whiny_attr_accessible 0.0.1 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +12 -1
- data/VERSION +1 -1
- data/lib/active_record/mass_assignment_security.rb +14 -0
- data/lib/mongo_mapper/accessible.rb +0 -1
- data/lib/mongo_mapper/protected.rb +0 -1
- data/lib/util/helpers.rb +3 -0
- data/lib/util/print_diffs.rb +10 -0
- data/lib/whiny_attr_accessible.rb +15 -4
- data/spec/{spec.opts → .rspec} +0 -0
- data/spec/active_record/mass_assignment_security_spec.rb +36 -0
- data/spec/mongo_mapper/accessible_spec.rb +1 -1
- data/spec/mongo_mapper/protected_spec.rb +1 -1
- data/spec/spec_helper.rb +16 -26
- data/spec/spec_helpers/active_record_spec_helper.rb +14 -0
- data/spec/spec_helpers/mongo_mapper_spec_helper.rb +25 -0
- data/whiny_attr_accessible.gemspec +73 -0
- metadata +31 -9
- data/lib/mongo_mapper/print_diffs.rb +0 -12
- data/lib/util/whiny_attr_accessible_error.rb +0 -2
data/Rakefile
CHANGED
@@ -13,7 +13,8 @@ begin
|
|
13
13
|
gem.email = "tamosunas@gmail.com"
|
14
14
|
gem.homepage = "http://github.com/scotttam/whiny_attr_accessible"
|
15
15
|
gem.authors = ["Scott J. Tamosunas"]
|
16
|
-
gem.add_development_dependency "rspec", ">=
|
16
|
+
gem.add_development_dependency "rspec", ">= 2.0.1"
|
17
|
+
gem.add_development_dependency "mocha", ">= 0.9.9"
|
17
18
|
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
18
19
|
end
|
19
20
|
Jeweler::GemcutterTasks.new
|
@@ -26,5 +27,15 @@ RSpec::Core::RakeTask.new(:spec) do |t|
|
|
26
27
|
t.rcov = false
|
27
28
|
end
|
28
29
|
|
30
|
+
RSpec::Core::RakeTask.new(:spec_mongo_mapper) do |t|
|
31
|
+
t.pattern = FileList['spec/mongo_mapper/**/*_spec.rb']
|
32
|
+
t.rcov = false
|
33
|
+
end
|
34
|
+
|
35
|
+
RSpec::Core::RakeTask.new(:spec_active_record) do |t|
|
36
|
+
t.pattern = FileList['spec/active_record/**/*_spec.rb']
|
37
|
+
t.rcov = false
|
38
|
+
end
|
39
|
+
|
29
40
|
# task :spec => :check_dependencies
|
30
41
|
task :default => :spec
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.0
|
1
|
+
0.1.0
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module ActiveModel
|
2
|
+
module MassAssignmentSecurity
|
3
|
+
|
4
|
+
protected
|
5
|
+
|
6
|
+
def sanitize_for_mass_assignment_with_exception(attributes)
|
7
|
+
safe_attrs = sanitize_for_mass_assignment_without_exception(attributes)
|
8
|
+
check_and_raise_if_diffs(attributes, safe_attrs)
|
9
|
+
safe_attrs
|
10
|
+
end
|
11
|
+
alias_method_chain :sanitize_for_mass_assignment, :exception
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
data/lib/util/helpers.rb
CHANGED
@@ -0,0 +1,10 @@
|
|
1
|
+
def check_and_raise_if_diffs(attrs, safe_attrs)
|
2
|
+
diff = attrs.flatten - safe_attrs.flatten
|
3
|
+
return if diff.blank?
|
4
|
+
results = []
|
5
|
+
diff.length.times do |idx|
|
6
|
+
next if idx % 2 != 0
|
7
|
+
results << "#{diff[idx]} => #{diff[idx + 1]}"
|
8
|
+
end
|
9
|
+
raise WhinyAttrAccessibleError.new("You tried to assign the following attributes that are either protected or not accessible: #{results.join(", ")}")
|
10
|
+
end
|
@@ -1,6 +1,17 @@
|
|
1
1
|
require 'util/helpers'
|
2
|
-
require 'util/
|
3
|
-
require 'mongo_mapper/print_diffs'
|
4
|
-
require 'mongo_mapper/accessible'
|
5
|
-
require 'mongo_mapper/protected'
|
2
|
+
require 'util/print_diffs'
|
6
3
|
|
4
|
+
begin
|
5
|
+
require 'mongo_mapper'
|
6
|
+
require 'mongo_mapper/accessible'
|
7
|
+
require 'mongo_mapper/protected'
|
8
|
+
rescue Exception => e
|
9
|
+
#puts "NOT LOADING MONGO MAPPER #{e}"
|
10
|
+
end
|
11
|
+
|
12
|
+
begin
|
13
|
+
require 'active_model'
|
14
|
+
require 'active_record/mass_assignment_security'
|
15
|
+
rescue Exception => e
|
16
|
+
#puts "NOT LOADING ACTIVE RECORD #{e}"
|
17
|
+
end
|
data/spec/{spec.opts → .rspec}
RENAMED
File without changes
|
@@ -0,0 +1,36 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
class ArTest < ActiveRecord::Base
|
4
|
+
attr_accessible :unprotected
|
5
|
+
end
|
6
|
+
|
7
|
+
describe "ActiveRecord AttrAccessible" do
|
8
|
+
before(:all) do
|
9
|
+
begin
|
10
|
+
CreateModelForTesting.up
|
11
|
+
rescue SQLite3::SQLException
|
12
|
+
CreateModelForTesting.down
|
13
|
+
CreateModelForTesting.up
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
|
18
|
+
after(:all) do
|
19
|
+
begin
|
20
|
+
CreateModelForTesting.down
|
21
|
+
rescue SQLite3::SQLException
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
before(:each) do
|
26
|
+
@ar_test = ArTest.create!
|
27
|
+
end
|
28
|
+
|
29
|
+
it "should raise an exception when trying to set an attribute that's not attr_accessible" do
|
30
|
+
lambda { @ar_test.update_attributes(:protected => "no") }.should raise_error(WhinyAttrAccessibleError)
|
31
|
+
end
|
32
|
+
|
33
|
+
it "should not raise an exception when setting an attribute that's accessible" do
|
34
|
+
lambda { @ar_test.update_attributes(:unprotected => "yes") }.should_not raise_error(WhinyAttrAccessibleError)
|
35
|
+
end
|
36
|
+
end
|
data/spec/spec_helper.rb
CHANGED
@@ -2,36 +2,26 @@ $LOAD_PATH.unshift(File.dirname(__FILE__))
|
|
2
2
|
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
3
3
|
|
4
4
|
require 'rubygems'
|
5
|
-
require '
|
6
|
-
require 'rspec'
|
7
|
-
|
8
|
-
require 'whiny_attr_accessible'
|
5
|
+
require 'benchmark'
|
9
6
|
|
10
|
-
|
11
|
-
|
7
|
+
begin
|
8
|
+
require 'mongo_mapper'
|
9
|
+
require 'spec_helpers/mongo_mapper_spec_helper'
|
10
|
+
rescue Exception
|
11
|
+
#puts "NOT LOADING MM"
|
12
12
|
end
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
MongoMapper.connect("test")
|
20
|
-
|
21
|
-
class Accessible
|
22
|
-
include MongoMapper::Document
|
23
|
-
|
24
|
-
attr_accessible :unprotected
|
25
|
-
|
26
|
-
key :unprotected, String
|
27
|
-
key :protected, String
|
14
|
+
begin
|
15
|
+
require 'rails/all'
|
16
|
+
require 'spec_helpers/active_record_spec_helper'
|
17
|
+
rescue Exception => e
|
18
|
+
#puts "NOT LOADING AR #{e}"
|
28
19
|
end
|
29
20
|
|
30
|
-
|
31
|
-
|
21
|
+
require 'rspec'
|
22
|
+
require 'whiny_attr_accessible'
|
32
23
|
|
33
|
-
|
34
|
-
|
35
|
-
key :unprotected, String
|
36
|
-
key :protected, String
|
24
|
+
Rspec.configure do |config|
|
25
|
+
config.mock_with :mocha
|
37
26
|
end
|
27
|
+
|
@@ -0,0 +1,14 @@
|
|
1
|
+
ActiveRecord::Base.establish_connection('adapter' => 'sqlite3', 'database' => 'test')
|
2
|
+
|
3
|
+
class CreateModelForTesting < ActiveRecord::Migration
|
4
|
+
def self.up
|
5
|
+
create_table :ar_tests do |t|
|
6
|
+
t.string :protected
|
7
|
+
t.string :unprotected
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.down
|
12
|
+
drop_table :ar_tests
|
13
|
+
end
|
14
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
config = {
|
2
|
+
'test' => {'host' => 'localhost', 'port' => 27017, 'database' => 'mongoa_test'},
|
3
|
+
}
|
4
|
+
|
5
|
+
MongoMapper.config = config
|
6
|
+
MongoMapper.connect("test")
|
7
|
+
|
8
|
+
class Accessible
|
9
|
+
include MongoMapper::Document
|
10
|
+
|
11
|
+
attr_accessible :unprotected
|
12
|
+
|
13
|
+
key :unprotected, String
|
14
|
+
key :protected, String
|
15
|
+
end
|
16
|
+
|
17
|
+
class Protected
|
18
|
+
include MongoMapper::Document
|
19
|
+
|
20
|
+
attr_protected :protected
|
21
|
+
|
22
|
+
key :unprotected, String
|
23
|
+
key :protected, String
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,73 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{whiny_attr_accessible}
|
8
|
+
s.version = "0.1.0"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Scott J. Tamosunas"]
|
12
|
+
s.date = %q{2010-10-31}
|
13
|
+
s.description = %q{Make attr_accessible and attr_protected throw exceptions in non-production mode, yo.}
|
14
|
+
s.email = %q{tamosunas@gmail.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"LICENSE",
|
17
|
+
"README",
|
18
|
+
"README.rdoc"
|
19
|
+
]
|
20
|
+
s.files = [
|
21
|
+
".document",
|
22
|
+
".gitignore",
|
23
|
+
"LICENSE",
|
24
|
+
"README",
|
25
|
+
"README.rdoc",
|
26
|
+
"Rakefile",
|
27
|
+
"VERSION",
|
28
|
+
"lib/active_record/mass_assignment_security.rb",
|
29
|
+
"lib/mongo_mapper/accessible.rb",
|
30
|
+
"lib/mongo_mapper/protected.rb",
|
31
|
+
"lib/util/helpers.rb",
|
32
|
+
"lib/util/print_diffs.rb",
|
33
|
+
"lib/whiny_attr_accessible.rb",
|
34
|
+
"spec/.rspec",
|
35
|
+
"spec/active_record/mass_assignment_security_spec.rb",
|
36
|
+
"spec/mongo_mapper/accessible_spec.rb",
|
37
|
+
"spec/mongo_mapper/protected_spec.rb",
|
38
|
+
"spec/spec_helper.rb",
|
39
|
+
"spec/spec_helpers/active_record_spec_helper.rb",
|
40
|
+
"spec/spec_helpers/mongo_mapper_spec_helper.rb",
|
41
|
+
"whiny_attr_accessible.gemspec"
|
42
|
+
]
|
43
|
+
s.homepage = %q{http://github.com/scotttam/whiny_attr_accessible}
|
44
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
45
|
+
s.require_paths = ["lib"]
|
46
|
+
s.rubygems_version = %q{1.3.7}
|
47
|
+
s.summary = %q{Make attr_accessible and attr_protected throw exceptions in non-production mode}
|
48
|
+
s.test_files = [
|
49
|
+
"spec/active_record/mass_assignment_security_spec.rb",
|
50
|
+
"spec/mongo_mapper/accessible_spec.rb",
|
51
|
+
"spec/mongo_mapper/protected_spec.rb",
|
52
|
+
"spec/spec_helper.rb",
|
53
|
+
"spec/spec_helpers/active_record_spec_helper.rb",
|
54
|
+
"spec/spec_helpers/mongo_mapper_spec_helper.rb"
|
55
|
+
]
|
56
|
+
|
57
|
+
if s.respond_to? :specification_version then
|
58
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
59
|
+
s.specification_version = 3
|
60
|
+
|
61
|
+
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
62
|
+
s.add_development_dependency(%q<rspec>, [">= 2.0.1"])
|
63
|
+
s.add_development_dependency(%q<mocha>, [">= 0.9.9"])
|
64
|
+
else
|
65
|
+
s.add_dependency(%q<rspec>, [">= 2.0.1"])
|
66
|
+
s.add_dependency(%q<mocha>, [">= 0.9.9"])
|
67
|
+
end
|
68
|
+
else
|
69
|
+
s.add_dependency(%q<rspec>, [">= 2.0.1"])
|
70
|
+
s.add_dependency(%q<mocha>, [">= 0.9.9"])
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 0
|
7
|
-
- 0
|
8
7
|
- 1
|
9
|
-
|
8
|
+
- 0
|
9
|
+
version: 0.1.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Scott J. Tamosunas
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-10-
|
17
|
+
date: 2010-10-31 00:00:00 -04:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -26,12 +26,27 @@ dependencies:
|
|
26
26
|
- - ">="
|
27
27
|
- !ruby/object:Gem::Version
|
28
28
|
segments:
|
29
|
-
- 1
|
30
29
|
- 2
|
31
|
-
-
|
32
|
-
|
30
|
+
- 0
|
31
|
+
- 1
|
32
|
+
version: 2.0.1
|
33
33
|
type: :development
|
34
34
|
version_requirements: *id001
|
35
|
+
- !ruby/object:Gem::Dependency
|
36
|
+
name: mocha
|
37
|
+
prerelease: false
|
38
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
39
|
+
none: false
|
40
|
+
requirements:
|
41
|
+
- - ">="
|
42
|
+
- !ruby/object:Gem::Version
|
43
|
+
segments:
|
44
|
+
- 0
|
45
|
+
- 9
|
46
|
+
- 9
|
47
|
+
version: 0.9.9
|
48
|
+
type: :development
|
49
|
+
version_requirements: *id002
|
35
50
|
description: Make attr_accessible and attr_protected throw exceptions in non-production mode, yo.
|
36
51
|
email: tamosunas@gmail.com
|
37
52
|
executables: []
|
@@ -50,16 +65,20 @@ files:
|
|
50
65
|
- README.rdoc
|
51
66
|
- Rakefile
|
52
67
|
- VERSION
|
68
|
+
- lib/active_record/mass_assignment_security.rb
|
53
69
|
- lib/mongo_mapper/accessible.rb
|
54
|
-
- lib/mongo_mapper/print_diffs.rb
|
55
70
|
- lib/mongo_mapper/protected.rb
|
56
71
|
- lib/util/helpers.rb
|
57
|
-
- lib/util/
|
72
|
+
- lib/util/print_diffs.rb
|
58
73
|
- lib/whiny_attr_accessible.rb
|
74
|
+
- spec/.rspec
|
75
|
+
- spec/active_record/mass_assignment_security_spec.rb
|
59
76
|
- spec/mongo_mapper/accessible_spec.rb
|
60
77
|
- spec/mongo_mapper/protected_spec.rb
|
61
|
-
- spec/spec.opts
|
62
78
|
- spec/spec_helper.rb
|
79
|
+
- spec/spec_helpers/active_record_spec_helper.rb
|
80
|
+
- spec/spec_helpers/mongo_mapper_spec_helper.rb
|
81
|
+
- whiny_attr_accessible.gemspec
|
63
82
|
has_rdoc: true
|
64
83
|
homepage: http://github.com/scotttam/whiny_attr_accessible
|
65
84
|
licenses: []
|
@@ -93,6 +112,9 @@ signing_key:
|
|
93
112
|
specification_version: 3
|
94
113
|
summary: Make attr_accessible and attr_protected throw exceptions in non-production mode
|
95
114
|
test_files:
|
115
|
+
- spec/active_record/mass_assignment_security_spec.rb
|
96
116
|
- spec/mongo_mapper/accessible_spec.rb
|
97
117
|
- spec/mongo_mapper/protected_spec.rb
|
98
118
|
- spec/spec_helper.rb
|
119
|
+
- spec/spec_helpers/active_record_spec_helper.rb
|
120
|
+
- spec/spec_helpers/mongo_mapper_spec_helper.rb
|
@@ -1,12 +0,0 @@
|
|
1
|
-
module PrintDiffs
|
2
|
-
def check_and_raise_if_diffs(attrs, safe_attrs)
|
3
|
-
diff = attrs.flatten - safe_attrs.flatten
|
4
|
-
return if diff.blank?
|
5
|
-
results = []
|
6
|
-
diff.length.times do |idx|
|
7
|
-
next if idx % 2 != 0
|
8
|
-
results << "#{diff[idx]} => #{diff[idx + 1]}"
|
9
|
-
end
|
10
|
-
raise WhinyAttrAccessibleError.new("You tried to assign the following attributes that are either protected or not accessible: #{results.join(", ")}")
|
11
|
-
end
|
12
|
-
end
|