aboutsummaryrefslogblamecommitdiffstats
path: root/activemodel/lib/active_model/mass_assignment_security.rb
blob: 19359896d0b601a89baa76f03f542b635423f4f6 (plain) (tree)
1
2
3
4
5
6
7
                                                 
                                                    
                                                              
                                                         
 
                  
                                            





























                                                                             
                             









                                                                                    
                               


                                 


                                                                     
 
                                                                         
                                              

       
                       
                                                                         
                                                                           


                                                                              



                                                                             
                                     


                                                       
       
                                                      
       
                                        
                                                                  
                                                            
       

                                                                               


                                

             
                                              
       
                                 



                                                                                                        
       
                                           

                                 



                                                                                                     
       
                                    
                                       
       


                                                                            


                                                                                

                                       
                                       
 
                                                                     
 
                                  

                                                                                   
 

                                                            
 
                                                                      
                        
       
                                                                     


                                                                             
       







                                                                              



                                                       
       
                                                                       
                                                         
                                                               
                                                      
       

                                                                               


                                

             
                                              
       
                                 
                                                                                                                        
                                             

                                         
                                            

                                               
                                           

                                 
                                                                                                                      


                                                 


                                                                                

                                       
                                       
 
                                                                       
 
                                  

                                                                                     
 

                                                             
 




















                                                                                           

                                               
         
 




















                                                                                           

                                                
         
 
















                                                                                                        

                                                                
         
                                                
 












                                                                                

                                         
         
 















                                                                 
                                                                                          


















                                                                                                                    







                                                                 



                                            
                                                                                  




                                             
                                                 

           

       
           
 
                                                                     
                                                                                                   
       
 
                                                 
                                                    
       

     
require 'active_support/core_ext/class/attribute'
require 'active_support/core_ext/string/inflections'
require 'active_model/mass_assignment_security/permission_set'
require 'active_model/mass_assignment_security/sanitizer'

module ActiveModel
  # == Active Model Mass-Assignment Security
  #
  # Mass assignment security provides an interface for protecting attributes
  # from end-user assignment. For more complex permissions, mass assignment
  # security may be handled outside the model by extending a non-ActiveRecord
  # class, such as a controller, with this behavior.
  #
  # For example, a logged in user may need to assign additional attributes
  # depending on their role:
  #
  #   class AccountsController < ApplicationController
  #     include ActiveModel::MassAssignmentSecurity
  #
  #     attr_accessible :first_name, :last_name
  #     attr_accessible :first_name, :last_name, :plan_id, as: :admin
  #
  #     def update
  #       ...
  #       @account.update_attributes(account_params)
  #       ...
  #     end
  #
  #     protected
  #
  #     def account_params
  #       role = admin ? :admin : :default
  #       sanitize_for_mass_assignment(params[:account], role)
  #     end
  #
  #   end
  #
  # === Configuration options
  #
  # * <tt>mass_assignment_sanitizer</tt> - Defines sanitize method. Possible
  #   values are:
  #   * <tt>:logger</tt> (default) - writes filtered attributes to logger
  #   * <tt>:strict</tt> - raise <tt>ActiveModel::MassAssignmentSecurity::Error</tt>
  #     on any protected attribute update.
  #
  # You can specify your own sanitizer object eg. <tt>MySanitizer.new</tt>.
  # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for
  # example implementation.
  module MassAssignmentSecurity
    extend ActiveSupport::Concern

    included do
      class_attribute :_accessible_attributes, instance_writer: false
      class_attribute :_protected_attributes,  instance_writer: false
      class_attribute :_active_authorizer,     instance_writer: false

      class_attribute :_mass_assignment_sanitizer, instance_writer: false
      self.mass_assignment_sanitizer = :logger
    end

    module ClassMethods
      # Attributes named in this macro are protected from mass-assignment
      # whenever attributes are sanitized before assignment. A role for the
      # attributes is optional, if no role is provided then <tt>:default</tt>
      # is used. A role can be defined by using the <tt>:as</tt> option with a
      # symbol or an array of symbols as the value.
      #
      # Mass-assignment to these attributes will simply be ignored, to assign
      # to them you can use direct writer methods. This is meant to protect
      # sensitive attributes from being overwritten by malicious users
      # tampering with URLs or forms.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name, :email, :logins_count
      #
      #     attr_protected :logins_count
      #     # Suppose that admin can not change email for customer
      #     attr_protected :logins_count, :email, as: :admin
      #
      #     def assign_attributes(values, options = {})
      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
      #         send("#{k}=", v)
      #       end
      #     end
      #   end
      #
      # When using the <tt>:default</tt> role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5 }, as: :default)
      #   customer.name         # => "David"
      #   customer.email        # => "a@b.com"
      #   customer.logins_count # => nil
      #
      # And using the <tt>:admin</tt> role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5}, as: :admin)
      #   customer.name         # => "David"
      #   customer.email        # => nil
      #   customer.logins_count # => nil
      #
      #   customer.email = 'c@d.com'
      #   customer.email # => "c@d.com"
      #
      # To start from an all-closed default and enable attributes as needed,
      # have a look at +attr_accessible+.
      #
      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
      # +attr_protected+ to sanitize attributes provides basically the same
      # functionality, but it makes a bit tricky to deal with nested attributes.
      def attr_protected(*args)
        options = args.extract_options!
        role = options[:as] || :default

        self._protected_attributes = protected_attributes_configs.dup

        Array(role).each do |name|
          self._protected_attributes[name] = self.protected_attributes(name) + args
        end

        self._active_authorizer = self._protected_attributes
      end

      # Specifies a white list of model attributes that can be set via
      # mass-assignment.
      #
      # Like +attr_protected+, a role for the attributes is optional,
      # if no role is provided then <tt>:default</tt> is used. A role can be
      # defined by using the <tt>:as</tt> option with a symbol or an array of
      # symbols as the value.
      #
      # This is the opposite of the +attr_protected+ macro: Mass-assignment
      # will only set attributes in this list, to assign to the rest of
      # attributes you can use direct writer methods. This is meant to protect
      # sensitive attributes from being overwritten by malicious users
      # tampering with URLs or forms. If you'd rather start from an all-open
      # default and restrict attributes as needed, have a look at
      # +attr_protected+.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name, :credit_rating
      #
      #     # Both admin and default user can change name of a customer
      #     attr_accessible :name, as: [:admin, :default]
      #     # Only admin can change credit rating of a customer
      #     attr_accessible :credit_rating, as: :admin
      #
      #     def assign_attributes(values, options = {})
      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
      #         send("#{k}=", v)
      #       end
      #     end
      #   end
      #
      # When using the <tt>:default</tt> role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :default)
      #   customer.name          # => "David"
      #   customer.credit_rating # => nil
      #
      #   customer.credit_rating = 'Average'
      #   customer.credit_rating # => "Average"
      #
      # And using the <tt>:admin</tt> role:
      #
      #   customer = Customer.new
      #   customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :admin)
      #   customer.name          # => "David"
      #   customer.credit_rating # => "Excellent"
      #
      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
      # +attr_accessible+ to sanitize attributes provides basically the same
      # functionality, but it makes a bit tricky to deal with nested attributes.
      def attr_accessible(*args)
        options = args.extract_options!
        role = options[:as] || :default

        self._accessible_attributes = accessible_attributes_configs.dup

        Array(role).each do |name|
          self._accessible_attributes[name] = self.accessible_attributes(name) + args
        end

        self._active_authorizer = self._accessible_attributes
      end

      # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::BlackList</tt>
      # with the attributes protected by #attr_protected method. If no +role+
      # is provided, then <tt>:default</tt> is used.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name, :email, :logins_count
      #
      #     attr_protected :logins_count
      #     attr_protected :logins_count, :email, as: :admin
      #   end
      #
      #   Customer.protected_attributes
      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
      #
      #   Customer.protected_attributes(:default)
      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
      #
      #   Customer.protected_attributes(:admin)
      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count", "email"}>
      def protected_attributes(role = :default)
        protected_attributes_configs[role]
      end

      # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::WhiteList</tt>
      # with the attributes protected by #attr_accessible method. If no +role+
      # is provided, then <tt>:default</tt> is used.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name, :credit_rating
      #
      #     attr_accessible :name, as: [:admin, :default]
      #     attr_accessible :credit_rating, as: :admin
      #   end
      #
      #   Customer.accessible_attributes
      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
      #
      #   Customer.accessible_attributes(:default)
      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
      #
      #   Customer.accessible_attributes(:admin)
      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>
      def accessible_attributes(role = :default)
        accessible_attributes_configs[role]
      end

      # Returns a hash with the protected attributes (by #attr_accessible or
      # #attr_protected) per role.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name, :credit_rating
      #
      #     attr_accessible :name, as: [:admin, :default]
      #     attr_accessible :credit_rating, as: :admin
      #   end
      #
      #   Customer.active_authorizers
      #   # => {
      #   #       :admin=> #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>,
      #   #       :default=>#<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
      #   #    }
      def active_authorizers
        self._active_authorizer ||= protected_attributes_configs
      end
      alias active_authorizer active_authorizers

      # Returns an empty array by default. You can still override this to define
      # the default attributes protected by #attr_protected method.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     def self.attributes_protected_by_default
      #       [:name]
      #     end
      #   end
      #
      #   Customer.protected_attributes
      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {:name}>
      def attributes_protected_by_default
        []
      end

      # Defines sanitize method.
      #
      #   class Customer
      #     include ActiveModel::MassAssignmentSecurity
      #
      #     attr_accessor :name
      #
      #     attr_protected :name
      #
      #     def assign_attributes(values)
      #       sanitize_for_mass_assignment(values).each do |k, v|
      #         send("#{k}=", v)
      #       end
      #     end
      #   end
      #
      #   # See ActiveModel::MassAssignmentSecurity::StrictSanitizer for more information.
      #   Customer.mass_assignment_sanitizer = :strict
      #
      #   customer = Customer.new
      #   customer.assign_attributes(name: 'David')
      #   # => ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes for Customer: name
      #
      # Also, you can specify your own sanitizer object.
      #
      #   class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
      #     def process_removed_attributes(klass, attrs)
      #       raise StandardError
      #     end
      #   end
      #
      #   Customer.mass_assignment_sanitizer = CustomSanitizer.new
      #
      #   customer = Customer.new
      #   customer.assign_attributes(name: 'David')
      #   # => StandardError: StandardError
      def mass_assignment_sanitizer=(value)
        self._mass_assignment_sanitizer = if value.is_a?(Symbol)
          const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
        else
          value
        end
      end

      private

      def protected_attributes_configs
        self._protected_attributes ||= begin
          Hash.new { |h,k| h[k] = BlackList.new(attributes_protected_by_default) }
        end
      end

      def accessible_attributes_configs
        self._accessible_attributes ||= begin
          Hash.new { |h,k| h[k] = WhiteList.new }
        end
      end
    end

  protected

    def sanitize_for_mass_assignment(attributes, role = nil) #:nodoc:
      _mass_assignment_sanitizer.sanitize(self.class, attributes, mass_assignment_authorizer(role))
    end

    def mass_assignment_authorizer(role) #:nodoc:
      self.class.active_authorizer[role || :default]
    end
  end
end