From b2451f4a7fa4fe20dff278edd33fe8a4b1d65be7 Mon Sep 17 00:00:00 2001
From: Josh Kalderimis <josh.kalderimis@gmail.com>
Date: Sun, 8 May 2011 16:42:00 +0200
Subject: renamed mass-assignment scopes to roles, updated code, tests, docs
 and security guide

---
 activerecord/lib/active_record/base.rb             | 12 ++---
 activerecord/lib/active_record/persistence.rb      |  2 +-
 .../test/cases/mass_assignment_security_test.rb    | 54 +++++++++++-----------
 3 files changed, 34 insertions(+), 34 deletions(-)

(limited to 'activerecord')

diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 78318b1be0..67af21c9a0 100644
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -482,7 +482,7 @@ module ActiveRecord #:nodoc:
       #   # Create a single new object
       #   User.create(:first_name => 'Jamie')
       #
-      #   # Create a single new object using the :admin mass-assignment security scope
+      #   # Create a single new object using the :admin mass-assignment security role
       #   User.create({ :first_name => 'Jamie', :is_admin => true }, :as => :admin)
       #
       #   # Create a single new object bypassing mass-assignment security
@@ -1486,7 +1486,7 @@ MSG
       #   # Instantiates a single new object
       #   User.new(:first_name => 'Jamie')
       #
-      #   # Instantiates a single new object using the :admin mass-assignment security scope
+      #   # Instantiates a single new object using the :admin mass-assignment security role
       #   User.new({ :first_name => 'Jamie', :is_admin => true }, :as => :admin)
       #
       #   # Instantiates a single new object bypassing mass-assignment security
@@ -1661,8 +1661,8 @@ MSG
       end
 
       # Allows you to set all the attributes for a particular mass-assignment
-      # security scope by passing in a hash of attributes with keys matching
-      # the attribute names (which again matches the column names) and the scope
+      # security role by passing in a hash of attributes with keys matching
+      # the attribute names (which again matches the column names) and the role
       # name using the :as option.
       #
       # To bypass mass-assignment security you can use the :without_protection => true
@@ -1689,12 +1689,12 @@ MSG
       #   user.is_admin?  # => true
       def assign_attributes(new_attributes, options = {})
         attributes = new_attributes.stringify_keys
-        scope = options[:as] || :default
+        role = options[:as] || :default
 
         multi_parameter_attributes = []
 
         unless options[:without_protection]
-          attributes = sanitize_for_mass_assignment(attributes, scope)
+          attributes = sanitize_for_mass_assignment(attributes, role)
         end
 
         attributes.each do |k, v|
diff --git a/activerecord/lib/active_record/persistence.rb b/activerecord/lib/active_record/persistence.rb
index b4531ed35f..b9041f44d8 100644
--- a/activerecord/lib/active_record/persistence.rb
+++ b/activerecord/lib/active_record/persistence.rb
@@ -146,7 +146,7 @@ module ActiveRecord
     # will fail and false will be returned.
     #
     # When updating model attributes, mass-assignment security protection is respected.
-    # If no +:as+ option is supplied then the +:default+ scope will be used.
+    # If no +:as+ option is supplied then the +:default+ role will be used.
     # If you want to bypass the protection given by +attr_protected+ and
     # +attr_accessible+ then you can do so using the +:without_protection+ option.
     def update_attributes(attributes, options = {})
diff --git a/activerecord/test/cases/mass_assignment_security_test.rb b/activerecord/test/cases/mass_assignment_security_test.rb
index fbbae99e8b..c81015b7c2 100644
--- a/activerecord/test/cases/mass_assignment_security_test.rb
+++ b/activerecord/test/cases/mass_assignment_security_test.rb
@@ -87,7 +87,7 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     end
   end
 
-  def test_assign_attributes_uses_default_scope_when_no_scope_is_provided
+  def test_assign_attributes_uses_default_role_when_no_role_is_provided
     p = LoosePerson.new
     p.assign_attributes(attributes_hash)
 
@@ -101,28 +101,28 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     assert_all_attributes(p)
   end
 
-  def test_assign_attributes_with_default_scope_and_attr_protected_attributes
+  def test_assign_attributes_with_default_role_and_attr_protected_attributes
     p = LoosePerson.new
     p.assign_attributes(attributes_hash, :as => :default)
 
     assert_default_attributes(p)
   end
 
-  def test_assign_attributes_with_admin_scope_and_attr_protected_attributes
+  def test_assign_attributes_with_admin_role_and_attr_protected_attributes
     p = LoosePerson.new
     p.assign_attributes(attributes_hash, :as => :admin)
 
     assert_admin_attributes(p)
   end
 
-  def test_assign_attributes_with_default_scope_and_attr_accessible_attributes
+  def test_assign_attributes_with_default_role_and_attr_accessible_attributes
     p = TightPerson.new
     p.assign_attributes(attributes_hash, :as => :default)
 
     assert_default_attributes(p)
   end
 
-  def test_assign_attributes_with_admin_scope_and_attr_accessible_attributes
+  def test_assign_attributes_with_admin_role_and_attr_accessible_attributes
     p = TightPerson.new
     p.assign_attributes(attributes_hash, :as => :admin)
 
@@ -153,25 +153,25 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     assert_default_attributes(p, true)
   end
 
-  def test_new_with_admin_scope_with_attr_accessible_attributes
+  def test_new_with_admin_role_with_attr_accessible_attributes
     p = TightPerson.new(attributes_hash, :as => :admin)
 
     assert_admin_attributes(p)
   end
 
-  def test_new_with_admin_scope_with_attr_protected_attributes
+  def test_new_with_admin_role_with_attr_protected_attributes
     p = LoosePerson.new(attributes_hash, :as => :admin)
 
     assert_admin_attributes(p)
   end
 
-  def test_create_with_admin_scope_with_attr_accessible_attributes
+  def test_create_with_admin_role_with_attr_accessible_attributes
     p = TightPerson.create(attributes_hash, :as => :admin)
 
     assert_admin_attributes(p, true)
   end
 
-  def test_create_with_admin_scope_with_attr_protected_attributes
+  def test_create_with_admin_role_with_attr_protected_attributes
     p = LoosePerson.create(attributes_hash, :as => :admin)
 
     assert_admin_attributes(p, true)
@@ -230,12 +230,12 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_build_with_admin_role_with_attr_protected_attributes
     best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_build_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.build_best_friend(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
@@ -257,12 +257,12 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_admin_role_with_attr_protected_attributes
     best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.create_best_friend(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
@@ -284,12 +284,12 @@ class MassAssignmentSecurityHasOneRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
     best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
@@ -318,12 +318,12 @@ class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_build_with_admin_role_with_attr_protected_attributes
     best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_build_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.build_best_friend_of(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
@@ -345,12 +345,12 @@ class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_admin_role_with_attr_protected_attributes
     best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.create_best_friend_of(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
@@ -372,12 +372,12 @@ class MassAssignmentSecurityBelongsToRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
     best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.create_best_friend!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
@@ -406,12 +406,12 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_build_with_admin_role_with_attr_protected_attributes
     best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
 
-  def test_has_one_build_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_build_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.best_friends.build(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend)
   end
@@ -433,12 +433,12 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_admin_role_with_attr_protected_attributes
     best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.best_friends.create(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
@@ -460,12 +460,12 @@ class MassAssignmentSecurityHasManyRelationsTest < ActiveRecord::TestCase
     assert_default_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_protected_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_protected_attributes
     best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
 
-  def test_has_one_create_with_bang_with_admin_scope_with_attr_accessible_attributes
+  def test_has_one_create_with_bang_with_admin_role_with_attr_accessible_attributes
     best_friend = @person.best_friends.create!(attributes_hash, :as => :admin)
     assert_admin_attributes(best_friend, true)
   end
-- 
cgit v1.2.3