diff options
| author | José Valim <jose.valim@gmail.com> | 2012-03-15 18:41:25 +0100 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2012-03-15 18:41:54 +0100 |
| commit | eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e (patch) | |
| tree | c743aa162d301233d4a3c69d3ab24364a3fd9621 /activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | |
| parent | f961ec41d2813ebbd26b9021f3cf64038e15991d (diff) | |
| download | rails-eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e.tar.gz rails-eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e.tar.bz2 rails-eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e.zip | |
Revert "AM::MassAssingmentSecurity: improve performance"
It introduces backwards incompatible changes in the API.
This reverts commit 7d1379ffdbbaf01e99833dc06611b7e4f3799522.
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security/sanitizer.rb')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb index 93c4432b7d..cfeb4aa7cd 100644 --- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb +++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb @@ -3,18 +3,20 @@ module ActiveModel class Sanitizer # Returns all attributes not denied by the authorizer. def sanitize(attributes, authorizer) - attributes.reject do |attr, value| - if authorizer.deny?(attr) - process_removed_attribute(attr) - true - end - end + sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) } + debug_protected_attribute_removal(attributes, sanitized_attributes) + sanitized_attributes end protected - def process_removed_attribute(attr) - raise NotImplementedError, "#process_removed_attribute(attr) suppose to be overwritten" + def debug_protected_attribute_removal(attributes, sanitized_attributes) + removed_keys = attributes.keys - sanitized_attributes.keys + process_removed_attributes(removed_keys) if removed_keys.any? + end + + def process_removed_attributes(attrs) + raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten" end end @@ -32,8 +34,8 @@ module ActiveModel @target.respond_to?(:logger) && @target.logger end - def process_removed_attribute(attr) - logger.warn "Can't mass-assign protected attribute: #{attr}" if logger? + def process_removed_attributes(attrs) + logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger? end end @@ -42,19 +44,19 @@ module ActiveModel super() end - def process_removed_attribute(attr) - return if insensitive_attributes.include?(attr) - raise ActiveModel::MassAssignmentSecurity::Error.new(attr) + def process_removed_attributes(attrs) + return if (attrs - insensitive_attributes).empty? + raise ActiveModel::MassAssignmentSecurity::Error.new(attrs) end def insensitive_attributes - @insensitive_attributes ||= ['id'] + ['id'] end end class Error < StandardError - def initialize(attr) - super("Can't mass-assign protected attribute: #{attr}") + def initialize(attrs) + super("Can't mass-assign protected attributes: #{attrs.join(', ')}") end end end |