Mass assignment security refactoring

Signed-off-by: José Valim <jose.valim@gmail.com>

1 files changed, 44 insertions, 0 deletions

diff --git a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb
new file mode 100644
index 0000000000..1d34dce02e
--- /dev/null
+++ b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb
@@ -0,0 +1,44 @@
+require 'active_record/mass_assignment_security/sanitizer'
+
+module ActiveRecord
+  module MassAssignmentSecurity
+    class PermissionSet < Set
+
+      attr_accessor :logger
+
+      def merge(values)
+        super(values.map(&:to_s))
+      end
+
+      def include?(key)
+        super(remove_multiparameter_id(key))
+      end
+
+      protected
+
+        def remove_multiparameter_id(key)
+          key.gsub(/\(.+/, '')
+        end
+
+    end
+
+    class WhiteList < PermissionSet
+      include Sanitizer
+
+      def deny?(key)
+        !include?(key)
+      end
+
+    end
+
+    class BlackList < PermissionSet
+      include Sanitizer
+
+      def deny?(key)
+        include?(key)
+      end
+
+    end
+
+  end
+end
\ No newline at end of file