Ensure methods called on association proxies respect access control. [#1083 state:resolved] [Adam Milligan, Pratik]

author: Pratik Naik <pratiknaik@gmail.com> 2008-10-13 19:01:37 +0200
committer: Pratik Naik <pratiknaik@gmail.com> 2008-10-13 19:02:34 +0200
commit: 691aa20280456c332bfaaf69b58adc86fd86a2b8 (patch)
tree: 5841c2f0211b021d473fdba3eb03ac487ef50130 /activerecord/lib/active_record/associations
parent: 42cbd710bb116998f92029adacb45698905a2e3b (diff)
download: rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.tar.gz
rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.tar.bz2
rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.zip
2 files changed, 12 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/associations/association_proxy.rb b/activerecord/lib/active_record/associations/association_proxy.rb
index b617147f67..d1a79df6e6 100644
--- a/activerecord/lib/active_record/associations/association_proxy.rb
+++ b/activerecord/lib/active_record/associations/association_proxy.rb
@@ -140,6 +140,15 @@ module ActiveRecord
         @target.inspect
       end
 
+      def send(method, *args)
+        if proxy_respond_to?(method)
+          super
+        else
+          load_target
+          @target.send(method, *args)
+        end
+      end
+
       protected
         # Does the association have a <tt>:dependent</tt> option?
         def dependent?
@@ -197,6 +206,8 @@ module ActiveRecord
         # Forwards any missing method call to the \target.
         def method_missing(method, *args)
           if load_target
+            raise NoMethodError unless @target.respond_to?(method)
+
             if block_given?
               @target.send(method, *args)  { |*block_args| yield(*block_args) }
             else
diff --git a/activerecord/lib/active_record/associations/has_one_association.rb b/activerecord/lib/active_record/associations/has_one_association.rb
index c92ef5c2c9..960323004d 100644
--- a/activerecord/lib/active_record/associations/has_one_association.rb
+++ b/activerecord/lib/active_record/associations/has_one_association.rb
@@ -57,7 +57,7 @@ module ActiveRecord
       protected
         def owner_quoted_id
           if @reflection.options[:primary_key]
-            quote_value(@owner.send(@reflection.options[:primary_key]))
+            @owner.class.quote_value(@owner.send(@reflection.options[:primary_key]))
           else
             @owner.quoted_id
           end
author	Pratik Naik <pratiknaik@gmail.com>	2008-10-13 19:01:37 +0200
committer	Pratik Naik <pratiknaik@gmail.com>	2008-10-13 19:02:34 +0200
commit	691aa20280456c332bfaaf69b58adc86fd86a2b8 (patch)
tree	5841c2f0211b021d473fdba3eb03ac487ef50130 /activerecord/lib/active_record/associations
parent	42cbd710bb116998f92029adacb45698905a2e3b (diff)
download	rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.tar.gz rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.tar.bz2 rails-691aa20280456c332bfaaf69b58adc86fd86a2b8.zip