| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When you've got an AR Model and you override the `as_json` method,
you should be able to add default options to the renderer, like this:
class User < ActiveRecord::Base
def as_json(options = {})
super(options.merge(:except => [:password_digest]))
end
end
This was not possible before this commit. See the added test case.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, it would use send() to get the attribute. In Active
Resource, this would rely on hitting method missing. If a method with
the same name was defined further up the ancestor chain, that method
would wrongly be called.
This change fixes test_to_xml_with_private_method_name_as_attribute in
activeresource/test/cases/base_test.rb, which was broken after
51bef9d8fb0b4da7a104425ab8545e9331387743, because that change made
to_xml use serializable_hash.
|
|
|
|
| |
include the root, but an instance is serialized with the root option passed as true
|
| |
|
|
|
|
|
|
|
| |
There's no harm in generating a method name that's already defined on
the host class, since we're generating the attribute methods in a module
that gets included. In fact, this is desirable as it allows the host
class to call super.
|
|
|
|
| |
This can be overloaded by implementors if necessary.
|
|
|
|
|
|
| |
Check respond_to_without_attributes? in method_missing. If there is any
method that responds (even private), let super handle it and raise
NoMethodError if necessary.
|
| |
|
|
|
|
|
|
| |
This means that attribute methods which don't exist will get generated
when define_attribute_methods is called, so we don't have to use hacks
like `attribute_method_suffix ''`.
|
| |
|
| |
|
| |
|
|\
| |
| | |
Implemented strict validation concept
|
| |
| |
| |
| |
| |
| |
| | |
In order to deliver debug information to dev team
instead of display error message to end user
Implemented strict validation concept
that suppose to define validation that always raise exception when fails
|
|/ |
|
|
|
| |
We have to use Observer#update rather than Observer#send since the enabled state is checked in #update before forwarding the method call on.
|
|\
| |
| | |
MassAssignmentProtection: consider 'id' insensetive in StrictSanitizer
|
| |
| |
| |
| |
| |
| | |
In order to use StrictSanitizer in test mode
Consider :id as not sensetive attribute that can be filtered from
mass assignement without exception.
|
| |
| |
| |
| | |
File#to_path and similar.
|
|\ \
| | |
| | | |
Allow ActiveModel-compatible instances to define their own partial paths
|
| |/
| |
| |
| |
| |
| | |
Deprecate ActiveModel::Name#partial_path. Now you
should call #to_path directly on ActiveModel
instances.
|
|/ |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit moves support for the :include serialization option for
serializing associated objects out of ActiveRecord in into ActiveModel.
The following methods support the :include option:
* serializable_hash
* to_json
* to_xml
Instances must respond to methods named by the values of the :includes
array (or keys of the :includes hash). If an association method returns
an object that is_a?(Enumerable) (which AR has_many associations do), it
is assumed to be a collection association, and its elements must respond
to :serializable_hash. Otherwise it must respond to :serializable_hash
itself.
While here, fix #858, XmlSerializer should not singularize already
singular association names.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\
| |
| | |
removed duplicate code in tests
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
|
| |
In order to specify your own sanitize method
Implemented .mass_assignment_sanitizer configuration option
|
|
|
|
|
|
| |
Added an ability to specify your own behavior on mass assingment
protection, controlled by option:
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer
|
| |
|
|
|
|
| |
This patch allows to specify the name of your models independent of the class name.
|
|
|
|
| |
serialization options. Closes #1058
|
| |
|
| |
|
|
|
|
| |
security guide
|
| |
|
| |
|
|
|
|
|
| |
Now that we propagate the enabling/disabling to descendants, we no longer have to check the disabled_observer Set on each superclass of the model class. This was causing a bug when disabling all observers at a superclass level and then enabling an individual observer at a subclass level.
Plus the logic is simpler now :).
|
|
|
|
|
|
|
|
|
| |
the class hierarchy.""
This reverts commit 2a25c5818b03d7d6cd63aad180bff23479dbd861.
I'm going to add another commit that keeps the same behavior of fixes
the problems of leaking memory in development.
|
|
|
|
|
|
|
|
|
|
| |
hierarchy."
This reverts commit ad62f1928768bd2676958a4a08512bad342fe469 because the current
subclasses implementation leaks memory in development.
Instead of keeping an array of subclasses, the better solution is to
ask the parent if an observer is being disabled or not.
|
|
|
|
| |
Last call wins.
|