social_stream-base 0.24.2 → 1.0.0

data/app/controllers/activity_actions_controller.rb

@@ -1,10 +1,4 @@
 class ActivityActionsController < ApplicationController
-  # Last tendencies in rails talk about filtering params in the controller,
-  # instead of using attr_protected
-  #
-  # We hope it will be shiped in Rails 4, so we write our custom method for now
-  before_filter :clean_params
-
   before_filter :can_read_activity_object, :only => :create
 
   respond_to :js
@@ -15,20 +9,19 @@ class ActivityActionsController < ApplicationController
         sent_actions.
         find_or_create_by_activity_object_id @activity_object.id
 
-    @activity_action.update_attributes params[:activity_action]
+    @activity_action.update_attributes activity_action_params
   end
 
   def update
-    activity_action.update_attributes params[:activity_action]
+    activity_action.update_attributes activity_action_params
   end
 
   private
 
-  def clean_params
-    return if params[:activity_action].blank?
-
-    params[:activity_action].delete(:actor_id)
-    params[:activity_action].delete(:activity_object_id) if params[:id].present?
+  def activity_action_params
+    params.
+      require(:activity_action).
+      permit(:follow)
   end
 
   def can_read_activity_object

data/app/controllers/comments_controller.rb

@@ -5,4 +5,10 @@ class CommentsController < ApplicationController
     parent = resource.post_activity.parent
     redirect_to polymorphic_path(parent.direct_object,:anchor => dom_id(parent))
   end
+
+  private
+
+  def allowed_params
+    [:text]
+  end
 end

data/app/controllers/posts_controller.rb

@@ -1,3 +1,9 @@
 class PostsController < ApplicationController
   include SocialStream::Controllers::Objects
+
+  private
+
+  def allowed_params
+    [:text]
+  end
 end

data/app/controllers/profiles_controller.rb

@@ -12,7 +12,7 @@ class ProfilesController < ApplicationController
   end
 
   def update
-    current_profile.update_attributes params[:profile]
+    current_profile.update_attributes profile_params
 
     respond_to do |format|
       format.html{ redirect_to [profile_subject, :profile] }
@@ -22,6 +22,12 @@ class ProfilesController < ApplicationController
 
   private
 
+  def profile_params
+    params.
+      require(:profile).
+      permit(:organization, :birthday, :city, :country, :description, :phone, :mobile, :fax, :address, :website, :experience, actor_attributes: [ :id, :name, :email, :tag_list ])
+  end
+
   def subject_profile
     @profile ||=
       profile_subject!.profile

data/app/models/activity_action.rb

@@ -2,6 +2,8 @@
 # on {ActivityObject activity objects}
 # 
 class ActivityAction < ActiveRecord::Base
+  include ActiveModel::ForbiddenAttributesProtection
+
   belongs_to :actor
   belongs_to :activity_object
 

data/app/models/actor.rb

@@ -31,7 +31,9 @@ class Actor < ActiveRecord::Base
 
   acts_as_url :name, :url_attribute => :slug
   
-  has_one :profile, :dependent => :destroy
+  has_one :profile,
+          dependent: :destroy,
+          inverse_of: :actor
 
   has_many :avatars,
            :validate => true,

data/app/models/contact.rb

@@ -29,7 +29,7 @@ class Contact < ActiveRecord::Base
 
   has_many :ties,
            :dependent  => :destroy,
-           :before_add => :set_user_author
+           :inverse_of => :contact
 
   has_many :relations,
            :through => :ties,
@@ -172,15 +172,6 @@ class Contact < ActiveRecord::Base
     raise "Cannot determine user_author for #{ sender.inspect }"
   end
 
-  # user_author is not preserved when the associated tie is build, in:
-  #
-  #   contact.ties.build
-  #
-  # so we need to preserve so the tie activity is recorded
-  def set_user_author(tie)
-    tie.contact.user_author = @user_author
-  end
-
   # after_remove callback
   #
   # has_many collection=objects method does not trigger destroy callbacks,

data/app/models/group.rb

@@ -51,9 +51,11 @@ class Group < ActiveRecord::Base
     participant_ids = ([ author_id, user_author_id ] | Array.wrap(@_participants)).uniq
 
     participant_ids.each do |a|
-      sent_contacts.create! :receiver_id  => a,
-                            :user_author  => user_author,
-                            :relation_ids => Array(relation_customs.sort.first.id)
+      c =
+        sent_contacts.create! :receiver_id  => a,
+                              :user_author  => user_author
+      
+      c.relation_ids = Array.wrap(relation_customs.sort.first.id)
     end
   end
 end

data/app/models/profile.rb

@@ -1,8 +1,11 @@
 class Profile < ActiveRecord::Base
-  belongs_to :actor
-    
+  include ActiveModel::ForbiddenAttributesProtection
+
+  belongs_to :actor,
+             inverse_of: :profile
+
   accepts_nested_attributes_for :actor
-  
+    
   validates_presence_of :actor_id
   
   validates_format_of :mobile, :phone, :fax,

data/app/models/tie.rb

@@ -22,7 +22,9 @@
 #                        integer, array
 #
 class Tie < ActiveRecord::Base
-  belongs_to :contact, :counter_cache => true
+  belongs_to :contact,
+             :counter_cache => true,
+             :inverse_of    => :ties
 
   has_one :sender,   :through => :contact
   has_one :receiver, :through => :contact

data/lib/inherited_resources/social_stream.rb

@@ -1,7 +1,7 @@
 # Monkey path inherited_resources
 #
 #
-# Fix https://github.com/josevalim/inherited_resources/issues/216
+# Pull request https://github.com/josevalim/inherited_resources/pull/237
 module InheritedResources::BaseHelpers
   private
 
@@ -11,8 +11,13 @@ module InheritedResources::BaseHelpers
   end
 
   def build_resource_params
-    rparams = [params[resource_request_name] || params[resource_instance_name] || {}]
+    rparams = [whitelisted_params || params[resource_request_name] || params[resource_instance_name] || {}]
     rparams << as_role if role_given?
     rparams
   end
+
+  def whitelisted_params
+    whitelist_method = :"#{ resource_request_name }_params"
+    respond_to?(whitelist_method, true) && self.send(whitelist_method)
+  end
 end

data/lib/social_stream/base/dependencies.rb

@@ -54,4 +54,6 @@ require 'social_cheesecake'
 # I18n-js
 require 'i18n-js'
 require 'i18n-js/social_stream-base'
+# Strong parameters
+require 'strong_parameters'
 

data/lib/social_stream/base/version.rb

@@ -1,5 +1,5 @@
 module SocialStream
   module Base
-    VERSION = "0.24.2".freeze
+    VERSION = "1.0.0".freeze
   end
 end

data/lib/social_stream/controllers/objects.rb

@@ -22,6 +22,16 @@ module SocialStream
 
       # Methods that should be included after the included block
       module UpperInstanceMethods
+        def allowed_params
+          [] # This should be overriden in controllers to allow extra params
+        end
+      
+        def whitelisted_params
+          return {} if request.present? and request.get?
+          all_allowed_params = allowed_params + [:created_at, :updated_at, :title, :description, :author_id, :owner_id, :user_author_id, :_activity_parent_id]
+          params.require(self.class.model_class.to_s.underscore.to_sym).permit( *all_allowed_params )
+        end
+
         def search
           collection_variable_set self.class.model_class.search(params[:q], search_options)
 

data/lib/social_stream/models/object.rb

@@ -47,6 +47,9 @@ module SocialStream
           joins(:activity_object).
             merge(ActivityObject.followed_by(subject))
         }
+
+        # Strong parameters
+        include ActiveModel::ForbiddenAttributesProtection
       end
 
       module ClassMethods

data/lib/social_stream/models/subtype.rb

@@ -19,7 +19,8 @@ module SocialStream #:nodoc:
         belongs_to supertype_name, {                          # belongs_to :actor, {
                     :validate  => true,                       #   :validate => true
                     :autosave  => true,                       #   :autosave => true
-                    :dependent => :destroy                    #   :dependent => :destroy
+                    :dependent => :destroy,                   #   :dependent => :destroy
+                    :inverse_of => name.underscore.to_sym     #   :inverse_of => :user,
                   }.merge(supertype_options[:belongs] || {})  #   }.merge(supertype_options[:belongs] || {})
 
         class_eval <<-EOS
@@ -38,6 +39,10 @@ module SocialStream #:nodoc:
       end
 
       module ClassMethods
+        def supertype_sym
+          supertype_name.to_sym
+        end
+
         def supertype_foreign_key
           "#{ supertype_name }_id" # "actor_id"
         end 
@@ -50,7 +55,17 @@ module SocialStream #:nodoc:
         raise subtype_error unless _delegate_to_supertype?(:method)
 
         begin
-          supertype!.__send__ method, *args, &block
+          res = supertype!.__send__(method, *args, &block)
+
+          # Cache method
+          self.class.class_eval <<-STR, __FILE__, __LINE__ + 1
+            def #{ method } *args, &block
+              supertype!.__send__ :#{ method }, *args, &block
+            end
+          STR
+
+          res
+
         # We rescue supertype's NameErrors so methods not defined are raised from
         # the subtype. Example: user.foo should raise "foo is not defined in user"
         # and not "in actor"

data/lib/social_stream/models/supertype.rb

@@ -14,9 +14,11 @@ module SocialStream #:nodoc:
       include SocialStream::ActivityStreams::Supertype
 
       included do
-        subtypes.each do |s|                # [ :user, :group ].each do |s|
-          has_one s, :dependent => :destroy #   has_one s, :dependent => :destroy
-        end                                 # end
+        subtypes.each do |s|                          # [ :user, :group ].each do |s|
+          has_one s,                                  #   has_one s,
+                  autosave:   false,                  #           autosave:   false,
+                  inverse_of: name.underscore.to_sym  #           inverse_of: :actor
+        end                                           # end
       end
 
       module ClassMethods

data/social_stream-base.gemspec

@@ -63,6 +63,8 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency('social_cheesecake','~> 0.5.0')
   # I18n-js
   s.add_runtime_dependency('i18n-js','~>2.1.2')
+  # Strong Parameters
+  s.add_runtime_dependency('strong_parameters','~> 0.1.5')
 
   # Development gem dependencies
   #

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: social_stream-base
 version: !ruby/object:Gem::Version
-  version: 0.24.2
+  version: 1.0.0
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-12-20 00:00:00.000000000 Z
+date: 2013-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: deep_merge
@@ -412,6 +412,22 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: 2.1.2
+- !ruby/object:Gem::Dependency
+  name: strong_parameters
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.5
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.5
 - !ruby/object:Gem::Dependency
   name: capybara
   requirement: !ruby/object:Gem::Requirement