diff options
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/CHANGELOG.md | 10 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/asset_tag_helper.rb | 2 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/form_options_helper.rb | 12 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/number_helper.rb | 5 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/text_helper.rb | 2 | ||||
-rw-r--r-- | actionview/test/template/form_options_helper_test.rb | 15 | ||||
-rw-r--r-- | actionview/test/template/text_helper_test.rb | 2 |
7 files changed, 42 insertions, 6 deletions
diff --git a/actionview/CHANGELOG.md b/actionview/CHANGELOG.md index 6d45cc1d8a..46b3b1fa25 100644 --- a/actionview/CHANGELOG.md +++ b/actionview/CHANGELOG.md @@ -1,3 +1,13 @@ +* Deprecate calling private model methods from view helpers. + + For example, in methods like `options_from_collection_for_select` + and `collection_select` it is possible to call private methods from + the objects used. + + Fixes #33546. + + *Ana María Martínez Gómez* + * Fix issue with `button_to`'s `to_form_params` `button_to` was throwing exception when invoked with `params` hash that diff --git a/actionview/lib/action_view/helpers/asset_tag_helper.rb b/actionview/lib/action_view/helpers/asset_tag_helper.rb index 14bd8ffa84..cbcce4a4dc 100644 --- a/actionview/lib/action_view/helpers/asset_tag_helper.rb +++ b/actionview/lib/action_view/helpers/asset_tag_helper.rb @@ -55,7 +55,7 @@ module ActionView # that path. # * <tt>:skip_pipeline</tt> - This option is used to bypass the asset pipeline # when it is set to true. - # * <tt>:nonce<tt> - When set to true, adds an automatic nonce value if + # * <tt>:nonce</tt> - When set to true, adds an automatic nonce value if # you have Content Security Policy enabled. # # ==== Examples diff --git a/actionview/lib/action_view/helpers/form_options_helper.rb b/actionview/lib/action_view/helpers/form_options_helper.rb index 7884a8d997..2b9d55a019 100644 --- a/actionview/lib/action_view/helpers/form_options_helper.rb +++ b/actionview/lib/action_view/helpers/form_options_helper.rb @@ -794,7 +794,7 @@ module ActionView def extract_values_from_collection(collection, value_method, selected) if selected.is_a?(Proc) collection.map do |element| - element.send(value_method) if selected.call(element) + public_or_deprecated_send(element, value_method) if selected.call(element) end.compact else selected @@ -802,7 +802,15 @@ module ActionView end def value_for_collection(item, value) - value.respond_to?(:call) ? value.call(item) : item.send(value) + value.respond_to?(:call) ? value.call(item) : public_or_deprecated_send(item, value) + end + + def public_or_deprecated_send(item, value) + item.public_send(value) + rescue NoMethodError + raise unless item.respond_to?(value, true) && !item.respond_to?(value) + ActiveSupport::Deprecation.warn "Using private methods from view helpers is deprecated (calling private #{item.class}##{value})" + item.send(value) end def prompt_text(prompt) diff --git a/actionview/lib/action_view/helpers/number_helper.rb b/actionview/lib/action_view/helpers/number_helper.rb index 4b53b8fe6e..35206b7e48 100644 --- a/actionview/lib/action_view/helpers/number_helper.rb +++ b/actionview/lib/action_view/helpers/number_helper.rb @@ -100,6 +100,9 @@ module ActionView # absolute value of the number. # * <tt>:raise</tt> - If true, raises +InvalidNumberError+ when # the argument is invalid. + # * <tt>:strip_insignificant_zeros</tt> - If +true+ removes + # insignificant zeros after the decimal separator (defaults to + # +false+). # # ==== Examples # @@ -117,6 +120,8 @@ module ActionView # # => R$1234567890,50 # number_to_currency(1234567890.50, unit: "R$", separator: ",", delimiter: "", format: "%n %u") # # => 1234567890,50 R$ + # number_to_currency(1234567890.50, strip_insignificant_zeros: true) + # # => "$1,234,567,890.5" def number_to_currency(number, options = {}) delegate_number_helper_method(:number_to_currency, number, options) end diff --git a/actionview/lib/action_view/helpers/text_helper.rb b/actionview/lib/action_view/helpers/text_helper.rb index 77a1c1fed9..a338d076e4 100644 --- a/actionview/lib/action_view/helpers/text_helper.rb +++ b/actionview/lib/action_view/helpers/text_helper.rb @@ -228,7 +228,7 @@ module ActionView # pluralize(2, 'Person', locale: :de) # # => 2 Personen def pluralize(count, singular, plural_arg = nil, plural: plural_arg, locale: I18n.locale) - word = if (count == 1 || count =~ /^1(\.0+)?$/) + word = if count == 1 || count =~ /^1(\.0+)?$/ singular else plural || singular.pluralize(locale) diff --git a/actionview/test/template/form_options_helper_test.rb b/actionview/test/template/form_options_helper_test.rb index 8f796bdb83..8a0a706fef 100644 --- a/actionview/test/template/form_options_helper_test.rb +++ b/actionview/test/template/form_options_helper_test.rb @@ -21,7 +21,12 @@ class FormOptionsHelperTest < ActionView::TestCase tests ActionView::Helpers::FormOptionsHelper silence_warnings do - Post = Struct.new("Post", :title, :author_name, :body, :secret, :written_on, :category, :origin, :allow_comments) + Post = Struct.new("Post", :title, :author_name, :body, :written_on, :category, :origin, :allow_comments) do + private + def secret + "This is super secret: #{author_name} is not the real author of #{title}" + end + end Continent = Struct.new("Continent", :continent_name, :countries) Country = Struct.new("Country", :country_id, :country_name) Firm = Struct.new("Firm", :time_zone) @@ -68,6 +73,14 @@ class FormOptionsHelperTest < ActionView::TestCase ) end + def test_collection_options_with_private_value_method + assert_deprecated("Using private methods from view helpers is deprecated (calling private Struct::Post#secret)") { options_from_collection_for_select(dummy_posts, "secret", "title") } + end + + def test_collection_options_with_private_text_method + assert_deprecated("Using private methods from view helpers is deprecated (calling private Struct::Post#secret)") { options_from_collection_for_select(dummy_posts, "author_name", "secret") } + end + def test_collection_options_with_preselected_value assert_dom_equal( "<option value=\"<Abe>\"><Abe> went home</option>\n<option value=\"Babe\" selected=\"selected\">Babe went home</option>\n<option value=\"Cabe\">Cabe went home</option>", diff --git a/actionview/test/template/text_helper_test.rb b/actionview/test/template/text_helper_test.rb index 45edfe18be..4d47706bda 100644 --- a/actionview/test/template/text_helper_test.rb +++ b/actionview/test/template/text_helper_test.rb @@ -9,7 +9,7 @@ class TextHelperTest < ActionView::TestCase super # This simulates the fact that instance variables are reset every time # a view is rendered. The cycle helper depends on this behavior. - @_cycles = nil if (defined? @_cycles) + @_cycles = nil if defined?(@_cycles) end def test_concat |