Remove MassAssignmentSecurity from ActiveModel

This will be moved out to protected_attributes gem

4 files changed, 4 insertions, 468 deletions

diff --git a/activemodel/lib/active_model/forbidden_attributes_protection.rb b/activemodel/lib/active_model/forbidden_attributes_protection.rb
index 39f1a20734..29bc47f151 100644
--- a/activemodel/lib/active_model/forbidden_attributes_protection.rb
+++ b/activemodel/lib/active_model/forbidden_attributes_protection.rb
@@ -3,11 +3,11 @@ module ActiveModel
   end
 
   module ForbiddenAttributesProtection
-    def sanitize_for_mass_assignment(new_attributes, options = {})
-      if !new_attributes.respond_to?(:permitted?) || (new_attributes.respond_to?(:permitted?) && new_attributes.permitted?)
-        super
-      else
+    def sanitize_for_mass_assignment(attributes, options = {})
+      if attributes.respond_to?(:permitted?) && !attributes.permitted?
         raise ActiveModel::ForbiddenAttributes
+      else
+        attributes
       end
     end
   end
diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
deleted file mode 100644
index f9841abcb0..0000000000
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ /dev/null
@@ -1,350 +0,0 @@
-require 'active_support/core_ext/string/inflections'
-require 'active_model/mass_assignment_security/permission_set'
-require 'active_model/mass_assignment_security/sanitizer'
-
-module ActiveModel
-  # == Active Model Mass-Assignment Security
-  #
-  # Mass assignment security provides an interface for protecting attributes
-  # from end-user assignment. For more complex permissions, mass assignment
-  # security may be handled outside the model by extending a non-ActiveRecord
-  # class, such as a controller, with this behavior.
-  #
-  # For example, a logged in user may need to assign additional attributes
-  # depending on their role:
-  #
-  #   class AccountsController < ApplicationController
-  #     include ActiveModel::MassAssignmentSecurity
-  #
-  #     attr_accessible :first_name, :last_name
-  #     attr_accessible :first_name, :last_name, :plan_id, as: :admin
-  #
-  #     def update
-  #       ...
-  #       @account.update_attributes(account_params)
-  #       ...
-  #     end
-  #
-  #     protected
-  #
-  #     def account_params
-  #       role = admin ? :admin : :default
-  #       sanitize_for_mass_assignment(params[:account], role)
-  #     end
-  #
-  #   end
-  #
-  # === Configuration options
-  #
-  # * <tt>mass_assignment_sanitizer</tt> - Defines sanitize method. Possible
-  #   values are:
-  #   * <tt>:logger</tt> (default) - writes filtered attributes to logger
-  #   * <tt>:strict</tt> - raise <tt>ActiveModel::MassAssignmentSecurity::Error</tt>
-  #     on any protected attribute update.
-  #
-  # You can specify your own sanitizer object eg. <tt>MySanitizer.new</tt>.
-  # See <tt>ActiveModel::MassAssignmentSecurity::LoggerSanitizer</tt> for
-  # example implementation.
-  module MassAssignmentSecurity
-    extend ActiveSupport::Concern
-
-    included do
-      class_attribute :_accessible_attributes, instance_writer: false
-      class_attribute :_protected_attributes,  instance_writer: false
-      class_attribute :_active_authorizer,     instance_writer: false
-
-      class_attribute :_mass_assignment_sanitizer, instance_writer: false
-      self.mass_assignment_sanitizer = :logger
-    end
-
-    module ClassMethods
-      # Attributes named in this macro are protected from mass-assignment
-      # whenever attributes are sanitized before assignment. A role for the
-      # attributes is optional, if no role is provided then <tt>:default</tt>
-      # is used. A role can be defined by using the <tt>:as</tt> option with a
-      # symbol or an array of symbols as the value.
-      #
-      # Mass-assignment to these attributes will simply be ignored, to assign
-      # to them you can use direct writer methods. This is meant to protect
-      # sensitive attributes from being overwritten by malicious users
-      # tampering with URLs or forms.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :email, :logins_count
-      #
-      #     attr_protected :logins_count
-      #     # Suppose that admin can not change email for customer
-      #     attr_protected :logins_count, :email, as: :admin
-      #
-      #     def assign_attributes(values, options = {})
-      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
-      #         send("#{k}=", v)
-      #       end
-      #     end
-      #   end
-      #
-      # When using the <tt>:default</tt> role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5 }, as: :default)
-      #   customer.name         # => "David"
-      #   customer.email        # => "a@b.com"
-      #   customer.logins_count # => nil
-      #
-      # And using the <tt>:admin</tt> role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ name: 'David', email: 'a@b.com', logins_count: 5}, as: :admin)
-      #   customer.name         # => "David"
-      #   customer.email        # => nil
-      #   customer.logins_count # => nil
-      #
-      #   customer.email = 'c@d.com'
-      #   customer.email # => "c@d.com"
-      #
-      # To start from an all-closed default and enable attributes as needed,
-      # have a look at +attr_accessible+.
-      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
-      # +attr_protected+ to sanitize attributes provides basically the same
-      # functionality, but it makes a bit tricky to deal with nested attributes.
-      def attr_protected(*args)
-        options = args.extract_options!
-        role = options[:as] || :default
-
-        self._protected_attributes = protected_attributes_configs.dup
-
-        Array(role).each do |name|
-          self._protected_attributes[name] = self.protected_attributes(name) + args
-        end
-
-        self._active_authorizer = self._protected_attributes
-      end
-
-      # Specifies a white list of model attributes that can be set via
-      # mass-assignment.
-      #
-      # Like +attr_protected+, a role for the attributes is optional,
-      # if no role is provided then <tt>:default</tt> is used. A role can be
-      # defined by using the <tt>:as</tt> option with a symbol or an array of
-      # symbols as the value.
-      #
-      # This is the opposite of the +attr_protected+ macro: Mass-assignment
-      # will only set attributes in this list, to assign to the rest of
-      # attributes you can use direct writer methods. This is meant to protect
-      # sensitive attributes from being overwritten by malicious users
-      # tampering with URLs or forms. If you'd rather start from an all-open
-      # default and restrict attributes as needed, have a look at
-      # +attr_protected+.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :credit_rating
-      #
-      #     # Both admin and default user can change name of a customer
-      #     attr_accessible :name, as: [:admin, :default]
-      #     # Only admin can change credit rating of a customer
-      #     attr_accessible :credit_rating, as: :admin
-      #
-      #     def assign_attributes(values, options = {})
-      #       sanitize_for_mass_assignment(values, options[:as]).each do |k, v|
-      #         send("#{k}=", v)
-      #       end
-      #     end
-      #   end
-      #
-      # When using the <tt>:default</tt> role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :default)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => nil
-      #
-      #   customer.credit_rating = 'Average'
-      #   customer.credit_rating # => "Average"
-      #
-      # And using the <tt>:admin</tt> role:
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes({ name: 'David', credit_rating: 'Excellent', last_login: 1.day.ago }, as: :admin)
-      #   customer.name          # => "David"
-      #   customer.credit_rating # => "Excellent"
-      #
-      # Note that using <tt>Hash#except</tt> or <tt>Hash#slice</tt> in place of
-      # +attr_accessible+ to sanitize attributes provides basically the same
-      # functionality, but it makes a bit tricky to deal with nested attributes.
-      def attr_accessible(*args)
-        options = args.extract_options!
-        role = options[:as] || :default
-
-        self._accessible_attributes = accessible_attributes_configs.dup
-
-        Array(role).each do |name|
-          self._accessible_attributes[name] = self.accessible_attributes(name) + args
-        end
-
-        self._active_authorizer = self._accessible_attributes
-      end
-
-      # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::BlackList</tt>
-      # with the attributes protected by #attr_protected method. If no +role+
-      # is provided, then <tt>:default</tt> is used.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :email, :logins_count
-      #
-      #     attr_protected :logins_count
-      #     attr_protected :logins_count, :email, as: :admin
-      #   end
-      #
-      #   Customer.protected_attributes
-      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
-      #
-      #   Customer.protected_attributes(:default)
-      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count"}>
-      #
-      #   Customer.protected_attributes(:admin)
-      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {"logins_count", "email"}>
-      def protected_attributes(role = :default)
-        protected_attributes_configs[role]
-      end
-
-      # Returns an instance of <tt>ActiveModel::MassAssignmentSecurity::WhiteList</tt>
-      # with the attributes protected by #attr_accessible method. If no +role+
-      # is provided, then <tt>:default</tt> is used.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :credit_rating
-      #
-      #     attr_accessible :name, as: [:admin, :default]
-      #     attr_accessible :credit_rating, as: :admin
-      #   end
-      #
-      #   Customer.accessible_attributes
-      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
-      #
-      #   Customer.accessible_attributes(:default)
-      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
-      #
-      #   Customer.accessible_attributes(:admin)
-      #   # => #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>
-      def accessible_attributes(role = :default)
-        accessible_attributes_configs[role]
-      end
-
-      # Returns a hash with the protected attributes (by #attr_accessible or
-      # #attr_protected) per role.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name, :credit_rating
-      #
-      #     attr_accessible :name, as: [:admin, :default]
-      #     attr_accessible :credit_rating, as: :admin
-      #   end
-      #
-      #   Customer.active_authorizers
-      #   # => {
-      #   #       :admin=> #<ActiveModel::MassAssignmentSecurity::WhiteList: {"name", "credit_rating"}>,
-      #   #       :default=>#<ActiveModel::MassAssignmentSecurity::WhiteList: {"name"}>
-      #   #    }
-      def active_authorizers
-        self._active_authorizer ||= protected_attributes_configs
-      end
-      alias active_authorizer active_authorizers
-
-      # Returns an empty array by default. You can still override this to define
-      # the default attributes protected by #attr_protected method.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     def self.attributes_protected_by_default
-      #       [:name]
-      #     end
-      #   end
-      #
-      #   Customer.protected_attributes
-      #   # => #<ActiveModel::MassAssignmentSecurity::BlackList: {:name}>
-      def attributes_protected_by_default
-        []
-      end
-
-      # Defines sanitize method.
-      #
-      #   class Customer
-      #     include ActiveModel::MassAssignmentSecurity
-      #
-      #     attr_accessor :name
-      #
-      #     attr_protected :name
-      #
-      #     def assign_attributes(values)
-      #       sanitize_for_mass_assignment(values).each do |k, v|
-      #         send("#{k}=", v)
-      #       end
-      #     end
-      #   end
-      #
-      #   # See ActiveModel::MassAssignmentSecurity::StrictSanitizer for more information.
-      #   Customer.mass_assignment_sanitizer = :strict
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes(name: 'David')
-      #   # => ActiveModel::MassAssignmentSecurity::Error: Can't mass-assign protected attributes for Customer: name
-      #
-      # Also, you can specify your own sanitizer object.
-      #
-      #   class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
-      #     def process_removed_attributes(klass, attrs)
-      #       raise StandardError
-      #     end
-      #   end
-      #
-      #   Customer.mass_assignment_sanitizer = CustomSanitizer.new
-      #
-      #   customer = Customer.new
-      #   customer.assign_attributes(name: 'David')
-      #   # => StandardError: StandardError
-      def mass_assignment_sanitizer=(value)
-        self._mass_assignment_sanitizer = if value.is_a?(Symbol)
-          const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
-        else
-          value
-        end
-      end
-
-      private
-
-      def protected_attributes_configs
-        self._protected_attributes ||= begin
-          Hash.new { |h,k| h[k] = BlackList.new(attributes_protected_by_default) }
-        end
-      end
-
-      def accessible_attributes_configs
-        self._accessible_attributes ||= begin
-          Hash.new { |h,k| h[k] = WhiteList.new }
-        end
-      end
-    end
-
-  protected
-
-    def sanitize_for_mass_assignment(attributes, role = nil) #:nodoc:
-      _mass_assignment_sanitizer.sanitize(self.class, attributes, mass_assignment_authorizer(role))
-    end
-
-    def mass_assignment_authorizer(role) #:nodoc:
-      self.class.active_authorizer[role || :default]
-    end
-  end
-end
diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
deleted file mode 100644
index f104d0306c..0000000000
--- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb
+++ /dev/null
@@ -1,40 +0,0 @@
-require 'set'
-
-module ActiveModel
-  module MassAssignmentSecurity
-    class PermissionSet < Set #:nodoc:
-
-      def +(values)
-        super(values.compact.map(&:to_s))
-      end
-
-      def include?(key)
-        super(remove_multiparameter_id(key))
-      end
-
-      def deny?(key)
-        raise NotImplementedError, "#deny?(key) supposed to be overwritten"
-      end
-
-    protected
-
-      def remove_multiparameter_id(key)
-        key.to_s.gsub(/\(.+/, '')
-      end
-    end
-
-    class WhiteList < PermissionSet #:nodoc:
-
-      def deny?(key)
-        !include?(key)
-      end
-    end
-
-    class BlackList < PermissionSet #:nodoc:
-
-      def deny?(key)
-        include?(key)
-      end
-    end
-  end
-end
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
deleted file mode 100644
index dafb7cdff3..0000000000
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ /dev/null
@@ -1,74 +0,0 @@
-module ActiveModel
-  module MassAssignmentSecurity
-    class Sanitizer #:nodoc:
-      # Returns all attributes not denied by the authorizer.
-      def sanitize(klass, attributes, authorizer)
-        rejected = []
-        sanitized_attributes = attributes.reject do |key, value|
-          rejected << key if authorizer.deny?(key)
-        end
-        process_removed_attributes(klass, rejected) unless rejected.empty?
-        sanitized_attributes
-      end
-
-    protected
-
-      def process_removed_attributes(klass, attrs)
-        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
-      end
-    end
-
-    class LoggerSanitizer < Sanitizer #:nodoc:
-      def initialize(target)
-        @target = target
-        super()
-      end
-
-      def logger
-        @target.logger
-      end
-
-      def logger?
-        @target.respond_to?(:logger) && @target.logger
-      end
-
-      def backtrace
-        if defined? Rails
-          Rails.backtrace_cleaner.clean(caller)
-        else
-          caller
-        end
-      end
-
-      def process_removed_attributes(klass, attrs)
-        if logger?
-          logger.warn do
-            "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" +
-                backtrace.map { |trace| "\t#{trace}" }.join("\n")
-          end
-        end
-      end
-    end
-
-    class StrictSanitizer < Sanitizer #:nodoc:
-      def initialize(target = nil)
-        super()
-      end
-
-      def process_removed_attributes(klass, attrs)
-        return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
-      end
-
-      def insensitive_attributes
-        ['id']
-      end
-    end
-
-    class Error < StandardError #:nodoc:
-      def initialize(klass, attrs)
-        super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}")
-      end
-    end
-  end
-end