usergrid_ironhorse 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +4 -0
- data/lib/usergrid_ironhorse/base.rb +4 -5
- data/lib/usergrid_ironhorse/version.rb +1 -1
- data/spec/usergrid_ironhorse/base_spec.rb +20 -0
- metadata +2 -2
data/README.md
CHANGED
@@ -149,6 +149,10 @@ usergrid_ironhorse/spec/spec_settings.yaml to match.)
|
|
149
149
|
|
150
150
|
## Release notes
|
151
151
|
|
152
|
+
### 0.0.5
|
153
|
+
* New Features
|
154
|
+
1. support MassAssignmentSecurity (attr_accessible & attr_protected)
|
155
|
+
|
152
156
|
### 0.0.4
|
153
157
|
* New Features
|
154
158
|
1. add require_login to config (with ability to skip individual logins)
|
@@ -11,6 +11,7 @@ module Usergrid
|
|
11
11
|
include ActiveModel::Validations
|
12
12
|
include ActiveModel::Dirty
|
13
13
|
include ActiveModel::Serialization
|
14
|
+
include ActiveModel::MassAssignmentSecurity
|
14
15
|
extend ActiveModel::Naming
|
15
16
|
extend ActiveModel::Callbacks
|
16
17
|
|
@@ -42,11 +43,8 @@ module Usergrid
|
|
42
43
|
RecordNotSaved = ActiveRecord::RecordNotSaved
|
43
44
|
|
44
45
|
def initialize(attrs=nil)
|
45
|
-
|
46
|
-
|
47
|
-
assign_attributes attrs
|
48
|
-
end
|
49
|
-
@attributes = attrs
|
46
|
+
@attributes = HashWithIndifferentAccess.new
|
47
|
+
assign_attributes attrs if attrs
|
50
48
|
end
|
51
49
|
|
52
50
|
def self.configure!(application_url, auth_token)
|
@@ -279,6 +277,7 @@ module Usergrid
|
|
279
277
|
|
280
278
|
|
281
279
|
def assign_attributes(attrs)
|
280
|
+
attrs = sanitize_for_mass_assignment(attrs)
|
282
281
|
attrs.each do |attr,value|
|
283
282
|
attr = attr.to_s
|
284
283
|
unless attributes[attr] == value
|
@@ -310,5 +310,25 @@ describe Usergrid::Ironhorse::Base do
|
|
310
310
|
foo.destroy
|
311
311
|
end
|
312
312
|
|
313
|
+
it "should fail on unaccessible mass assignment" do
|
314
|
+
Foo.attr_accessible :name
|
315
|
+
foo = Foo.create! name: 'foo', number: 43
|
316
|
+
foo.number.should_not eq 43
|
317
|
+
foo.update_attributes number: 44, foo: 'bar'
|
318
|
+
foo.number.should_not eq 44
|
319
|
+
foo.destroy
|
320
|
+
Foo._accessible_attributes = nil
|
321
|
+
end
|
322
|
+
|
323
|
+
it "should fail on protected mass assignment" do
|
324
|
+
Foo.attr_protected :number
|
325
|
+
foo = Foo.create! name: 'foo', number: 43
|
326
|
+
foo.number.should_not eq 43
|
327
|
+
foo.update_attributes number: 44, foo: 'bar'
|
328
|
+
foo.number.should_not eq 44
|
329
|
+
foo.destroy
|
330
|
+
Foo._protected_attributes = nil
|
331
|
+
end
|
332
|
+
|
313
333
|
end
|
314
334
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: usergrid_ironhorse
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-12-18 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: usergrid_iron
|