n (0.6.4)
+    jdbc-sqlite3 (3.7.2)
+    listen (1.2.2)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+      rb-kqueue (>= 0.2)
+    lumberjack (1.0.4)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    method_source (0.8.1)
+    mime-types (1.23)
+    minitest (4.7.5)
+    multi_json (1.7.7)
+    polyglot (0.3.3)
+    pry (0.9.12.2)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    pry (0.9.12.2-java)
+      coderay (~> 1.0.5)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+      spoon (~> 0.0)
+    rack (1.5.2)
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (4.0.0)
+      actionmailer (= 4.0.0)
+      actionpack (= 4.0.0)
+      activerecord (= 4.0.0)
+      activesupport (= 4.0.0)
+      bundler (>= 1.3.0, < 2.0)
+      railties (= 4.0.0)
+      sprockets-rails (~> 2.0.0)
+    railties (4.0.0)
+      actionpack (= 4.0.0)
+      activesupport (= 4.0.0)
+      rake (>= 0.8.7)
+      thor (>= 0.18.1, < 2.0)
+    rake (10.1.0)
+    rb-fsevent (0.9.3)
+    rb-inotify (0.9.0)
+      ffi (>= 0.5.0)
+    rb-kqueue (0.2.0)
+      ffi (>= 0.5.0)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.2)
+    rspec-expectations (2.14.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.1)
+    ruby-prof (0.13.0)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    slop (3.4.5)
+    spoon (0.0.4)
+      ffi
+    sprockets (2.10.0)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    sprockets-rails (2.0.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      sprockets (~> 2.8)
+    sqlite3 (1.3.7)
+    thor (0.18.1)
+    thread_safe (0.1.0)
+      atomic
+    tilt (1.4.1)
+    treetop (1.4.14)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+
+PLATFORMS
+  java
+  ruby
+
+DEPENDENCIES
+  activerecord-jdbcsqlite3-adapter!
+  appraisal
+  colored
+  combustion!
+  coveralls
+  guard
+  guard-rspec
+  jdbc-sqlite3
+  protector!
+  pry
+  rails (= 4.0.0)
+  rake
+  rspec
+  ruby-prof
+  sqlite3

data/gemfiles/Sequel.gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: /Users/inossidabile/Repos/protector
   specs:
-    protector (0.4.1)
+    protector (0.5.0)
       activesupport
       i18n
 
@@ -18,6 +18,7 @@ GEM
       bundler
       rake
     atomic (1.1.10)
+    atomic (1.1.10-java)
     coderay (1.0.9)
     colored (1.2)
     colorize (0.5.8)

data/lib/protector/adapters/active_record/base.rb

@@ -32,12 +32,12 @@ module Protector
           end
 
           unless Protector::Adapters::ActiveRecord.modern?
-            def self.restrict!(subject)
-              scoped.restrict!(subject)
+            def self.restrict!(*args)
+              scoped.restrict! *args
             end
           else
-            def self.restrict!(subject)
-              all.restrict!(subject)
+            def self.restrict!(*args)
+              all.restrict! *args
             end
           end
 

data/lib/protector/adapters/active_record/relation.rb

@@ -74,9 +74,16 @@ module Protector
           merge(protector_meta.relation).unrestrict!.exists? *args
         end
 
-        def new_with_protector(*args)
-          return new_without_protector unless protector_subject?
-          new_without_protector.restrict!(protector_subject)
+        # Forwards protection subject to the new instance
+        def new_with_protector(*args, &block)
+          return new_without_protector(*args, &block) unless protector_subject?
+
+          # strong_parameters integration
+          if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
+            Protector::ActiveRecord::StrongParameters::sanitize! args, true, protector_meta
+          end
+
+          new_without_protector(*args, &block).restrict!(protector_subject)
         end
 
         # Patches current relation to fulfill restriction and call real `exec_queries`

data/lib/protector/adapters/active_record/strong_parameters.rb

@@ -0,0 +1,26 @@
+module Protector
+  module ActiveRecord
+    module StrongParameters
+      def self.sanitize!(args, is_new, meta)
+        if is_new
+          args[0] = args[0].permit *meta.access[:create].keys
+        else
+          args[0] = args[0].permit *meta.access[:update].keys
+        end
+      end
+
+      # strong_parameters integration
+      def sanitize_for_mass_assignment(*args)
+        # We check only for updation here since the creation will be handled by relation
+        # (see Protector::Adapters::ActiveRecord::Relation#new_with_protector)
+        if Protector.config.strong_parameters? && args.first.respond_to?(:permit) \
+            && !new_record? && protector_subject?
+
+          StrongParameters::sanitize! args, false, protector_meta
+        end
+
+        super
+      end
+    end
+  end
+end

data/lib/protector/adapters/active_record.rb

@@ -2,6 +2,7 @@ require 'protector/adapters/active_record/base'
 require 'protector/adapters/active_record/association'
 require 'protector/adapters/active_record/relation'
 require 'protector/adapters/active_record/preloader'
+require 'protector/adapters/active_record/strong_parameters'
 
 module Protector
   module Adapters

data/lib/protector/adapters/sequel/model.rb

@@ -17,8 +17,8 @@ module Protector
 
         module ClassMethods
           # Gets default restricted `Dataset`
-          def restrict!(subject)
-            dataset.clone.restrict! subject
+          def restrict!(*args)
+            dataset.clone.restrict! *args
           end
         end
 

data/lib/protector/dsl.rb

@@ -37,7 +37,7 @@ module Protector
         # Checks whether protection with given subject
         # has the selection scope defined
         def scoped?
-          Protector.paranoid || !!@scope_proc
+          Protector.config.paranoid? || !!@scope_proc
         end
 
         # @group Protection DSL
@@ -60,7 +60,7 @@ module Protector
         end
 
         def scope_proc
-          unless Protector.paranoid
+          unless Protector.config.paranoid?
             @scope_proc
           else
             @scope_proc || @adapter.null_proc
@@ -239,7 +239,7 @@ module Protector
       # Assigns restriction subject
       #
       # @param [Object] subject         Subject to restrict against
-      def restrict!(subject)
+      def restrict!(subject=nil)
         @protector_subject = subject
         @protector_subject_set = true
         self

data/lib/protector/engine.rb

@@ -3,9 +3,11 @@ module Protector
     config.protector = ActiveSupport::OrderedOptions.new
 
     initializer "protector.configuration" do |app|
-      app.config.protector.each do |key, value|
-        Protector.send "#{key}=", value
+      app.config.protector.each{|k,v| Protector.config[k] = v}
+
+      if Protector::Adapters::ActiveRecord.modern?
+        ::ActiveRecord::Base.send(:include, Protector::ActiveRecord::StrongParameters)
       end
     end
   end
-end
+end

data/lib/protector/version.rb

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = "0.4.1"
+  VERSION = "0.5.1"
 end

data/lib/protector.rb

@@ -17,7 +17,11 @@ module Protector
       Protector::Adapters::Sequel
     ]
 
-    attr_accessor :paranoid
+    attr_accessor :config
+
+    def paranoid=
+      "`Protector.paranoid = ...` is deprecated! Please change it to `Protector.config.paranoid = ...`"
+    end
 
     # Allows executing any code having Protector globally disabled
     def insecurely(&block)
@@ -31,6 +35,18 @@ module Protector
       ADAPTERS.each{|adapter| adapter.activate!}
     end
   end
+
+  class Config < ActiveSupport::OrderedOptions
+    def paranoid?
+      !!paranoid
+    end
+
+    def strong_parameters?
+      strong_parameters == nil || !!strong_parameters
+    end
+  end
+
+  self.config = Config.new
 end
 
 Protector.activate!

data/spec/internal/config/database.yml

@@ -0,0 +1,4 @@
+test:
+  adapter: <%= "jdbc" if defined? JRUBY_VERSION %>sqlite3
+  database: ":memory:"
+  verbosity: quiet

data/spec/lib/engine_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helpers/boot'
+
+if defined?(Rails)
+  describe Protector::Engine do
+    before(:all) do
+      Combustion.initialize! :active_record do
+        config.protector.paranoid = true
+        config.action_controller.action_on_unpermitted_parameters = :raise
+      end
+
+      Protector.activate!
+
+      unless Protector::Adapters::ActiveRecord.modern?
+        ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
+        ActiveRecord::Base.send(:include, Protector::ActiveRecord::StrongParameters)
+      end
+    end
+
+    after(:all) do
+      Protector.config.paranoid = false
+    end
+
+  	it "inherits Rails config" do
+      Protector.config.paranoid?.should == true
+      Protector.config.strong_parameters?.should == true
+    end
+
+    describe "strong_parameters" do
+      before(:all) do
+        load 'migrations/active_record.rb'
+
+        Dummy.instance_eval do
+          protect do
+            can :create, :string
+            can :update, :number
+          end
+        end
+      end
+
+      def params(*args)
+        ActionController::Parameters.new *args
+      end
+
+      it "creates" do
+        expect{ Dummy.restrict!.new params(string: 'test') }.to_not raise_error
+        expect{ Dummy.restrict!.new params(number: 1) }.to raise_error
+      end
+
+      it "updates" do
+        dummy = Dummy.create!
+
+        expect{ dummy.restrict!.assign_attributes params(string: 'test') }.to raise_error
+        expect{ dummy.restrict!.assign_attributes params(number: 1) }.to_not raise_error
+      end
+    end
+  end
+end

data/spec/spec_helpers/contexts/paranoid.rb

@@ -1,21 +1,21 @@
 shared_context "paranoidal", paranoid: true do
   before(:all) do
-    @paranoid_condition = Protector.paranoid
-    Protector.paranoid = true
+    @paranoid_condition = Protector.config.paranoid?
+    Protector.config.paranoid = true
   end
 
   after(:all) do
-    Protector.paranoid = @paranoid_condition
+    Protector.config.paranoid = @paranoid_condition
   end
 end
 
 shared_context "adequate", paranoid: false do
   before(:all) do
-    @paranoid_condition = Protector.paranoid
-    Protector.paranoid = false
+    @paranoid_condition = Protector.config.paranoid?
+    Protector.config.paranoid = false
   end
 
   after(:all) do
-    Protector.paranoid = @paranoid_condition
+    Protector.config.paranoid = @paranoid_condition
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.5.1
 platform: ruby
 authors:
 - Boris Staal
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-07-12 00:00:00.000000000 Z
+date: 2013-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -61,6 +61,10 @@ files:
 - gemfiles/AR_4.gemfile.lock
 - gemfiles/Mongoid.gemfile
 - gemfiles/Mongoid.gemfile.lock
+- gemfiles/Rails_3.2.gemfile
+- gemfiles/Rails_3.2.gemfile.lock
+- gemfiles/Rails_4.gemfile
+- gemfiles/Rails_4.gemfile.lock
 - gemfiles/Sequel.gemfile
 - gemfiles/Sequel.gemfile.lock
 - lib/protector.rb
@@ -69,6 +73,7 @@ files:
 - lib/protector/adapters/active_record/base.rb
 - lib/protector/adapters/active_record/preloader.rb
 - lib/protector/adapters/active_record/relation.rb
+- lib/protector/adapters/active_record/strong_parameters.rb
 - lib/protector/adapters/sequel.rb
 - lib/protector/adapters/sequel/dataset.rb
 - lib/protector/adapters/sequel/eager_graph_loader.rb
@@ -83,9 +88,12 @@ files:
 - perf/perf_helpers/boot.rb
 - perf/sequel_perf.rb
 - protector.gemspec
+- spec/internal/config/database.yml
+- spec/internal/db/schema.rb
 - spec/lib/adapters/active_record_spec.rb
 - spec/lib/adapters/sequel_spec.rb
 - spec/lib/dsl_spec.rb
+- spec/lib/engine_spec.rb
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb
@@ -117,9 +125,12 @@ specification_version: 4
 summary: 'Protector is a successor to the Heimdallr gem: it hits the same goals keeping
   the Ruby way'
 test_files:
+- spec/internal/config/database.yml
+- spec/internal/db/schema.rb
 - spec/lib/adapters/active_record_spec.rb
 - spec/lib/adapters/sequel_spec.rb
 - spec/lib/dsl_spec.rb
+- spec/lib/engine_spec.rb
 - spec/spec_helpers/adapters/active_record.rb
 - spec/spec_helpers/adapters/sequel.rb
 - spec/spec_helpers/boot.rb