sinatra-filtering_parameters 0.1.0

data/.document

@@ -0,0 +1,4 @@
+lib/**/*.rb
+README.rdoc
+ChangeLog.rdoc
+LICENSE.txt

data/.gitignore

@@ -0,0 +1,3 @@
+html/
+pkg/
+Guardfile

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2012 Takeshi Yabe
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,49 @@
+# Sinatra Filtering Parameters
+
+- [Homepage](https://github.com/tyabe/sinatra-filtering_parameters#readme)
+- [Issues](https://github.com/tyabe/sinatra-filtering_parameters/issues)
+- [Documentation](http://rubydoc.info/gems/sinatra-filtering_parameters/frames)
+- [Email](mailto:tyabe at nilidea.com)
+- [Twitter](http://twitter.com/tyabe)
+
+## Description
+
+This plugin add parameter whitelisting to a Sinatra application.
+
+## Examples
+
+``` ruby
+require 'sinatra/filtering_parameters'
+class App < Sinatra::Base
+  register Sinatra::FilteringParameters
+
+  post '/create', :allow => [ :title, :body ] do
+    @post = Post.new(params)
+    # ...
+  end
+```
+
+## Install
+
+with RubyGems:
+
+```
+$ gem install sinatra-filtering_parameters
+
+```
+if using Bundler, add to your Gemfile:
+
+```
+gem "sinatra-filtering_parameters"
+```
+and run
+
+```
+$ bundle install
+```
+
+## Copyright
+
+Copyright (c) 2012 Takeshi Yabe
+See LICENSE.txt for details.
+

data/Rakefile

@@ -0,0 +1,41 @@
+# encoding: utf-8
+
+require 'rubygems'
+require 'rake'
+
+begin
+  gem 'rubygems-tasks', '~> 0.2'
+  require 'rubygems/tasks'
+
+  Gem::Tasks.new
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install rubygems-tasks` to install Gem::Tasks."
+end
+
+begin
+  gem 'rdoc', '~> 3.0'
+  require 'rdoc/task'
+
+  RDoc::Task.new do |rdoc|
+    rdoc.title = "sinatra-filtering_parameters"
+  end
+rescue LoadError => e
+  warn e.message
+  warn "Run `gem install rdoc` to install 'rdoc/task'."
+end
+task :doc => :rdoc
+
+begin
+  gem 'rspec', '~> 2.4'
+  require 'rspec/core/rake_task'
+
+  RSpec::Core::RakeTask.new
+rescue LoadError => e
+  task :spec do
+    abort "Please run `gem install rspec` to install RSpec."
+  end
+end
+
+task :test    => :spec
+task :default => :spec

data/lib/sinatra/filtering_parameters/version.rb

@@ -0,0 +1,6 @@
+module Sinatra
+  module FilteringParameters
+    # sinatra-filtering_parameters version
+    VERSION = "0.1.0"
+  end
+end

data/lib/sinatra/filtering_parameters.rb

@@ -0,0 +1,72 @@
+require 'sinatra/filtering_parameters/version'
+
+module Sinatra
+  module FilteringParameters
+    class << self
+      def registered(app)
+        app.set(:allow) do |*filters|
+          condition do
+            _params = params.dup
+            params.clear
+            %w[ splat captures ].each do |name|
+              params[name] = _params.delete(name) if _params.include?(name)
+            end
+            hoge = Sinatra::FilteringParameters.allow(_params, filters)
+            params.merge! hoge
+          end
+        end
+      end
+
+      def allow(params, filters)
+        allow_params = {}
+        _filters = [filters].flatten
+        [filters].flatten.each do |filter|
+          _filters.shift
+          case filter
+          when Symbol, String
+            filter = filter.to_s
+            next unless params.is_a?(Hash)
+
+            if params.has_key?(filter)
+              if params[filter].is_a?(Hash)
+                allow_param = allow(params[filter], _filters)
+                allow_params[filter] = allow_param unless allow_param.empty?
+              else
+                allow_params[filter] = params[filter]
+              end
+            end
+          when Hash
+            _params = {}
+            filter.keys.map(&:to_s).each { |k| _params[k] = params[k] if params.has_key?(k) }
+            _params.each do |key, value|
+              case value
+              when Array
+                [value].flatten.each do |v|
+                  allow_param = allow(v, filter.values)
+                  unless allow_param.empty?
+                    allow_params[key] ||= []
+                    allow_params[key] << allow_param
+                  end
+                end
+              else
+                if value.keys.all? { |k| k =~ /\A-?\d+\z/ }
+                  value.each do |k, v|
+                    allow_param = allow(v, filter.values)
+                    unless allow_param.empty?
+                      allow_params[key] ||= {}
+                      allow_params[key][k] = allow_param
+                    end
+                  end
+                else
+                  allow_param = allow(value, filter.values)
+                  allow_params[key] = allow_param unless allow_param.empty?
+                end
+              end
+            end
+          end
+        end
+        allow_params
+      end
+    end
+  end
+end

data/sinatra-filtering_parameters.gemspec

@@ -0,0 +1,28 @@
+# -*- encoding: utf-8 -*-
+
+require File.expand_path('../lib/sinatra/filtering_parameters/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name          = "sinatra-filtering_parameters"
+  gem.version       = Sinatra::FilteringParameters::VERSION
+  gem.summary       = "Filtering allowed parameters for Sinatra"
+  gem.description   = "This adds filter to use only those parameters that are allowed to a Sinatra application."
+  gem.license       = "MIT"
+  gem.authors       = ["Takeshi Yabe"]
+  gem.email         = "tyabe@nilidea.com"
+  gem.homepage      = "https://github.com/tyabe/sinatra-filtering_parameters#readme"
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+
+  gem.add_dependency "sinatra",   "~> 1.3"
+
+  gem.add_development_dependency "rdoc", "~> 3.0"
+  gem.add_development_dependency "rake",  "~> 0.9.2"
+  gem.add_development_dependency "rspec", "~> 2.4"
+  gem.add_development_dependency "rubygems-tasks", "~> 0.2"
+  gem.add_development_dependency "rack-test"
+  gem.add_development_dependency "sinatra-contrib"
+end

data/spec/nested_parameters_spec.rb

@@ -0,0 +1,203 @@
+require 'spec_helper'
+
+describe Sinatra::FilteringParameters do
+
+  def post_with_filter(args)
+    mock_app do
+      register Sinatra::FilteringParameters
+      post('/', allow: args[:allow]){ params.to_json }
+    end
+    post '/', args[:pass_params]
+  end
+
+  it "permitted nested parameters" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :title => "Romeo and Juliet",
+          :authors => [{
+            :name => "William Shakespeare",
+            :born => "1564-04-26"
+          }, {
+            :name => "Christopher Marlowe"
+          }],
+          :details => {
+            :pages => 200,
+            :genre => "Tragedy"
+          }
+        },
+        :magazine => "Mjallo!"
+      },
+      :allow => [
+        :book => [
+          :title,
+          :authors => :name,
+          :details => :pages
+        ]
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "title" => "Romeo and Juliet",
+        "authors" => [{
+          "name" => "William Shakespeare"
+        },{
+          "name" => "Christopher Marlowe"
+        }],
+        "details" => {
+          "pages" => "200"
+        }
+      }
+    })
+  end
+  it "nested arrays with strings" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :genres => ["Tragedy"]
+        }
+      },
+      :allow => [
+        :book => :genres
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "genres" => ["Tragedy"]
+      }
+    })
+  end
+
+  it "permit may specify symbols or strings" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :title => "Romeo and Juliet",
+          :author => "William Shakespeare"
+        },
+        :magazine => "Shakespeare Today"
+      },
+      :allow => [{
+        :book => [
+          "title",
+          :author
+        ]},
+        "magazine"
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "title" => "Romeo and Juliet",
+        "author" => "William Shakespeare",
+      },
+      "magazine" => "Shakespeare Today"
+    })
+  end
+
+  it "nested array with strings that should be hashes" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :genres => ["Tragedy"]
+        }
+      },
+      :allow => [
+        :book => [
+          :genres => :type
+        ]
+      ]
+    )
+    result_should_be_equal({})
+  end
+
+  it "nested array with strings that should be hashes and additional values" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :title => "Romeo and Juliet",
+          :genres => ["Tragedy"]
+        }
+      },
+      :allow => [
+        :book => [
+          :title,
+          :genres => :type
+        ]
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "title" => "Romeo and Juliet"
+      }
+    })
+  end
+
+  it "nested string that should be a hash" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :genre => "Tragedy"
+        }
+      },
+      :allow => [
+        :book => [
+          :genres => :type
+         ]
+      ]
+    )
+    result_should_be_equal({})
+  end
+
+  it "fields_for_style_nested_params" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :authors_attributes => {
+            :'0' => { :name => 'William Shakespeare', :age_of_death => '52' },
+            :'1' => { :name => 'Unattributed Assistant' }
+          }
+        }
+      },
+      :allow => [
+        :book => [
+          :authors_attributes => :name
+        ]
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "authors_attributes" => {
+          "0" => { "name" => "William Shakespeare" },
+          "1" => { "name" => "Unattributed Assistant" }
+        }
+      }
+    })
+  end
+
+  it "fields_for_style_nested_params with negative numbers" do
+    post_with_filter(
+      :pass_params => {
+        :book => {
+          :authors_attributes => {
+            :'-1' => { :name => 'William Shakespeare', :age_of_death => '52' },
+            :'-2' => { :name => 'Unattributed Assistant' }
+          }
+        }
+      },
+      :allow => [
+        :book => [
+          :authors_attributes => :name
+        ]
+      ]
+    )
+    result_should_be_equal({
+      "book" => {
+        "authors_attributes" => {
+          "-1" => { "name" => "William Shakespeare" },
+          "-2" => { "name" => "Unattributed Assistant" }
+        }
+      }
+    })
+  end
+
+end

data/spec/permitted_parameters_spec.rb

@@ -0,0 +1,66 @@
+require 'spec_helper'
+
+describe Sinatra::FilteringParameters do
+
+  def post_with_filter(args)
+    mock_app do
+      register Sinatra::FilteringParameters
+      if args[:allow].nil?
+        post('/sample/:name'){ params.to_json }
+      else
+        post('/sample/:name', allow: args[:allow]){ params.to_json }
+      end
+    end
+    post '/sample/foo', args[:pass_params]
+  end
+
+  describe 'permitted parameters nothing' do
+    it "when success" do
+      post_with_filter(
+        :pass_params  =>  { :a => 1, :b => 2, :c => 3 }
+      )
+      result_should_be_equal({ "a"=>"1", "b"=>"2", "c"=>"3", "splat"=>[], "captures"=>["foo"], "name"=>"foo" })
+    end
+  end
+
+  describe 'permitted parameters specified in' do
+    it 'symbol' do
+      post_with_filter(
+        :pass_params  =>  { :a => 1, :b => 2, :c => 3 },
+        :allow        =>  :name
+      )
+      result_should_be_equal({ "splat"=>[], "captures"=>["foo"], "name"=>"foo" })
+    end
+    it "string" do
+      post_with_filter(
+        :pass_params  =>  { :a => 1, :b => 2, :c => 3 },
+        :allow        =>  'name'
+      )
+      result_should_be_equal({ "splat"=>[], "captures"=>["foo"], "name"=>"foo" })
+    end
+    it "array" do
+      post_with_filter(
+        :pass_params  =>  { :a => 1, :b => 2, :c => 3 },
+        :allow        =>  [:name, :a]
+      )
+      result_should_be_equal({ "splat"=>[], "captures"=>["foo"], "name"=>"foo", "a"=>"1" })
+    end
+    context "empty" do
+      it "string" do
+        post_with_filter(
+          :pass_params  =>  { :a => 1, :b => 2, :c => 3 },
+          :allow        =>  ''
+        )
+        result_should_be_equal({ "splat"=>[], "captures"=>["foo"] })
+      end
+      it "array" do
+        post_with_filter(
+          :pass_params  =>  { :a => 1, :b => 2, :c => 3 },
+          :allow        =>  []
+        )
+        result_should_be_equal({ "splat"=>[], "captures"=>["foo"] })
+      end
+    end
+  end
+
+end

data/spec/spec_helper.rb

@@ -0,0 +1,18 @@
+gem 'rspec', '~> 2.4'
+require 'rspec'
+require 'rack/test'
+
+require 'sinatra'
+require 'sinatra/contrib'
+require 'sinatra/filtering_parameters'
+require 'json'
+
+RSpec.configure do |config|
+  config.include Rack::Test::Methods
+  config.include Sinatra::TestHelpers
+end
+
+def result_should_be_equal(filterd_params)
+  last_response.body.should == filterd_params.to_json
+end
+

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: sinatra-filtering_parameters
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+  prerelease: 
+platform: ruby
+authors:
+- Takeshi Yabe
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-11-26 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: sinatra
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rdoc
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.4'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.4'
+- !ruby/object:Gem::Dependency
+  name: rubygems-tasks
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sinatra-contrib
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This adds filter to use only those parameters that are allowed to a Sinatra
+  application.
+email: tyabe@nilidea.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .document
+- .gitignore
+- .rspec
+- LICENSE.txt
+- README.md
+- Rakefile
+- lib/sinatra/filtering_parameters.rb
+- lib/sinatra/filtering_parameters/version.rb
+- sinatra-filtering_parameters.gemspec
+- spec/nested_parameters_spec.rb
+- spec/permitted_parameters_spec.rb
+- spec/spec_helper.rb
+homepage: https://github.com/tyabe/sinatra-filtering_parameters#readme
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.23
+signing_key: 
+specification_version: 3
+summary: Filtering allowed parameters for Sinatra
+test_files:
+- spec/nested_parameters_spec.rb
+- spec/permitted_parameters_spec.rb
+- spec/spec_helper.rb