sudo_attributes 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.md +45 -0
- data/{README.textile → README.md} +29 -27
- data/VERSION +1 -1
- data/lib/sudo_attributes.rb +2 -3
- data/sudo_attributes.gemspec +6 -5
- metadata +9 -8
data/CHANGELOG.md
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
# SudoAttributes Changelog
|
2
|
+
|
3
|
+
## 1.0.1
|
4
|
+
|
5
|
+
* Removed Rails 3.1 dependency
|
6
|
+
|
7
|
+
## 1.0.0
|
8
|
+
|
9
|
+
* Rails 3.1 support
|
10
|
+
* Removed `sudo_attr_protected/accessible` method, now available to all models
|
11
|
+
* Better compatibility with Rails API for protected attrs
|
12
|
+
* Added travis.yml CI support
|
13
|
+
|
14
|
+
## 0.5.2
|
15
|
+
|
16
|
+
* Let Rails handle exceptions
|
17
|
+
|
18
|
+
## 0.5.1
|
19
|
+
|
20
|
+
* Added `sudo_build` method
|
21
|
+
|
22
|
+
## 0.5.0
|
23
|
+
|
24
|
+
* Added `sudo_update_attributes!` method
|
25
|
+
|
26
|
+
## 0.4.0
|
27
|
+
|
28
|
+
* Changed API to match Rails protected attrs: `sudo_attr_protected`
|
29
|
+
|
30
|
+
## 0.3.0
|
31
|
+
|
32
|
+
* Added `sudo_create!` method
|
33
|
+
|
34
|
+
## 0.2.0
|
35
|
+
|
36
|
+
* Changed class method to `has_sudo_attributes`
|
37
|
+
* Support array of protected attributes
|
38
|
+
|
39
|
+
## 0.1.0
|
40
|
+
|
41
|
+
* Code cleanup
|
42
|
+
|
43
|
+
## 0.0.1
|
44
|
+
|
45
|
+
* Initial release
|
@@ -1,74 +1,76 @@
|
|
1
|
-
|
1
|
+
# sudo_attributes
|
2
|
+
|
3
|
+
[![Build Status](https://secure.travis-ci.org/beerlington/sudo_attributes.png?branch=master)](http://travis-ci.org/beerlington/sudo_attributes)
|
2
4
|
|
3
5
|
Adds 'sudo' methods to active record classes, allowing you to easily override protected attributes.
|
4
6
|
|
5
|
-
|
7
|
+
## Requirements
|
6
8
|
|
7
9
|
*Rails:* Any version of Rails 2.3.x or Rails 3.x. (Older versions of Rails may work, but have not been tested)
|
8
10
|
|
9
|
-
|
11
|
+
## Installation
|
10
12
|
|
11
|
-
The gem is hosted at
|
13
|
+
The gem is hosted at [rubygems.org](https://rubygems.org/gems/sudo_attributes) and can be installed with: `gem install sudo_attributes`
|
12
14
|
|
13
|
-
|
15
|
+
## The Problem
|
14
16
|
|
15
|
-
ActiveModel provides a convenient way to make your application more secure by using "protected" attributes. Protected attributes are assigned using either
|
17
|
+
ActiveModel provides a convenient way to make your application more secure by using "protected" attributes. Protected attributes are assigned using either `attr_protected` or `attr_accessible`. This adds security by preventing mass assignment of attributes when doing things like `user.update_attributes(params[:user])`. The issue is that it can be tedious to always manually assign protected attributes in an administrative area of your application. You may find yourself doing things like:
|
16
18
|
|
17
|
-
|
19
|
+
```ruby
|
18
20
|
user = User.find(params[:id])
|
19
21
|
user.update_attributes(params[:user])
|
20
22
|
user.admin = true
|
21
23
|
user.something_else = true
|
22
24
|
user.save
|
23
|
-
|
25
|
+
```
|
24
26
|
|
25
27
|
or the alternative in Rails 3.1:
|
26
28
|
|
27
|
-
|
29
|
+
```ruby
|
28
30
|
user.assign_attributes(params[:user], :without_protection => true)
|
29
31
|
user.save
|
30
|
-
|
32
|
+
```
|
31
33
|
|
32
|
-
|
34
|
+
## The Solution
|
33
35
|
|
34
36
|
SudoAttributes adds a few 'sudo' methods to your models, allowing you to override the protected attributes **when you know the input can be trusted**.
|
35
37
|
|
36
|
-
|
38
|
+
```ruby
|
37
39
|
class User < ActiveRecord::Base
|
38
40
|
attr_protected :admin
|
39
41
|
end
|
40
42
|
|
41
43
|
user = User.find(params[:id])
|
42
44
|
user.sudo_update_attributes(params[:user])
|
43
|
-
|
45
|
+
```
|
44
46
|
|
45
|
-
|
47
|
+
## Class Methods
|
46
48
|
|
47
|
-
|
49
|
+
`Model.sudo_create` - Uses same syntax as `Model.create` to instantiate and save an object with protected attributes
|
48
50
|
|
49
|
-
|
51
|
+
`Model.sudo_create!` - Similar to `Model.sudo_create`, but it raises an ActiveRecord::RecordInvalid exception if there are invalid attributes
|
50
52
|
|
51
|
-
|
53
|
+
`Model.sudo_new` - Uses same syntax as `Model.new` to instantiate, but not save an object with protected attributes
|
52
54
|
|
53
|
-
|
55
|
+
## Instance Methods
|
54
56
|
|
55
|
-
|
57
|
+
`sudo_update_attributes` - Uses identical syntax to `update_attributes`, but overrides protected attributes.
|
56
58
|
|
57
|
-
|
59
|
+
`sudo_update_attributes!` - Same as sudo_update_attributes, but raises ActiveRecord errors. Same as `update_attributes!`
|
58
60
|
|
59
|
-
|
61
|
+
## Examples
|
60
62
|
|
61
63
|
**Protect an admin boolean attribute**
|
62
64
|
|
63
|
-
|
65
|
+
```ruby
|
64
66
|
class User < ActiveRecord::Base
|
65
67
|
attr_protected :admin
|
66
68
|
end
|
67
|
-
|
69
|
+
```
|
68
70
|
|
69
71
|
In your admin controller...
|
70
72
|
|
71
|
-
|
73
|
+
```ruby
|
72
74
|
params[:user] = {:name => "Pete", :admin => true} (Typically set from a form)
|
73
75
|
|
74
76
|
@user = User.sudo_create(params[:user])
|
@@ -78,8 +80,8 @@ Somewhere else in your admin controller...
|
|
78
80
|
params[:user] = {:admin => false, :name => "Pete"}
|
79
81
|
|
80
82
|
@user.sudo_update_attributes(params[:user])
|
81
|
-
|
83
|
+
```
|
82
84
|
|
83
|
-
|
85
|
+
## Copyright
|
84
86
|
|
85
|
-
Copyright (c) 2011 Peter Brown. See LICENSE for details.
|
87
|
+
Copyright (c) 2011 [Peter Brown](https://github.com/beerlington). See LICENSE for details.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.0.
|
1
|
+
1.0.2
|
data/lib/sudo_attributes.rb
CHANGED
@@ -1,6 +1,4 @@
|
|
1
1
|
module SudoAttributes
|
2
|
-
extend ActiveSupport::Concern
|
3
|
-
|
4
2
|
module ClassMethods
|
5
3
|
# Creates an object (or multiple objects) with protected attributes and saves it to the database, if validations pass.
|
6
4
|
# The resulting object is returned whether the object was saved successfully to the database or not.
|
@@ -103,4 +101,5 @@ module SudoAttributes
|
|
103
101
|
end
|
104
102
|
end
|
105
103
|
|
106
|
-
ActiveRecord::Base.send(:include, SudoAttributes)
|
104
|
+
ActiveRecord::Base.send(:include, SudoAttributes::InstanceMethods)
|
105
|
+
ActiveRecord::Base.extend SudoAttributes::ClassMethods
|
data/sudo_attributes.gemspec
CHANGED
@@ -5,24 +5,25 @@
|
|
5
5
|
|
6
6
|
Gem::Specification.new do |s|
|
7
7
|
s.name = %q{sudo_attributes}
|
8
|
-
s.version = "1.0.
|
8
|
+
s.version = "1.0.2"
|
9
9
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
11
|
s.authors = [%q{Peter Brown}]
|
12
|
-
s.date = %q{
|
12
|
+
s.date = %q{2012-02-03}
|
13
13
|
s.description = %q{Adds 'sudo' methods to update protected ActiveRecord attributes with mass assignment}
|
14
14
|
s.email = %q{github@lette.us}
|
15
15
|
s.extra_rdoc_files = [
|
16
16
|
"LICENSE",
|
17
|
-
"README.
|
17
|
+
"README.md"
|
18
18
|
]
|
19
19
|
s.files = [
|
20
20
|
".document",
|
21
21
|
".travis.yml",
|
22
|
+
"CHANGELOG.md",
|
22
23
|
"Gemfile",
|
23
24
|
"Gemfile.lock",
|
24
25
|
"LICENSE",
|
25
|
-
"README.
|
26
|
+
"README.md",
|
26
27
|
"Rakefile",
|
27
28
|
"VERSION",
|
28
29
|
"init.rb",
|
@@ -35,7 +36,7 @@ Gem::Specification.new do |s|
|
|
35
36
|
s.homepage = %q{http://github.com/beerlington/sudo_attributes}
|
36
37
|
s.licenses = [%q{MIT}]
|
37
38
|
s.require_paths = [%q{lib}]
|
38
|
-
s.rubygems_version = %q{1.8.
|
39
|
+
s.rubygems_version = %q{1.8.9}
|
39
40
|
s.summary = %q{Override ActiveRecord protected attributes with mass assignment}
|
40
41
|
|
41
42
|
if s.respond_to? :specification_version then
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sudo_attributes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,11 +9,11 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2012-02-03 00:00:00.000000000Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rails
|
16
|
-
requirement: &
|
16
|
+
requirement: &2164554500 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ! '>='
|
@@ -21,7 +21,7 @@ dependencies:
|
|
21
21
|
version: '0'
|
22
22
|
type: :runtime
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2164554500
|
25
25
|
description: Adds 'sudo' methods to update protected ActiveRecord attributes with
|
26
26
|
mass assignment
|
27
27
|
email: github@lette.us
|
@@ -29,14 +29,15 @@ executables: []
|
|
29
29
|
extensions: []
|
30
30
|
extra_rdoc_files:
|
31
31
|
- LICENSE
|
32
|
-
- README.
|
32
|
+
- README.md
|
33
33
|
files:
|
34
34
|
- .document
|
35
35
|
- .travis.yml
|
36
|
+
- CHANGELOG.md
|
36
37
|
- Gemfile
|
37
38
|
- Gemfile.lock
|
38
39
|
- LICENSE
|
39
|
-
- README.
|
40
|
+
- README.md
|
40
41
|
- Rakefile
|
41
42
|
- VERSION
|
42
43
|
- init.rb
|
@@ -60,7 +61,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
60
61
|
version: '0'
|
61
62
|
segments:
|
62
63
|
- 0
|
63
|
-
hash:
|
64
|
+
hash: -2722469826610925116
|
64
65
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
65
66
|
none: false
|
66
67
|
requirements:
|
@@ -69,7 +70,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
69
70
|
version: '0'
|
70
71
|
requirements: []
|
71
72
|
rubyforge_project:
|
72
|
-
rubygems_version: 1.8.
|
73
|
+
rubygems_version: 1.8.9
|
73
74
|
signing_key:
|
74
75
|
specification_version: 3
|
75
76
|
summary: Override ActiveRecord protected attributes with mass assignment
|