diff options
| author | Ben Toews <mastahyeti@gmail.com> | 2017-02-21 11:17:16 -0700 |
|---|---|---|
| committer | Matthew Draper <matthew@trebex.net> | 2017-11-09 22:37:23 +1030 |
| commit | 864b16063d14977096d9d24ac894fee605dfb7a7 (patch) | |
| tree | a3741db56b6f3999ee984c00102ba7225fd92283 /activerecord/lib/active_record/attribute_methods.rb | |
| parent | f989b341eccc6a86fd1ddfff7f1441920855c84e (diff) | |
| download | rails-864b16063d14977096d9d24ac894fee605dfb7a7.tar.gz rails-864b16063d14977096d9d24ac894fee605dfb7a7.tar.bz2 rails-864b16063d14977096d9d24ac894fee605dfb7a7.zip | |
allow Arel.sql() for pluck
Diffstat (limited to 'activerecord/lib/active_record/attribute_methods.rb')
| -rw-r--r-- | activerecord/lib/active_record/attribute_methods.rb | 38 |
1 files changed, 37 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/attribute_methods.rb b/activerecord/lib/active_record/attribute_methods.rb index fa0d79ba5f..b3d3c0559f 100644 --- a/activerecord/lib/active_record/attribute_methods.rb +++ b/activerecord/lib/active_record/attribute_methods.rb @@ -167,6 +167,30 @@ module ActiveRecord end end + def enforce_raw_sql_whitelist(args, whitelist: attribute_names_and_aliases) # :nodoc: + return if allow_unsafe_raw_sql == :enabled + + unexpected = args.reject do |arg| + whitelist.include?(arg.to_s) || + arg.kind_of?(Arel::Node) || arg.is_a?(Arel::Nodes::SqlLiteral) + end + + return if unexpected.none? + + if allow_unsafe_raw_sql == :deprecated + ActiveSupport::Deprecation.warn( + "Dangerous query method used with non-attribute argument(s): " + + "#{unexpected.map(&:inspect).join(", ")}. Non-argument " + + "arguments will be disallowed in Rails 5.3." + ) + else + raise(ActiveRecord::UnknownAttributeReference, + "Query method called with non-attribute argument(s): " + + unexpected.map(&:inspect).join(", ") + ) + end + end + # Can the given name be treated as a column name? Returns true if name # is attribute or attribute alias. # @@ -178,7 +202,7 @@ module ActiveRecord # # Person.respond_to_attribute?("foo") # # => false - def respond_to_attribute?(name) + def respond_to_attribute?(name) # :nodoc: name = name.to_s attribute_names.include?(name) || attribute_aliases.include?(name) end @@ -214,6 +238,18 @@ module ActiveRecord ConnectionAdapters::NullColumn.new(name) end end + + # An Array of String attribute names and aliases for accessing those + # attributes. + # + # class Person < ActiveRecord::Base + # end + # + # Person.attribute_names_and_aliases + # # => ["id", "created_at", "updated_at", "name", "age"] + def attribute_names_and_aliases # :nodoc: + attribute_names + attribute_aliases.keys + end end # A Person object with a name attribute can ask <tt>person.respond_to?(:name)</tt>, |