diff options
| author | José Valim <jose.valim@gmail.com> | 2010-07-08 19:02:34 +0200 |
|---|---|---|
| committer | José Valim <jose.valim@gmail.com> | 2010-07-08 19:02:34 +0200 |
| commit | c285f07a92c643729a1a6ae6282cd597fe8e20e3 (patch) | |
| tree | d55f1b06c29f2998c24ed5307856e94e71d17594 /activemodel/lib/active_model/mass_assignment_security | |
| parent | 4b66aab00fa0ea6bcc6ec81df19e44de34fd7864 (diff) | |
| download | rails-c285f07a92c643729a1a6ae6282cd597fe8e20e3.tar.gz rails-c285f07a92c643729a1a6ae6282cd597fe8e20e3.tar.bz2 rails-c285f07a92c643729a1a6ae6282cd597fe8e20e3.zip | |
Change documentation for ActiveModel::MassAssignmentSecurity a bit and make debug always be called since some people may overwrite warn! to add extra behavior even if logger is not available.
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 10 | ||||
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | 24 |
2 files changed, 13 insertions, 21 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb index 978da493d7..7c48472799 100644 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb @@ -2,7 +2,6 @@ require 'active_model/mass_assignment_security/sanitizer' module ActiveModel module MassAssignmentSecurity - class PermissionSet < Set attr_accessor :logger @@ -14,11 +13,11 @@ module ActiveModel super(remove_multiparameter_id(key)) end - protected + protected - def remove_multiparameter_id(key) - key.gsub(/\(.+/, '') - end + def remove_multiparameter_id(key) + key.to_s.gsub(/\(.+/, '') + end end class WhiteList < PermissionSet @@ -36,6 +35,5 @@ module ActiveModel include?(key) end end - end end
\ No newline at end of file diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb index 275e481fb8..150beb1ff2 100644 --- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb +++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb @@ -1,29 +1,23 @@ module ActiveModel module MassAssignmentSecurity module Sanitizer - # Returns all attributes not denied by the authorizer. def sanitize(attributes) sanitized_attributes = attributes.reject { |key, value| deny?(key) } - debug_protected_attribute_removal(attributes, sanitized_attributes) if debug? + debug_protected_attribute_removal(attributes, sanitized_attributes) sanitized_attributes end - protected - - def debug_protected_attribute_removal(attributes, sanitized_attributes) - removed_keys = attributes.keys - sanitized_attributes.keys - warn!(removed_keys) if removed_keys.any? - end - - def debug? - self.logger.present? - end + protected - def warn!(attrs) - self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" - end + def debug_protected_attribute_removal(attributes, sanitized_attributes) + removed_keys = attributes.keys - sanitized_attributes.keys + warn!(removed_keys) if removed_keys.any? + end + def warn!(attrs) + self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if self.logger + end end end end |