diff options
Diffstat (limited to 'activerecord')
10 files changed, 123 insertions, 18 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index 4512e8c8ad..04c12f86b6 100644 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -1621,11 +1621,11 @@ end # Allows you to set all the attributes at once by passing in a hash with keys # matching the attribute names (which again matches the column names). # - # If +guard_protected_attributes+ is true (the default), then sensitive - # attributes can be protected from this form of mass-assignment by using - # the +attr_protected+ macro. Or you can alternatively specify which - # attributes *can* be accessed with the +attr_accessible+ macro. Then all the - # attributes not included in that won't be allowed to be mass-assigned. + # If any attributes are protected by either +attr_protected+ or + # +attr_accessible+ then only settable attributes will be assigned. + # + # The +guard_protected_attributes+ argument is now deprecated, use + # the +assign_attributes+ method if you want to bypass mass-assignment security. # # class User < ActiveRecord::Base # attr_protected :is_admin @@ -1635,11 +1635,16 @@ end # user.attributes = { :username => 'Phusion', :is_admin => true } # user.username # => "Phusion" # user.is_admin? # => false - # - # user.send(:attributes=, { :username => 'Phusion', :is_admin => true }, false) - # user.is_admin? # => true - def attributes=(new_attributes, guard_protected_attributes = true) + def attributes=(new_attributes, guard_protected_attributes = nil) + unless guard_protected_attributes.nil? + message = "the use of 'guard_protected_attributes' will be removed from the next major release of rails, " + + "if you want to bypass mass-assignment security then look into using assign_attributes" + ActiveSupport::Deprecation.warn(message) + end + return unless new_attributes.is_a?(Hash) + + guard_protected_attributes ||= true if guard_protected_attributes assign_attributes(new_attributes) else diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb index e2b9a5d0d9..0c2afc180b 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb @@ -98,6 +98,9 @@ module ActiveRecord # XML type when 'xml' :xml + # tsvector type + when 'tsvector' + :tsvector # Arrays when /^\D+\[\]$/ :string @@ -189,6 +192,11 @@ module ActiveRecord options = args.extract_options! column(args[0], 'xml', options) end + + def tsvector(*args) + options = args.extract_options! + column(args[0], 'tsvector', options) + end end ADAPTER_NAME = 'PostgreSQL' @@ -206,7 +214,8 @@ module ActiveRecord :date => { :name => "date" }, :binary => { :name => "bytea" }, :boolean => { :name => "boolean" }, - :xml => { :name => "xml" } + :xml => { :name => "xml" }, + :tsvector => { :name => "tsvector" } } # Returns 'PostgreSQL' as adapter name for identification purposes. diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb index a916c88348..787ac977e0 100644 --- a/activerecord/lib/active_record/persistence.rb +++ b/activerecord/lib/active_record/persistence.rb @@ -136,22 +136,27 @@ module ActiveRecord # Updates the attributes of the model from the passed-in hash and saves the # record, all wrapped in a transaction. If the object is invalid, the saving # will fail and false will be returned. - def update_attributes(attributes) + # + # When updating model attributes, mass-assignment security protection is respected. + # If no +:as+ option is supplied then the +:default+ scope will be used. + # If you want to bypass the protection given by +attr_protected+ and + # +attr_accessible+ then you can do so using the +:without_protection+ option. + def update_attributes(attributes, options = {}) # The following transaction covers any possible database side-effects of the # attributes assignment. For example, setting the IDs of a child collection. with_transaction_returning_status do - self.attributes = attributes + self.assign_attributes(attributes, options) save end end # Updates its receiver just like +update_attributes+ but calls <tt>save!</tt> instead # of +save+, so an exception is raised if the record is invalid. - def update_attributes!(attributes) + def update_attributes!(attributes, options = {}) # The following transaction covers any possible database side-effects of the # attributes assignment. For example, setting the IDs of a child collection. with_transaction_returning_status do - self.attributes = attributes + self.assign_attributes(attributes, options) save! end end diff --git a/activerecord/lib/active_record/railties/databases.rake b/activerecord/lib/active_record/railties/databases.rake index a49f940e5b..7d76d7a19f 100644 --- a/activerecord/lib/active_record/railties/databases.rake +++ b/activerecord/lib/active_record/railties/databases.rake @@ -100,7 +100,7 @@ db_namespace = namespace :db do $stderr.puts "(if you set the charset manually, make sure you have a matching collation)" if config['charset'] end end - when 'postgresql' + when /postgresql/ @encoding = config['encoding'] || ENV['CHARSET'] || 'utf8' begin ActiveRecord::Base.establish_connection(config.merge('database' => 'postgres', 'schema_search_path' => 'public')) diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb index a3d4b7f45a..57c9921ea8 100644 --- a/activerecord/lib/active_record/relation/finder_methods.rb +++ b/activerecord/lib/active_record/relation/finder_methods.rb @@ -279,8 +279,8 @@ module ActiveRecord unless record record = @klass.new do |r| - r.send(:attributes=, protected_attributes_for_create, true) unless protected_attributes_for_create.empty? - r.send(:attributes=, unprotected_attributes_for_create, false) unless unprotected_attributes_for_create.empty? + r.assign_attributes(protected_attributes_for_create) + r.assign_attributes(unprotected_attributes_for_create, :without_protection => true) end yield(record) if block_given? record.save if match.instantiator == :create diff --git a/activerecord/test/cases/adapters/postgresql/datatype_test.rb b/activerecord/test/cases/adapters/postgresql/datatype_test.rb index 5bb8fa2f93..ce08e4c6a7 100644 --- a/activerecord/test/cases/adapters/postgresql/datatype_test.rb +++ b/activerecord/test/cases/adapters/postgresql/datatype_test.rb @@ -3,6 +3,9 @@ require "cases/helper" class PostgresqlArray < ActiveRecord::Base end +class PostgresqlTsvector < ActiveRecord::Base +end + class PostgresqlMoney < ActiveRecord::Base end @@ -34,6 +37,9 @@ class PostgresqlDataTypeTest < ActiveRecord::TestCase @connection.execute("INSERT INTO postgresql_arrays (commission_by_quarter, nicknames) VALUES ( '{35000,21000,18000,17000}', '{foo,bar,baz}' )") @first_array = PostgresqlArray.find(1) + @connection.execute("INSERT INTO postgresql_tsvectors (text_vector) VALUES (' ''text'' ''vector'' ')") + @first_tsvector = PostgresqlTsvector.find(1) + @connection.execute("INSERT INTO postgresql_moneys (wealth) VALUES ('567.89'::money)") @connection.execute("INSERT INTO postgresql_moneys (wealth) VALUES ('-567.89'::money)") @first_money = PostgresqlMoney.find(1) @@ -62,6 +68,10 @@ class PostgresqlDataTypeTest < ActiveRecord::TestCase assert_equal :string, @first_array.column_for_attribute(:nicknames).type end + def test_data_type_of_tsvector_types + assert_equal :tsvector, @first_tsvector.column_for_attribute(:text_vector).type + end + def test_data_type_of_money_types assert_equal :decimal, @first_money.column_for_attribute(:wealth).type end @@ -95,11 +105,26 @@ class PostgresqlDataTypeTest < ActiveRecord::TestCase assert_equal '{foo,bar,baz}', @first_array.nicknames end + def test_tsvector_values + assert_equal "'text' 'vector'", @first_tsvector.text_vector + end + def test_money_values assert_equal 567.89, @first_money.wealth assert_equal(-567.89, @second_money.wealth) end + def test_update_tsvector + new_text_vector = "'new' 'text' 'vector'" + assert @first_tsvector.text_vector = new_text_vector + assert @first_tsvector.save + assert @first_tsvector.reload + assert @first_tsvector.text_vector = new_text_vector + assert @first_tsvector.save + assert @first_tsvector.reload + assert_equal @first_tsvector.text_vector, new_text_vector + end + def test_number_values assert_equal 123.456, @first_number.single assert_equal 123456.789, @first_number.double diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb index ef833857ce..5ee3b2d776 100644 --- a/activerecord/test/cases/base_test.rb +++ b/activerecord/test/cases/base_test.rb @@ -489,6 +489,12 @@ class BasicsTest < ActiveRecord::TestCase assert_equal 'value2', weird.send('a$b') end + def test_attributes_guard_protected_attributes_is_deprecated + attributes = { "title" => "An amazing title" } + topic = Topic.new + assert_deprecated { topic.send(:attributes=, attributes, false) } + end + def test_multiparameter_attributes_on_date attributes = { "last_read(1i)" => "2004", "last_read(2i)" => "6", "last_read(3i)" => "24" } topic = Topic.find(1) diff --git a/activerecord/test/cases/persistence_test.rb b/activerecord/test/cases/persistence_test.rb index 3683e3430c..2044bc6e3f 100644 --- a/activerecord/test/cases/persistence_test.rb +++ b/activerecord/test/cases/persistence_test.rb @@ -491,6 +491,26 @@ class PersistencesTest < ActiveRecord::TestCase assert_equal "The First Topic", topic.title end + def test_update_attributes_as_admin + person = TightPerson.create + person.update_attributes({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :as => :admin) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + + def test_update_attributes_as_without_protection + person = TightPerson.create + person.update_attributes({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :without_protection => true) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + def test_update_attributes! Reply.validates_presence_of(:title) reply = Reply.find(2) @@ -512,6 +532,26 @@ class PersistencesTest < ActiveRecord::TestCase Reply.reset_callbacks(:validate) end + def test_update_attributes_as_admin + person = TightPerson.create + person.update_attributes!({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :as => :admin) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + + def test_update_attributes_as_without_protection + person = TightPerson.create + person.update_attributes!({ "first_name" => 'Josh', "gender" => 'male', "comments" => 'from NZ' }, :without_protection => true) + person.reload + + assert_equal 'Josh', person.first_name + assert_equal 'male', person.gender + assert_equal 'from NZ', person.comments + end + def test_destroyed_returns_boolean developer = Developer.first assert_equal false, developer.destroyed? diff --git a/activerecord/test/cases/schema_dumper_test.rb b/activerecord/test/cases/schema_dumper_test.rb index 9b2c7c00df..e8f2f44189 100644 --- a/activerecord/test/cases/schema_dumper_test.rb +++ b/activerecord/test/cases/schema_dumper_test.rb @@ -203,6 +203,13 @@ class SchemaDumperTest < ActiveRecord::TestCase assert_match %r{t.xml "data"}, output end end + + def test_schema_dump_includes_tsvector_shorthand_definition + output = standard_dump + if %r{create_table "postgresql_tsvectors"} =~ output + assert_match %r{t.tsvector "text_vector"}, output + end + end end def test_schema_dump_keeps_large_precision_integer_columns_as_decimal diff --git a/activerecord/test/schema/postgresql_specific_schema.rb b/activerecord/test/schema/postgresql_specific_schema.rb index f38f4f3b44..5cf9a207f3 100644 --- a/activerecord/test/schema/postgresql_specific_schema.rb +++ b/activerecord/test/schema/postgresql_specific_schema.rb @@ -1,6 +1,6 @@ ActiveRecord::Schema.define do - %w(postgresql_arrays postgresql_moneys postgresql_numbers postgresql_times postgresql_network_addresses postgresql_bit_strings + %w(postgresql_tsvectors postgresql_arrays postgresql_moneys postgresql_numbers postgresql_times postgresql_network_addresses postgresql_bit_strings postgresql_oids postgresql_xml_data_type defaults geometrics postgresql_timestamp_with_zones).each do |table_name| execute "DROP TABLE IF EXISTS #{quote_table_name table_name}" end @@ -55,6 +55,14 @@ _SQL nicknames TEXT[] ); _SQL + + execute <<_SQL + CREATE TABLE postgresql_tsvectors ( + id SERIAL PRIMARY KEY, + text_vector tsvector + ); +_SQL + execute <<_SQL CREATE TABLE postgresql_moneys ( id SERIAL PRIMARY KEY, |