From 7d1379ffdbbaf01e99833dc06611b7e4f3799522 Mon Sep 17 00:00:00 2001
From: Bogdan Gusiev <agresso@gmail.com>
Date: Wed, 14 Mar 2012 14:11:52 +0200
Subject: AM::MassAssingmentSecurity: improve performance

---
 .../mass_assignment_security/sanitizer.rb          | 34 ++++++++++------------
 1 file changed, 16 insertions(+), 18 deletions(-)

(limited to 'activemodel/lib/active_model/mass_assignment_security')

diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index cfeb4aa7cd..93c4432b7d 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -3,20 +3,18 @@ module ActiveModel
     class Sanitizer
       # Returns all attributes not denied by the authorizer.
       def sanitize(attributes, authorizer)
-        sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
-        debug_protected_attribute_removal(attributes, sanitized_attributes)
-        sanitized_attributes
+        attributes.reject do |attr, value|
+          if authorizer.deny?(attr)
+            process_removed_attribute(attr)
+            true
+          end
+        end
       end
 
     protected
 
-      def debug_protected_attribute_removal(attributes, sanitized_attributes)
-        removed_keys = attributes.keys - sanitized_attributes.keys
-        process_removed_attributes(removed_keys) if removed_keys.any?
-      end
-
-      def process_removed_attributes(attrs)
-        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+      def process_removed_attribute(attr)
+        raise NotImplementedError, "#process_removed_attribute(attr) suppose to be overwritten"
       end
     end
 
@@ -34,8 +32,8 @@ module ActiveModel
         @target.respond_to?(:logger) && @target.logger
       end
 
-      def process_removed_attributes(attrs)
-        logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
+      def process_removed_attribute(attr)
+        logger.warn "Can't mass-assign protected attribute: #{attr}" if logger?
       end
     end
 
@@ -44,19 +42,19 @@ module ActiveModel
         super()
       end
 
-      def process_removed_attributes(attrs)
-        return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(attrs)
+      def process_removed_attribute(attr)
+        return if insensitive_attributes.include?(attr)
+        raise ActiveModel::MassAssignmentSecurity::Error.new(attr)
       end
 
       def insensitive_attributes
-        ['id']
+        @insensitive_attributes ||= ['id']
       end
     end
 
     class Error < StandardError
-      def initialize(attrs)
-        super("Can't mass-assign protected attributes: #{attrs.join(', ')}")
+      def initialize(attr)
+        super("Can't mass-assign protected attribute: #{attr}")
       end
     end
   end
-- 
cgit v1.2.3


From eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Thu, 15 Mar 2012 18:41:25 +0100
Subject: Revert "AM::MassAssingmentSecurity: improve performance"

It introduces backwards incompatible changes in the API.

This reverts commit 7d1379ffdbbaf01e99833dc06611b7e4f3799522.
---
 .../mass_assignment_security/sanitizer.rb          | 34 ++++++++++++----------
 1 file changed, 18 insertions(+), 16 deletions(-)

(limited to 'activemodel/lib/active_model/mass_assignment_security')

diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index 93c4432b7d..cfeb4aa7cd 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -3,18 +3,20 @@ module ActiveModel
     class Sanitizer
       # Returns all attributes not denied by the authorizer.
       def sanitize(attributes, authorizer)
-        attributes.reject do |attr, value|
-          if authorizer.deny?(attr)
-            process_removed_attribute(attr)
-            true
-          end
-        end
+        sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
+        debug_protected_attribute_removal(attributes, sanitized_attributes)
+        sanitized_attributes
       end
 
     protected
 
-      def process_removed_attribute(attr)
-        raise NotImplementedError, "#process_removed_attribute(attr) suppose to be overwritten"
+      def debug_protected_attribute_removal(attributes, sanitized_attributes)
+        removed_keys = attributes.keys - sanitized_attributes.keys
+        process_removed_attributes(removed_keys) if removed_keys.any?
+      end
+
+      def process_removed_attributes(attrs)
+        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
       end
     end
 
@@ -32,8 +34,8 @@ module ActiveModel
         @target.respond_to?(:logger) && @target.logger
       end
 
-      def process_removed_attribute(attr)
-        logger.warn "Can't mass-assign protected attribute: #{attr}" if logger?
+      def process_removed_attributes(attrs)
+        logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
       end
     end
 
@@ -42,19 +44,19 @@ module ActiveModel
         super()
       end
 
-      def process_removed_attribute(attr)
-        return if insensitive_attributes.include?(attr)
-        raise ActiveModel::MassAssignmentSecurity::Error.new(attr)
+      def process_removed_attributes(attrs)
+        return if (attrs - insensitive_attributes).empty?
+        raise ActiveModel::MassAssignmentSecurity::Error.new(attrs)
       end
 
       def insensitive_attributes
-        @insensitive_attributes ||= ['id']
+        ['id']
       end
     end
 
     class Error < StandardError
-      def initialize(attr)
-        super("Can't mass-assign protected attribute: #{attr}")
+      def initialize(attrs)
+        super("Can't mass-assign protected attributes: #{attrs.join(', ')}")
       end
     end
   end
-- 
cgit v1.2.3


From 034ccf40489d5329ac72a0a5d33b907f755cf1b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Valim?= <jose.valim@gmail.com>
Date: Fri, 16 Mar 2012 13:40:42 +0100
Subject: Speed up mass assignment by avoiding extra loops.

---
 .../lib/active_model/mass_assignment_security/sanitizer.rb   | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'activemodel/lib/active_model/mass_assignment_security')

diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index cfeb4aa7cd..4491e07a72 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -3,18 +3,16 @@ module ActiveModel
     class Sanitizer
       # Returns all attributes not denied by the authorizer.
       def sanitize(attributes, authorizer)
-        sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
-        debug_protected_attribute_removal(attributes, sanitized_attributes)
+        rejected = []
+        sanitized_attributes = attributes.reject do |key, value|
+          rejected << key if authorizer.deny?(key)
+        end
+        process_removed_attributes(rejected) unless rejected.empty?
         sanitized_attributes
       end
 
     protected
 
-      def debug_protected_attribute_removal(attributes, sanitized_attributes)
-        removed_keys = attributes.keys - sanitized_attributes.keys
-        process_removed_attributes(removed_keys) if removed_keys.any?
-      end
-
       def process_removed_attributes(attrs)
         raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
       end
-- 
cgit v1.2.3