ref: refs/heads/master commit 1ece5a70882938519f0748636e3de70ca7323eda Author: Josef Reidinger <jreidinger@suse.cz> Date: Wed Dec 9 10:51:51 2009 +0100 add mass assignments whitelisting and blacklisting --- webservice/lib/base_model/base.rb | 14 +++++++++++- webservice/lib/base_model/mass_assignment.rb | 30 +++++++++++++++++++++++++- webservice/test/unit/base_model_test.rb | 20 ++++++++++++++++- 3 files changed, 61 insertions(+), 3 deletions(-) diff --git a/webservice/lib/base_model/base.rb b/webservice/lib/base_model/base.rb index e1387e1..f9ed7f3 100644 --- a/webservice/lib/base_model/base.rb +++ b/webservice/lib/base_model/base.rb @@ -1,5 +1,8 @@ module BaseModel class Base + def initialize(attr={}) + load(attr) + end def save create_or_update @@ -29,9 +32,18 @@ module BaseModel def destroy end - include BaseModel::MassAssignment +#remove overwritten method_missing from activeRecord + alias :method_missing_orig :method_missing include ActiveRecord::AttributeMethods + alias :method_missing :method_missing_orig +#remove overwritten respond_to + alias :respond_to? :respond_to_without_attributes? + include ActiveRecord::Validations include ActiveRecord::Callbacks + + + include BaseModel::MassAssignment + end end diff --git a/webservice/lib/base_model/mass_assignment.rb b/webservice/lib/base_model/mass_assignment.rb index ce5dd52..b90ce0d 100644 --- a/webservice/lib/base_model/mass_assignment.rb +++ b/webservice/lib/base_model/mass_assignment.rb @@ -2,7 +2,35 @@ module BaseModel module MassAssignment def load(attributes) attributes.each do |k,v| - instance_variable_set ( "@#{k.to_s}",v ) + whitelist = self.class.accessible_attributes + next if whitelist && !(whitelist.include?(k.to_sym)) + blacklist = self.class.protected_attributes + next if blacklist && blacklist.include?(k.to_sym) + instance_variable_set("@#{k.to_s}",v) + end + end + + def self.included(base) + base.send(:extend,ClassMethods) + end + + module ClassMethods + def attr_accessible ( *args ) + @attr_accessible ||= [] + @attr_accessible.concat args + end + + def accessible_attributes + @attr_accessible + end + + def attr_protected ( *args ) + @attr_protected ||= [] + @attr_protected.concat args + end + + def protected_attributes + @attr_protected end end end diff --git a/webservice/test/unit/base_model_test.rb b/webservice/test/unit/base_model_test.rb index 977c364..edde777 100644 --- a/webservice/test/unit/base_model_test.rb +++ b/webservice/test/unit/base_model_test.rb @@ -6,11 +6,22 @@ class BaseModelTest < ActiveSupport::TestCase before_save :call attr_accessor :arg1, :arg2, :callback_used + attr_protected :callback_used def call @callback_used = true; end end + class Test2 < BaseModel::Base + + attr_accessor :arg1, :arg2 + attr_accessible :arg1 + def call + @callback_used = true; + end + end + + def test_validations test = Test.new test.arg1 = "last" @@ -28,11 +39,18 @@ class BaseModelTest < ActiveSupport::TestCase assert test.callback_used end -MASS_DATA = { :arg1 => "last", :arg2 => "5" } +MASS_DATA = { :arg1 => "last", :arg2 => "5", :callback_used => false } def test_mass_assignment test = Test.new + test.callback_used = true test.load MASS_DATA assert_equal "last", test.arg1 assert_equal "5", test.arg2 +#test blacklisting + assert test.callback_used +#test whitelisting + test2 = Test2.new(MASS_DATA) + assert_equal "last", test2.arg1 + assert test2.arg2.nil? end end -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org