diff options
Diffstat (limited to 'activemodel/lib/active_model/mass_assignment_security')
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/permission_set.rb | 40 | ||||
| -rw-r--r-- | activemodel/lib/active_model/mass_assignment_security/sanitizer.rb | 74 |
2 files changed, 0 insertions, 114 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb b/activemodel/lib/active_model/mass_assignment_security/permission_set.rb deleted file mode 100644 index f104d0306c..0000000000 --- a/activemodel/lib/active_model/mass_assignment_security/permission_set.rb +++ /dev/null @@ -1,40 +0,0 @@ -require 'set' - -module ActiveModel - module MassAssignmentSecurity - class PermissionSet < Set #:nodoc: - - def +(values) - super(values.compact.map(&:to_s)) - end - - def include?(key) - super(remove_multiparameter_id(key)) - end - - def deny?(key) - raise NotImplementedError, "#deny?(key) supposed to be overwritten" - end - - protected - - def remove_multiparameter_id(key) - key.to_s.gsub(/\(.+/, '') - end - end - - class WhiteList < PermissionSet #:nodoc: - - def deny?(key) - !include?(key) - end - end - - class BlackList < PermissionSet #:nodoc: - - def deny?(key) - include?(key) - end - end - end -end diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb deleted file mode 100644 index dafb7cdff3..0000000000 --- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb +++ /dev/null @@ -1,74 +0,0 @@ -module ActiveModel - module MassAssignmentSecurity - class Sanitizer #:nodoc: - # Returns all attributes not denied by the authorizer. - def sanitize(klass, attributes, authorizer) - rejected = [] - sanitized_attributes = attributes.reject do |key, value| - rejected << key if authorizer.deny?(key) - end - process_removed_attributes(klass, rejected) unless rejected.empty? - sanitized_attributes - end - - protected - - def process_removed_attributes(klass, attrs) - raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten" - end - end - - class LoggerSanitizer < Sanitizer #:nodoc: - def initialize(target) - @target = target - super() - end - - def logger - @target.logger - end - - def logger? - @target.respond_to?(:logger) && @target.logger - end - - def backtrace - if defined? Rails - Rails.backtrace_cleaner.clean(caller) - else - caller - end - end - - def process_removed_attributes(klass, attrs) - if logger? - logger.warn do - "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" + - backtrace.map { |trace| "\t#{trace}" }.join("\n") - end - end - end - end - - class StrictSanitizer < Sanitizer #:nodoc: - def initialize(target = nil) - super() - end - - def process_removed_attributes(klass, attrs) - return if (attrs - insensitive_attributes).empty? - raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs) - end - - def insensitive_attributes - ['id'] - end - end - - class Error < StandardError #:nodoc: - def initialize(klass, attrs) - super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}") - end - end - end -end |