aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security/sanitizer.rb')
-rw-r--r--activemodel/lib/active_model/mass_assignment_security/sanitizer.rb43
1 files changed, 37 insertions, 6 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index 150beb1ff2..bb0526adc3 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -1,9 +1,14 @@
+require 'active_support/core_ext/module/delegation'
+
module ActiveModel
module MassAssignmentSecurity
- module Sanitizer
+ class Sanitizer
+ def initialize(target=nil)
+ end
+
# Returns all attributes not denied by the authorizer.
- def sanitize(attributes)
- sanitized_attributes = attributes.reject { |key, value| deny?(key) }
+ def sanitize(attributes, authorizer)
+ sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
debug_protected_attribute_removal(attributes, sanitized_attributes)
sanitized_attributes
end
@@ -12,12 +17,38 @@ module ActiveModel
def debug_protected_attribute_removal(attributes, sanitized_attributes)
removed_keys = attributes.keys - sanitized_attributes.keys
- warn!(removed_keys) if removed_keys.any?
+ process_removed_attributes(removed_keys) if removed_keys.any?
+ end
+
+ def process_removed_attributes(attrs)
+ raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+ end
+ end
+
+ class LoggerSanitizer < Sanitizer
+ delegate :logger, :to => :@target
+
+ def initialize(target)
+ @target = target
+ super
+ end
+
+ def logger?
+ @target.respond_to?(:logger) && @target.logger
+ end
+
+ def process_removed_attributes(attrs)
+ logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
end
+ end
- def warn!(attrs)
- self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if self.logger
+ class StrictSanitizer < Sanitizer
+ def process_removed_attributes(attrs)
+ raise ActiveModel::MassAssignmentSecurity::Error, "Can't mass-assign protected attributes: #{attrs.join(', ')}"
end
end
+
+ class Error < StandardError
+ end
end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-17 08:33:25 +0000