aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/lib
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge branch '5-0-beta-sec'Aaron Patterson2016-01-253-3/+4
|\ | | | | | | | | | | | | | | | | | | | | * 5-0-beta-sec: bumping version fix version update task to deal with .beta1.1 Eliminate instance level writers for class accessors allow :file to be outside rails root, but anything else must be inside the rails view directory Don't short-circuit reject_if proc stop caching mime types globally use secure string comparisons for basic auth username / password
| * bumping versionAaron Patterson2016-01-251-1/+1
| |
| * Eliminate instance level writers for class accessorsAaron Patterson2016-01-222-2/+3
| | | | | | | | | | | | | | | | | | Instance level writers can have an impact on how the Active Model / Record objects are saved. Specifically, they can be used to bypass validations. This is a problem if mass assignment protection is disabled and specific attributes are passed to the constructor. CVE-2016-0753
* | Refactor tz aware types, add support for PG rangesSean Griffin2016-01-081-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an alternate implementation to #22875, that generalizes a lot of the logic that type decorators are going to need, in order to have them work with arrays, ranges, etc. The types have the ability to map over a value, with the default implementation being to just yield that given value. Array and Range give more appropriate definitions. This does not automatically make ranges time zone aware, as they need to be added to the `time_zone_aware` types config, but we could certainly make that change if we feel it is appropriate. I do think this would be a breaking change however, and should at least have a deprecation cycle. Closes #22875. /cc @matthewd
* | Take UTC offset into account when assigning string value to time attribute.Andrey Novikov2016-01-051-1/+1
| |
* | Update copyright notices to 2016 [ci skip]Rashmi Yadav2015-12-311-1/+1
| |
* | Convert non-`Numeric` values to FloatsRobert Eshleman2015-12-221-1/+1
| |
* | Fix Regression in Numericality ValidationsRobert Eshleman2015-12-221-2/+9
|/ | | | | | | | | | | | A regression (#22744) introduced in 7500dae caused certain numericality validations to raise an error when run against an attribute with a string value. Previously, these validations would successfully run against string values because the value was cast to a numeric class. This commit resolves the regression by converting string values to floats before performing numericality comparison validations. [fixes #22744]
* Change `alpha` to `beta1` to prep for release of Rails 5eileencodes2015-12-181-1/+1
| | | | :tada: :beers:
* `ActiveRecord::Base#becomes` should copy the errorsVokhmin Alexey V2015-12-141-0/+12
|
* Use a bind param for `LIMIT` and `OFFSET`Sean Griffin2015-12-141-0/+5
| | | | | | | | | | | | | | | We currently generate an unbounded number of prepared statements when `limit` or `offset` are called with a dynamic argument. This changes `LIMIT` and `OFFSET` to use bind params, eliminating the problem. `Type::Value#hash` needed to be implemented, as it turns out we busted the query cache if the type object used wasn't exactly the same object. This drops support for passing an `Arel::Nodes::SqlLiteral` to `limit`. Doing this relied on AR internals, and was never officially supported usage. Fixes #22250.
* Avoid dummy_time_value to add "2000-01-01" twiceYasuo Honda2015-11-301-1/+5
|
* Merge pull request #21000 from twalpole/find_or_parameter_issuesSean Griffin2015-11-231-1/+1
|\ | | | | Update and fix forbidden attributes test issues caused by AC::Parameters change
| * Update and fix forbidden attributes testsThomas Walpole2015-11-031-1/+1
| | | | | | | | Add AC::Parameters tests for WhereChain#not
* | Merge pull request #22333 from harrykiselev/patch-3Yves Senn2015-11-211-1/+5
|\ \ | | | | | | | | | [ci skip] Update dirty.rb: documentation fix.
| * | Update dirty.rb: documentation fix.Harry V. Kiselev2015-11-191-1/+5
|/ / | | | | ActiveModel::Dirty module documentation fix.
* / Require only necessary concurrent-ruby classes.Jerry D'Antonio2015-11-041-1/+1
|/
* Merge pull request #19851 from repinel/numericality-validation2Sean Griffin2015-10-201-12/+11
|\ | | | | Use the post-type-cast version of the attribute to validate numericality
| * Conditionally convert the raw_value received by the numeric validator.Roque Pinel2015-07-111-12/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes the issue where you may be comparing (using a numeric validator such as `greater_than`) numbers of a specific Numeric type such as `BigDecimal`. Previous behavior took the numeric value to be validated and unconditionally converted to Float. For example, due to floating point precision, this can cause issues when comparing a Float to a BigDecimal. Consider the following: ``` validates :sub_total, numericality: { greater_than: BigDecimal('97.18') } ``` If the `:sub_total` value BigDecimal.new('97.18') was validated against the above, the following would be valid since `:sub_total` is converted to a Float regardless of its original type. The result therefore becomes Kernel.Float(97.18) > BigDecimal.new('97.18') The above illustrated behavior is corrected with this patch by conditionally converting the value to validate to float. Use the post-type-cast version of the attribute to validate numericality [Roque Pinel & Trevor Wistaff]
* | All strings returned by `ImmutableString` should be frozenSean Griffin2015-10-152-11/+7
| | | | | | | | | | | | | | I seriously don't even know why we handle booleans, but those strings should technically be frozen. Additionally, we don't need to actually check the class in the mutable string type, since the `cast_value` function will always return a string.
* | Add an immutable string type to opt out of string dupingSean Griffin2015-10-153-20/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This type adds an escape hatch to apps for which string duping causes unacceptable memory growth. The reason we are duping them is in order to detect mutation, which was a feature added to 4.2 in #15674. The string type was modified to support this behavior in #15788. Memory growth is really only a concern for string types, as it's the only mutable type where the act of coersion does not create a new object regardless (as we're usually returning an object of a different class). I do feel strongly that if we are going to support detecting mutation, we should do it universally for any type which is mutable. While it is less common and ideomatic to mutate strings than arrays or hashes, there shouldn't be rules or gotchas to understanding our behavior. However, I also appreciate that for apps which are using a lot of string columns, this would increase the number of allocations by a large factor. To ensure that we keep our contract, if you'd like to opt out of mutation detection on strings, you'll also be option out of mutation of those strings. I'm not completely married to the thought that strings coming out of this actually need to be frozen -- and I think the name is correct either way, as the purpose of this is to provide a string type which does not detect mutation. In the new implementation, I'm only overriding `cast_value`. I did not port over the duping in `serialize`. I cannot think of a reason we'd need to dup the string there, and the tests pass without it. Unfortunately that line was introduced at a time where I was not nearly as good about writing my commit messages, so I have no context as to why I added it. Thanks past Sean. You are a jerk.
* | use ActiveModel::Naming module instead of Model [ci skip]Roman Pramberger2015-10-061-1/+1
| | | | | | | | | | Use the documented module instead of ActiveModel::Model. This makes the example more focused.
* | Merge pull request #21809 from yui-knk/fix_doc_am_serializationSean Griffin2015-10-021-3/+3
|\ \ | | | | | | [ci skip] Fix explanation of `ActiveModel::Serialization`
| * | [ci skip] Fix explanation of `ActiveModel::Serialization`yui-knk2015-10-021-3/+3
| | | | | | | | | | | | | | | | | | This explanation was change by https://github.com/rails/rails/commit/7a27de2b. This change reversed the including module (`ActiveModel::Serializers::JSON`) and the included module (`ActiveModel::Serialization`) by mistake.
* | | Fix AC::Parameters not being sanitized for query methods.Guo Xiang Tan2015-10-021-2/+3
|/ /
* | Fixed humane -> human [ci skip]Pratik2015-09-261-1/+1
| |
* | `validates_acceptance_of` shouldn't require a database connectionSean Griffin2015-09-251-4/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | The implementation of `attribute_method?` on Active Record requires establishing a database connection and querying the schema. As a general rule, we don't want to require database connections for any class macro, as the class should be able to be loaded without a database (e.g. for things like compiling assets). Instead of eagerly defining these methods, we do it lazily the first time they are accessed via `method_missing`. This should not cause any performance hits, as it will only hit `method_missing` once for the entire class.
* | Improve the performance of `save` and friendsSean Griffin2015-09-241-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The biggest source of the performance regression in these methods occurred because dirty tracking required eagerly materializing and type casting the assigned values. In the previous commits, I've changed dirty tracking to perform the comparisons lazily. However, all of this is moot when calling `save`, since `changes_applied` will be called, which just ends up eagerly materializing everything, anyway. With the new mutation tracker, it's easy to just compare the previous two hashes in the same lazy fashion. We will not have aliasing issues with this setup, which is proven by the fact that we're able to detect nested mutation. Before: User.create! 2.007k (± 7.1%) i/s - 10.098k After: User.create! 2.557k (± 3.5%) i/s - 12.789k Fixes #19859
* | Clean up the implementation of AR::DirtySean Griffin2015-09-242-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | This moves a bit more of the logic required for dirty checking into the attribute objects. I had hoped to remove the `with_value_from_database` stuff, but unfortunately just calling `dup` on the attribute objects isn't enough, since the values might contain deeply nested data structures. I think this can be cleaned up further. This makes most dirty checking become lazy, and reduces the number of object allocations and amount of CPU time when assigning a value. This opens the door (but doesn't quite finish) to improving the performance of writes to a place comparable to 4.1
* | Merge pull request #21218 from repinel/fix-as-callback-terminatorKasper Timm Hansen2015-09-232-0/+2
|\ \ | | | | | | WIP: Fix the AS::Callbacks terminator regression from 4.2.3
| * | Fix the AS::Callbacks terminator regression from 4.2.3Roque Pinel2015-09-222-0/+2
| | | | | | | | | | | | | | | | | | Rails 4.2.3 AS::Callbacks will not halt chain if `false` is returned. That is the behavior of specific callbacks like AR::Callbacks and AM::Callbacks.
* | | Merge pull request #20317Sean Griffin2015-09-232-9/+12
|\ \ \ | |/ / |/| | | | | | | | AR: take precision into count when assigning a value to timestamp attribute
| * | Fixed taking precision into count when assigning a value to timestamp attributeBogdan Gusiev2015-09-232-9/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Timestamp column can have less precision than ruby timestamp In result in how big a fraction of a second can be stored in the database. m = Model.create! m.created_at.usec == m.reload.created_at.usec # => false # due to different seconds precision in Time.now and database column If the precision is low enough, (mysql default is 0, so it is always low enough by default) the value changes when model is reloaded from the database. This patch fixes that issue ensuring that any timestamp assigned as an attribute is converted to column precision under the attribute.
* | | AMo typosAkira Matsuda2015-09-221-2/+2
|/ /
* | Require dependencies from stdlib in the Decimal typeSean Griffin2015-09-211-0/+2
| | | | | | | | | | | | | | In Active Record, it appears these were either autoloaded, which actually was likely due to test ordering since the method `Float#to_d` wouldn't trigger it. This makes it explicit, and unlikely to fail in the future.
* | Remove no-op options being passed in AM type registrationsSean Griffin2015-09-211-11/+11
| | | | | | | | | | | | The `override` option is only a thing for Active Record registrations. We should figure out how to make this properly error out without doing anything too weird to the code.
* | Move the appropriate type tests to the Active Model suiteSean Griffin2015-09-211-2/+8
| | | | | | | | | | | | | | | | | | Any tests for a type which is not overridden by Active Record, and does not test the specifics of the attributes API interacting in more complex ways have no reason to be in the Active Record suite. Doing this revealed that the implementation of the date and time types in AM was actually completely broken, and incapable of returning any value other than `nil`.
* | Simplify the implementation of Active Model's type registrySean Griffin2015-09-211-97/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Things like decorations, overrides, and priorities only matter for Active Record, so the Active Model registry can be implemented much more simply. At this point, I wonder if having Active Record's registry inherit from Active Model's is even worth the trouble? The Active Model class was also missing test cases, which have been backfilled. This removes the error when two types are registered with the same name, but given that Active Model is meant to be significantly more generic, I do not think this is an issue for now. If we want, we can raise an error at the point that someone tries to register it.
* | Various stylistic nitpicksSean Griffin2015-09-211-4/+3
| | | | | | | | | | | | | | We do not need to require each file from AM individually, the type module does that for us. Even if the classes are extremely small right now, I'd rather keep any custom classes needed by AR in their own files, as they can easily have more complex changes in the future.
* | `TypeMap` and `HashLookupTypeMap` shouldn't be in Active ModelSean Griffin2015-09-213-89/+0
| | | | | | | | | | | | These are used by the connection adapters to convert SQL type information into the appropriate type object, and makes no sense outside of the context of Active Record
* | Move ActiveRecord::Type to ActiveModelKir Shatrov2015-09-2123-0/+987
| | | | | | | | The first step of bringing typecasting to ActiveModel
* | Replaced `ThreadSafe::Map` with successor `Concurrent::Map`.Jerry D'Antonio2015-09-191-2/+2
| | | | | | | | | | | | | | The thread_safe gem is being deprecated and all its code has been merged into the concurrent-ruby gem. The new class, Concurrent::Map, is exactly the same as its predecessor except for fixes to two bugs discovered during the merge.
* | File encoding is defaulted to utf-8 in Ruby >= 2.1Akira Matsuda2015-09-181-2/+0
| |
* | Validate multiple contexts on `valid?` and `invalid?` at once.Dmitry Polushkin2015-09-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example: ```ruby class Person include ActiveModel::Validations attr_reader :name, :title validates_presence_of :name, on: :create validates_presence_of :title, on: :update end person = Person.new person.valid?([:create, :update]) # => true person.errors.messages # => {:name=>["can't be blank"], :title=>["can't be blank"]} ```
* | Revert "Merge pull request #21069 from ↵Rafael Mendonça França2015-09-071-1/+1
| | | | | | | | | | | | | | | | | | dmitry/feature/validate-multiple-contexts-at-once" This reverts commit 51dd2588433457960cca592d5b5dac6e0537feac, reversing changes made to ecb4e4b21b3222b823fa24d4a0598b1f2f63ecfb. This broke Active Record tests
* | Merge pull request #21069 from dmitry/feature/validate-multiple-contexts-at-onceRafael Mendonça França2015-09-071-1/+1
|\ \ | | | | | | | | | Validate multiple contexts on `valid?` and `invalid?` at once
| * | Validate multiple contexts on `valid?` and `invalid?` at once.Dmitry Polushkin2015-07-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Example: ```ruby class Person include ActiveModel::Validations attr_reader :name, :title validates_presence_of :name, on: :create validates_presence_of :title, on: :update end person = Person.new person.valid?([:create, :update]) # => true person.errors.messages # => {:name=>["can't be blank"], :title=>["can't be blank"]} ```
* | | Fix failure introduced by #17351 due to the new mocks implementationCarlos Antonio da Silva2015-09-011-1/+1
| | | | | | | | | | | | | | | | | | | | | It was not expecting the new `case_insensitive` option to be passed to `generate_message`, instead of fixing the test we can just not pass this option down since it is specific to the confirmation validator and not necessary for the error message.
* | | Fix syntax error introduced by #17351.Jashank Jeremy2015-09-011-1/+1
| | |
* | | Merge pull request #17351 from akshat-sharma/masterRafael Mendonça França2015-09-011-4/+16
|\ \ \ | | | | | | | | | | | | Add case_sensitive option for confirmation validation