diff options
Diffstat (limited to 'activerecord/lib/active_record/mass_assignment_security')
-rw-r--r-- | activerecord/lib/active_record/mass_assignment_security/permission_set.rb | 41 | ||||
-rw-r--r-- | activerecord/lib/active_record/mass_assignment_security/sanitizer.rb | 29 |
2 files changed, 0 insertions, 70 deletions
diff --git a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb b/activerecord/lib/active_record/mass_assignment_security/permission_set.rb deleted file mode 100644 index 8446a4103b..0000000000 --- a/activerecord/lib/active_record/mass_assignment_security/permission_set.rb +++ /dev/null @@ -1,41 +0,0 @@ -require 'active_record/mass_assignment_security/sanitizer' - -module ActiveRecord - module MassAssignmentSecurity - - class PermissionSet < Set - attr_accessor :logger - - def +(values) - super(values.map(&:to_s)) - end - - def include?(key) - super(remove_multiparameter_id(key)) - end - - protected - - def remove_multiparameter_id(key) - key.gsub(/\(.+/, '') - end - end - - class WhiteList < PermissionSet - include Sanitizer - - def deny?(key) - !include?(key) - end - end - - class BlackList < PermissionSet - include Sanitizer - - def deny?(key) - include?(key) - end - end - - end -end
\ No newline at end of file diff --git a/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb b/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb deleted file mode 100644 index 11de35f9d6..0000000000 --- a/activerecord/lib/active_record/mass_assignment_security/sanitizer.rb +++ /dev/null @@ -1,29 +0,0 @@ -module ActiveRecord - module MassAssignmentSecurity - module Sanitizer - - # Returns all attributes not denied by the authorizer. - def sanitize(attributes) - sanitized_attributes = attributes.reject { |key, value| deny?(key) } - debug_protected_attribute_removal(attributes, sanitized_attributes) if debug? - sanitized_attributes - end - - protected - - def debug_protected_attribute_removal(attributes, sanitized_attributes) - removed_keys = attributes.keys - sanitized_attributes.keys - warn!(removed_keys) if removed_keys.any? - end - - def debug? - logger.present? - end - - def warn!(attrs) - logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" - end - - end - end -end |