From 80a2c9e5db33b85d0ad5867aa7b82c4b731e94d6 Mon Sep 17 00:00:00 2001
From: Naoto Takai <takai@recompile.net>
Date: Thu, 17 May 2012 06:55:14 +0900
Subject: Improve logging of ActiveModel::MassAssignmentSecurity::Sanitizer

---
 .../lib/active_model/mass_assignment_security.rb   |  2 +-
 .../mass_assignment_security/sanitizer.rb          | 31 +++++++++++++++-------
 2 files changed, 23 insertions(+), 10 deletions(-)

(limited to 'activemodel/lib/active_model')

diff --git a/activemodel/lib/active_model/mass_assignment_security.rb b/activemodel/lib/active_model/mass_assignment_security.rb
index 5e5405fe27..893fbf92c3 100644
--- a/activemodel/lib/active_model/mass_assignment_security.rb
+++ b/activemodel/lib/active_model/mass_assignment_security.rb
@@ -229,7 +229,7 @@ module ActiveModel
   protected
 
     def sanitize_for_mass_assignment(attributes, role = nil)
-      _mass_assignment_sanitizer.sanitize(attributes, mass_assignment_authorizer(role))
+      _mass_assignment_sanitizer.sanitize(self.class, attributes, mass_assignment_authorizer(role))
     end
 
     def mass_assignment_authorizer(role)
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index 4491e07a72..44ce5a489d 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -2,18 +2,18 @@ module ActiveModel
   module MassAssignmentSecurity
     class Sanitizer
       # Returns all attributes not denied by the authorizer.
-      def sanitize(attributes, authorizer)
+      def sanitize(klass, attributes, authorizer)
         rejected = []
         sanitized_attributes = attributes.reject do |key, value|
           rejected << key if authorizer.deny?(key)
         end
-        process_removed_attributes(rejected) unless rejected.empty?
+        process_removed_attributes(klass, rejected) unless rejected.empty?
         sanitized_attributes
       end
 
     protected
 
-      def process_removed_attributes(attrs)
+      def process_removed_attributes(klass, attrs)
         raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
       end
     end
@@ -32,8 +32,21 @@ module ActiveModel
         @target.respond_to?(:logger) && @target.logger
       end
 
-      def process_removed_attributes(attrs)
-        logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
+      def backtrace
+        if defined? Rails
+          Rails.backtrace_cleaner.clean(caller)
+        else
+          caller
+        end
+      end
+
+      def process_removed_attributes(klass, attrs)
+        if logger?
+          logger.warn do
+            "WARNING: Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}\n" +
+                backtrace.map { |trace| "\t#{trace}" }.join("\n")
+          end
+        end
       end
     end
 
@@ -42,9 +55,9 @@ module ActiveModel
         super()
       end
 
-      def process_removed_attributes(attrs)
+      def process_removed_attributes(klass, attrs)
         return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(attrs)
+        raise ActiveModel::MassAssignmentSecurity::Error.new(klass, attrs)
       end
 
       def insensitive_attributes
@@ -53,8 +66,8 @@ module ActiveModel
     end
 
     class Error < StandardError
-      def initialize(attrs)
-        super("Can't mass-assign protected attributes: #{attrs.join(', ')}")
+      def initialize(klass, attrs)
+        super("Can't mass-assign protected attributes for #{klass.name}: #{attrs.join(', ')}")
       end
     end
   end
-- 
cgit v1.2.3