diff options
author | Eric Chapweske <ericis@gmail.com> | 2010-01-29 17:02:12 -0800 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2010-07-08 18:28:32 +0200 |
commit | 606088df3f10dd8daec8ccc97d8279c119a503b5 (patch) | |
tree | 14709f7367901dd107e73c6f3c30967e9159e70b /activerecord/lib/active_record/mass_assignment_security/permission_set.rb | |
parent | 723a0bbe3a8737a099cd995a397b919b1957413d (diff) | |
download | rails-606088df3f10dd8daec8ccc97d8279c119a503b5.tar.gz rails-606088df3f10dd8daec8ccc97d8279c119a503b5.tar.bz2 rails-606088df3f10dd8daec8ccc97d8279c119a503b5.zip |
Mass assignment security refactoring
Signed-off-by: José Valim <jose.valim@gmail.com>
Diffstat (limited to 'activerecord/lib/active_record/mass_assignment_security/permission_set.rb')
-rw-r--r-- | activerecord/lib/active_record/mass_assignment_security/permission_set.rb | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb new file mode 100644 index 0000000000..1d34dce02e --- /dev/null +++ b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb @@ -0,0 +1,44 @@ +require 'active_record/mass_assignment_security/sanitizer' + +module ActiveRecord + module MassAssignmentSecurity + class PermissionSet < Set + + attr_accessor :logger + + def merge(values) + super(values.map(&:to_s)) + end + + def include?(key) + super(remove_multiparameter_id(key)) + end + + protected + + def remove_multiparameter_id(key) + key.gsub(/\(.+/, '') + end + + end + + class WhiteList < PermissionSet + include Sanitizer + + def deny?(key) + !include?(key) + end + + end + + class BlackList < PermissionSet + include Sanitizer + + def deny?(key) + include?(key) + end + + end + + end +end
\ No newline at end of file |