diff options
| author | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-16 17:26:18 -0700 |
|---|---|---|
| committer | Aaron Patterson <aaron.patterson@gmail.com> | 2012-05-16 17:26:18 -0700 |
| commit | fc3b3b92a68c634a69ae4987a70f272c9f3f774e (patch) | |
| tree | a03d992141806ef5b8ef4980ea950bed23ab2ff7 /activemodel/lib | |
| parent | 9c734c51351a21acf247f0780f975eeb9261cc6f (diff) | |
| parent | 80a2c9e5db33b85d0ad5867aa7b82c4b731e94d6 (diff) | |
| download | rails-fc3b3b92a68c634a69ae4987a70f272c9f3f774e.tar.gz rails-fc3b3b92a68c634a69ae4987a70f272c9f3f774e.tar.bz2 rails-fc3b3b92a68c634a69ae4987a70f272c9f3f774e.zip | |
Merge pull request #6357 from takai/improve_logging_of_mass_assignment_sanitizer
Improve logging of ActiveModel::MassAssignmentSecurity::Sanitizer
Diffstat (limited to 'activemodel/lib')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security.rb | 2 | ||||
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | 31 |
2 files changed, 23 insertions, 10 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb index 5e5405fe27..893fbf92c3 100644 --- a/activemodel/lib/active_model/mass_assignment_security.rb +++ b/activemodel/lib/active_model/mass_assignment_security.rb @@ -229,7 +229,7 @@ module ActiveModel protected def sanitize_for_mass_assignment(attributes, role = nil) - _mass_assignment_sanitizer.sanitize(attributes, mass_assignment_authorizer(role)) + _mass_assignment_sanitizer.sanitize(self.class, attributes, mass_assignment_authorizer(role)) end def mass_assignment_authorizer(role) diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb index 4491e07a72..44ce5a489d 100644 --- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb +++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb @@ -2,18 +2,18 @@ module ActiveModel module MassAssignmentSecurity class Sanitizer # Returns all attributes not denied by the authorizer. - def sanitize(attributes, authorizer) + def sanitize(klass, attributes, authorizer) rejected = [] sanitized_attributes = attributes.reject do |key, value| rejected << key if authorizer.deny?(key) end - process_removed_attributes(rejected) unless rejected.empty? + process_removed_attributes(klass, rejected) unless rejected.empty? sanitized_attributes end protected - def process_removed_attributes(attrs) + def process_removed_attributes(klass, attrs) raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten" end end @@ -32,8 +32,21 @@ module ActiveModel @target.respond_to?(:logger) && @target.logger end - def process_removed_attributes(attrs) - logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger? + def backtrace + if defined? Rails + Rails.backtrace_cleaner.clean(caller) + else + caller + end + end + + def process_removed_attributes(klass, attrs) + if logger? + logger.warn do + "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" + + backtrace.map { |trace| "\t#{trace}" }.join("\n") + end + end end end @@ -42,9 +55,9 @@ module ActiveModel super() end - def process_removed_attributes(attrs) + def process_removed_attributes(klass, attrs) return if (attrs - insensitive_attributes).empty? - raise ActiveModel::MassAssignmentSecurity::Error.new(attrs) + raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs) end def insensitive_attributes @@ -53,8 +66,8 @@ module ActiveModel end class Error < StandardError - def initialize(attrs) - super("Can't mass-assign protected attributes: #{attrs.join(', ')}") + def initialize(klass, attrs) + super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}") end end end |