strong_parameters 0.1.0 → 0.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. data/README.rdoc +4 -4
  2. data/lib/action_controller/parameters.rb +37 -3
  3. data/lib/strong_parameters/version.rb +1 -1
  4. data/test/action_controller_required_params_test.rb +5 -0
  5. data/test/nested_parameters_test.rb +80 -0
  6. metadata +10 -8
data/README.rdoc CHANGED
@@ -29,13 +29,13 @@ In addition, parameters can be marked as required and flow through a predefined
29
29
  end
30
30
  end
31
31
 
32
- Thanks to Nick Kallen for the permit idea!
32
+ You can also use permit on nested parameters, like:
33
33
 
34
- == Todos
34
+ params.permit(:name, friends: [ :name, { family: [ :name ] }])
35
35
 
36
- * Make this play nice with nested parameters [???]. Design:
36
+ Thanks to Nick Kallen for the permit idea!
37
37
 
38
- params.permit(:name, friends: [ :name, { family: [ :name ] }])
38
+ == Todos
39
39
 
40
40
  * Automatically permit parameters coming from a signed form [Yehuda]
41
41
 
data/lib/action_controller/parameters.rb CHANGED
@@ -30,8 +30,32 @@ module ActionController
30
30
  self[key].presence || raise(ActionController::ParameterMissing.new(key))
31
31
  end
32
32
 
33
- def permit(*keys)
34
- slice(*keys).permit!
33
+ def permit(*filters)
34
+ params = self.class.new
35
+
36
+ filters.each do |filter|
37
+ case filter
38
+ when Symbol then
39
+ params[filter] = self[filter]
40
+ when Hash then
41
+ self.slice(*filter.keys).each do |key, value|
42
+ return unless value
43
+
44
+ key = key.to_sym
45
+
46
+ params[key] = each_element(value) do |value|
47
+ # filters are a Hash, so we expect value to be a Hash too
48
+ next if filter.is_a?(Hash) && !value.is_a?(Hash)
49
+
50
+ value = self.class.new(value) if !value.respond_to?(:permit)
51
+
52
+ value.permit(*Array.wrap(filter[key]))
53
+ end
54
+ end
55
+ end
56
+ end
57
+
58
+ params.permit!
35
59
  end
36
60
 
37
61
  def [](key)
@@ -59,13 +83,23 @@ module ActionController
59
83
  self[key] = self.class.new(value)
60
84
  end
61
85
  end
86
+
87
+ def each_element(object)
88
+ if object.is_a?(Array)
89
+ object.map { |el| yield el }.compact
90
+ else
91
+ yield object
92
+ end
93
+ end
62
94
  end
63
95
 
64
96
  module StrongParameters
65
97
  extend ActiveSupport::Concern
66
98
 
67
99
  included do
68
- rescue_from(ActionController::ParameterMissing) { head :bad_request }
100
+ rescue_from(ActionController::ParameterMissing) do |parameter_missing_exception|
101
+ render text: "Required parameter missing: #{parameter_missing_exception.param}", status: :bad_request
102
+ end
69
103
  end
70
104
 
71
105
  def params
data/lib/strong_parameters/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module StrongParameters
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.1"
3
3
  end
data/test/action_controller_required_params_test.rb CHANGED
@@ -22,4 +22,9 @@ class ActionControllerRequiredParamsTest < ActionController::TestCase
22
22
  post :create, { book: { name: "Mjallo!" } }
23
23
  assert_response :ok
24
24
  end
25
+
26
+ test "missing parameters will be mentioned in the return" do
27
+ post :create, { magazine: { name: "Mjallo!" } }
28
+ assert_equal "Required parameter missing: book", response.body
29
+ end
25
30
  end
data/test/nested_parameters_test.rb ADDED
@@ -0,0 +1,80 @@
1
+ require 'test_helper'
2
+ require 'action_controller/parameters'
3
+
4
+ class NestedParametersTest < ActiveSupport::TestCase
5
+ test "permitted nested parameters" do
6
+ params = ActionController::Parameters.new({
7
+ book: {
8
+ title: "Romeo and Juliet",
9
+ authors: [{
10
+ name: "William Shakespeare",
11
+ born: "1564-04-26"
12
+ }, {
13
+ name: "Christopher Marlowe"
14
+ }],
15
+ details: {
16
+ pages: 200,
17
+ genre: "Tragedy"
18
+ }
19
+ },
20
+ magazine: "Mjallo!"
21
+ })
22
+
23
+ permitted = params.permit book: [ :title, { authors: [ :name ] }, { details: :pages } ]
24
+
25
+ assert permitted.permitted?
26
+ assert_equal "Romeo and Juliet", permitted[:book][:title]
27
+ assert_equal "William Shakespeare", permitted[:book][:authors][0][:name]
28
+ assert_equal "Christopher Marlowe", permitted[:book][:authors][1][:name]
29
+ assert_equal 200, permitted[:book][:details][:pages]
30
+ assert_nil permitted[:book][:details][:genre]
31
+ assert_nil permitted[:book][:authors][1][:born]
32
+ assert_nil permitted[:magazine]
33
+ end
34
+
35
+ test "nested arrays with strings" do
36
+ params = ActionController::Parameters.new({
37
+ book: {
38
+ genres: ["Tragedy"]
39
+ }
40
+ })
41
+
42
+ permitted = params.permit book: :genres
43
+ assert_equal ["Tragedy"], permitted[:book][:genres]
44
+ end
45
+
46
+ test "nested array with strings that should be hashes" do
47
+ params = ActionController::Parameters.new({
48
+ book: {
49
+ genres: ["Tragedy"]
50
+ }
51
+ })
52
+
53
+ permitted = params.permit book: { genres: :type }
54
+ assert_empty permitted[:book][:genres]
55
+ end
56
+
57
+ test "nested array with strings that should be hashes and additional values" do
58
+ params = ActionController::Parameters.new({
59
+ book: {
60
+ title: "Romeo and Juliet",
61
+ genres: ["Tragedy"]
62
+ }
63
+ })
64
+
65
+ permitted = params.permit book: [ :title, { genres: :type } ]
66
+ assert_equal "Romeo and Juliet", permitted[:book][:title]
67
+ assert_empty permitted[:book][:genres]
68
+ end
69
+
70
+ test "nested string that should be a hash" do
71
+ params = ActionController::Parameters.new({
72
+ book: {
73
+ genre: "Tragedy"
74
+ }
75
+ })
76
+
77
+ permitted = params.permit book: { genre: :type }
78
+ assert_nil permitted[:book][:genre]
79
+ end
80
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: strong_parameters
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,11 +9,11 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-03-21 00:00:00.000000000 Z
12
+ date: 2012-03-22 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: actionpack
16
- requirement: &70323933135920 !ruby/object:Gem::Requirement
16
+ requirement: &70365015572120 !ruby/object:Gem::Requirement
17
17
  none: false
18
18
  requirements:
19
19
  - - ! '>='
@@ -21,10 +21,10 @@ dependencies:
21
21
  version: 3.2.0
22
22
  type: :runtime
23
23
  prerelease: false
24
- version_requirements: *70323933135920
24
+ version_requirements: *70365015572120
25
25
  - !ruby/object:Gem::Dependency
26
26
  name: activemodel
27
- requirement: &70323933135420 !ruby/object:Gem::Requirement
27
+ requirement: &70365015570760 !ruby/object:Gem::Requirement
28
28
  none: false
29
29
  requirements:
30
30
  - - ! '>='
@@ -32,10 +32,10 @@ dependencies:
32
32
  version: 3.2.0
33
33
  type: :runtime
34
34
  prerelease: false
35
- version_requirements: *70323933135420
35
+ version_requirements: *70365015570760
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: rake
38
- requirement: &70323933135040 !ruby/object:Gem::Requirement
38
+ requirement: &70365015568980 !ruby/object:Gem::Requirement
39
39
  none: false
40
40
  requirements:
41
41
  - - ! '>='
@@ -43,7 +43,7 @@ dependencies:
43
43
  version: '0'
44
44
  type: :development
45
45
  prerelease: false
46
- version_requirements: *70323933135040
46
+ version_requirements: *70365015568980
47
47
  description:
48
48
  email:
49
49
  - david@heinemeierhansson.com
@@ -63,6 +63,7 @@ files:
63
63
  - test/active_model_mass_assignment_taint_protection_test.rb
64
64
  - test/dummy/db/test.sqlite3
65
65
  - test/dummy/log/test.log
66
+ - test/nested_parameters_test.rb
66
67
  - test/parameters_require_test.rb
67
68
  - test/parameters_taint_test.rb
68
69
  - test/test_helper.rb
@@ -96,6 +97,7 @@ test_files:
96
97
  - test/active_model_mass_assignment_taint_protection_test.rb
97
98
  - test/dummy/db/test.sqlite3
98
99
  - test/dummy/log/test.log
100
+ - test/nested_parameters_test.rb
99
101
  - test/parameters_require_test.rb
100
102
  - test/parameters_taint_test.rb
101
103
  - test/test_helper.rb