RubyGems - protector - Versions diffs - 0.7.3 → 0.7.4 - Mend

protector 0.7.3 → 0.7.4

Files changed (11) hide show

checksums.yaml +4 -4
data/lib/protector/adapters/active_record.rb +2 -0
data/lib/protector/adapters/active_record/base.rb +0 -9
data/lib/protector/adapters/active_record/relation.rb +6 -1
data/lib/protector/adapters/active_record/strong_parameters.rb +20 -17
data/lib/protector/adapters/active_record/validations.rb +24 -0
data/lib/protector/engine.rb +1 -1
data/lib/protector/version.rb +1 -1
data/spec/lib/protector/adapters/active_record_spec.rb +11 -0
data/spec/lib/protector/engine_spec.rb +2 -1
metadata +3 -2

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0a2b754f71ad4665dfb640dd5ab5c2060d4f76d4
-  data.tar.gz: bb360fdf2df2fb9fb363b3c1bc504f55ac43251a
+  metadata.gz: 8ab9ae6223aeaab08d8d948afabcda92ba575bb5
+  data.tar.gz: 78493baec6fb7bba08e88317786e0f6f67424c46
 SHA512:
-  metadata.gz: e369f3564da219a73ff7064e1e61fcfee92f3250861c2a55f98a01db1465a532be4ffa8d2a2154dafb2571ccc104a7911f5e2960f503d44d1de95fcbd7fd0daa
-  data.tar.gz: b0fe0645dfbb8e596baf3fa097005e1aff161fef6503413917d95d8a1c3362ebffbecc4d78823ba8b1ddd74adad5a49b74640b3439dcd576b13463e4fdfd5711
+  metadata.gz: 553c9be308ba628290f0e629674601e87cc6e0976c27fa04178129eac71a5dd29a1dac95508c93d316dc074029c29e7849ec274406b0ccf74d0cec74e4c616cf
+  data.tar.gz: 127203f58494490d56d711c6af3a30777b7ddab2fd6822f10a4a6d7838c054ded1163f84565b965fb034fa501f0c2186823079477d2b288d8577c27833b60170

data/lib/protector/adapters/active_record.rb CHANGED

@@ -5,6 +5,7 @@ require 'protector/adapters/active_record/relation'
 require 'protector/adapters/active_record/collection_proxy'
 require 'protector/adapters/active_record/preloader'
 require 'protector/adapters/active_record/strong_parameters'
+require 'protector/adapters/active_record/validations'
 module Protector
   module Adapters
@@ -15,6 +16,7 @@ module Protector
         return false unless defined?(::ActiveRecord)
         ::ActiveRecord::Base.send :include, Protector::Adapters::ActiveRecord::Base
+        ::ActiveRecord::Base.send :include, Protector::Adapters::ActiveRecord::Validations
         ::ActiveRecord::Relation.send :include, Protector::Adapters::ActiveRecord::Relation
         ::ActiveRecord::Associations::SingularAssociation.send :include, Protector::Adapters::ActiveRecord::Association
         ::ActiveRecord::Associations::SingularAssociation.send :include, Protector::Adapters::ActiveRecord::SingularAssociation

data/lib/protector/adapters/active_record/base.rb CHANGED

@@ -18,15 +18,6 @@ module Protector
             klass.undefine_attribute_methods if klass < self
           end
-          validate do
-            if protector_subject?
-              method = new_record? ? :first_uncreatable_field : :first_unupdatable_field
-              field  = protector_meta.send(method, protector_changed)
-              errors[:base] << I18n.t('protector.invalid', field: field) if field
-            end
-          end
           # Drops {Protector::DSL::Meta::Box} cache when subject changes
           def restrict!(*args)
             @protector_meta = nil

data/lib/protector/adapters/active_record/relation.rb CHANGED

@@ -91,7 +91,7 @@ module Protector
           # strong_parameters integration
           if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
-            Protector::ActiveRecord::StrongParameters.sanitize! args, true, protector_meta
+            Protector::ActiveRecord::Adapters::StrongParameters.sanitize! args, true, protector_meta
           end
           unless block_given?
@@ -106,6 +106,11 @@ module Protector
         def create_with_protector(*args, &block)
           return create_without_protector(*args, &block) unless protector_subject?
+          # strong_parameters integration
+          if Protector.config.strong_parameters? && args.first.respond_to?(:permit)
+            Protector::ActiveRecord::Adapters::StrongParameters.sanitize! args, true, protector_meta
+          end
           create_without_protector(*args) do |instance|
             instance.restrict!(protector_subject)
             block.call(instance) if block

data/lib/protector/adapters/active_record/strong_parameters.rb CHANGED

@@ -1,26 +1,29 @@
 module Protector
   module ActiveRecord
-    module StrongParameters
-      def self.sanitize!(args, is_new, meta)
-        return if args[0].permitted?
-        if is_new
-          args[0] = args[0].permit(*meta.access[:create].keys) if meta.access.include? :create
-        else
-          args[0] = args[0].permit(*meta.access[:update].keys) if meta.access.include? :update
+    module Adapters
+      module StrongParameters
+        def self.sanitize!(args, is_new, meta)
+          return if args[0].permitted?
+          if is_new
+            args[0] = args[0].permit(*meta.access[:create].keys) if meta.access.include? :create
+          else
+            args[0] = args[0].permit(*meta.access[:update].keys) if meta.access.include? :update
+          end
         end
-      end
-      # strong_parameters integration
-      def sanitize_for_mass_assignment(*args)
-        # We check only for updation here since the creation will be handled by relation
-        # (see Protector::Adapters::ActiveRecord::Relation#new_with_protector)
-        if Protector.config.strong_parameters? && args.first.respond_to?(:permit) \
-            && !new_record? && protector_subject?
+        # strong_parameters integration
+        def sanitize_for_mass_assignment(*args)
+          # We check only for updation here since the creation will be handled by relation
+          # (see Protector::Adapters::ActiveRecord::Relation#new_with_protector and
+          # Protector::Adapters::ActiveRecord::Relation#create_with_protector)
+          if Protector.config.strong_parameters? && args.first.respond_to?(:permit) \
+              && !new_record? && protector_subject?
-          StrongParameters.sanitize! args, false, protector_meta
-        end
+            StrongParameters.sanitize! args, false, protector_meta
+          end
-        super
+          super
+        end
       end
     end
   end

data/lib/protector/adapters/active_record/validations.rb ADDED

@@ -0,0 +1,24 @@
+module Protector
+  module Adapters
+    module ActiveRecord
+      module Validations
+        def valid?(*args)
+          if protector_subject?
+            state  = Protector.insecurely{ super(*args) }
+            method = new_record? ? :first_uncreatable_field : :first_unupdatable_field
+            field  = protector_meta.send(method, protector_changed)
+            if field
+              errors[:base] << I18n.t('protector.invalid', field: field)
+              state = false
+            end
+            state
+          else
+            super(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/protector/engine.rb CHANGED

@@ -6,7 +6,7 @@ module Protector
       app.config.protector.each { |k, v| Protector.config[k] = v }
       if Protector::Adapters::ActiveRecord.modern?
-        ::ActiveRecord::Base.send(:include, Protector::ActiveRecord::StrongParameters)
+        ::ActiveRecord::Base.send(:include, Protector::ActiveRecord::Adapters::StrongParameters)
       end
     end
   end

data/lib/protector/version.rb CHANGED

@@ -1,4 +1,4 @@
 module Protector
   # Gem version
-  VERSION = '0.7.3'
+  VERSION = '0.7.4'
 end

data/spec/lib/protector/adapters/active_record_spec.rb CHANGED

@@ -116,6 +116,17 @@ if defined?(ActiveRecord)
         expect { dummy.restrict!('!').find(1) }.to_not raise_error
         expect { dummy.restrict!('!').find(2) }.to raise_error
       end
+      it "allows for validations" do
+        dummy.instance_eval do
+          validates :string, presence: true
+          protect do; can :create; end
+        end
+        instance = dummy.restrict!('!').new(string: 'test')
+        instance.save.should == true
+        instance.delete
+      end
     end
     #

data/spec/lib/protector/engine_spec.rb CHANGED

@@ -12,7 +12,7 @@ if defined?(Rails)
       unless Protector::Adapters::ActiveRecord.modern?
         ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
-        ActiveRecord::Base.send(:include, Protector::ActiveRecord::StrongParameters)
+        ActiveRecord::Base.send(:include, Protector::ActiveRecord::Adapters::StrongParameters)
       end
     end
@@ -48,6 +48,7 @@ if defined?(Rails)
       it "creates" do
         expect{ dummy.restrict!.new params(string: 'test') }.to_not raise_error
+        expect{ dummy.restrict!.create(params(string: 'test')).delete }.to_not raise_error
         expect{ dummy.restrict!.new params(number: 1) }.to raise_error
       end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: protector
 version: !ruby/object:Gem::Version
-  version: 0.7.3
+  version: 0.7.4
 platform: ruby
 authors:
 - Boris Staal
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-12-30 00:00:00.000000000 Z
+date: 2014-01-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -71,6 +71,7 @@ files:
 - lib/protector/adapters/active_record/relation.rb
 - lib/protector/adapters/active_record/singular_association.rb
 - lib/protector/adapters/active_record/strong_parameters.rb
+- lib/protector/adapters/active_record/validations.rb
 - lib/protector/adapters/sequel.rb
 - lib/protector/adapters/sequel/dataset.rb
 - lib/protector/adapters/sequel/eager_graph_loader.rb