Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merge branch 'master' of git://github.com/cjbottaro/param_protected

  • Loading branch information...
commit dd0d91685c189e441260760bfd3345c868047e23 2 parents d00ecf0 + 8d9f32d
Moritz Heidkamp authored
Showing with 41 additions and 18 deletions.
  1. +25 −11 README.rdoc
  2. +1 −0  Rakefile
  3. +1 −1  VERSION
  4. +14 −6 param_protected.gemspec
View
36 README.rdoc
@@ -1,7 +1,7 @@
-= Summary
+=== Summary
This plugin provides two class methods on <tt>ActiveController::Base</tt> that filter the <tt>params</tt> hash for that controller's actions. You can think of them as the controller analog of <tt>attr_protected</tt> and <tt>attr_accessible</tt>.
-= Installation
+=== Installation
Put in your <tt>environment.rb</tt> file...
@@ -9,7 +9,7 @@ Put in your <tt>environment.rb</tt> file...
Alternatively, just install the gem from the command line and <tt>require "param_protected"</tt> somewhere in your project.
-= Usage
+=== Usage
class YourController < ActiveController::Base
param_protected <param_name> <options>
param_accessible <param_name> <options>
@@ -20,30 +20,44 @@ Alternatively, just install the gem from the command line and <tt>require "param
<tt>options</tt> is a Hash that has <em>one</em> of two keys: <tt>:only</tt> or <tt>:except</tt>. The value for these keys is a String, Symbol, or Array of Strings and/or Symbols which denotes to the action(s) for which params to protect.
-= Examples
-
-== Blacklisting
+=== Blacklisting
Any of these combinations should work.
param_protected :client_id
param_protected [:client_id, :user_id]
param_protected :client_id, :only => 'my_action'
param_protected :client_id, :except => [:your_action, :my_action]
-== Whitelisting
+=== Whitelisting
Any of these combinations should work.
param_accessible :client_id
param_accessible :[:client_id, :user_id]
param_accessible :client_id, :only => 'my_action'
param_accessible :client_id, :except => [:your_action, :my_action]
-== Nested Params
+=== Nested Params
You can use combinations of arrays and hashes to specify nested params, much the same way <tt>ActiveRecord::Base#find</tt>'s
<tt>:include</tt> argument works.
param_accessible [:account_name, { :user => [:first_name, :last_name, :address => [:street, :city, :state]] }]
param_protected [:id, :password, { :user => [:id, :password] }]
-= How does it work?
+=== Merging
+If you call <tt>param_protected</tt> or <tt>param_accessible</tt> multiple times for an action or actions, then the protections will be merged. For example...
+ param_protected [:id, :user], :only => :some_action
+ param_protected [{ :user => [:first, :last] }, :password], :only => :some_action
+Is equivalent to saying...
+ param_protected [:id, { :user => [:first, :last] }, :password], :only => :some_action
+Credit: Moritz Heidkamp
+
+=== Inheritance
+Param protections will be inherited to derived controllers.
+
+Credit: Moritz Heidkamp
+
+=== How does it work?
It does an <tt>alias_method_chain</tt> on <tt>ActionController::Base#params</tt> that filters (and caches) the params. You can get the unfiltered, pristine params by calling <tt>ActionController::Base#params_without_protection</tt>.
-= Author
-Christopher J. Bottaro
+=== Author
+Christopher J. Bottaro - {cjbottaro}[http://github.com/cjbottaro]
+
+=== Contributors
+Moritz Heidkamp - {DerGuteMoritz}[http://github.com/DerGuteMoritz]
View
1  Rakefile
@@ -22,6 +22,7 @@ task :default => :test
desc 'Test the param_protected plugin.'
Rake::TestTask.new(:test) do |t|
t.libs << 'lib'
+ t.libs << 'test'
t.pattern = 'test/**/*_test.rb'
t.verbose = true
end
View
2  VERSION
@@ -1 +1 @@
-1.1.0
+1.2.0
View
20 param_protected.gemspec
@@ -1,15 +1,15 @@
# Generated by jeweler
-# DO NOT EDIT THIS FILE
-# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
# -*- encoding: utf-8 -*-
Gem::Specification.new do |s|
s.name = %q{param_protected}
- s.version = "1.1.0"
+ s.version = "1.2.0"
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
s.authors = ["Christopher J. Bottaro"]
- s.date = %q{2009-09-12}
+ s.date = %q{2010-02-18}
s.description = %q{Provides two class methods on ActiveController::Base that filter the params hash for that controller's actions. You can think of them as the controller analog of attr_protected and attr_accessible.}
s.email = %q{cjbottaro@alumni.cs.utexas.edu}
s.extra_rdoc_files = [
@@ -34,6 +34,8 @@ Gem::Specification.new do |s|
"test/app_root/app/controllers/accessible_except_controller.rb",
"test/app_root/app/controllers/accessible_only_controller.rb",
"test/app_root/app/controllers/application_controller.rb",
+ "test/app_root/app/controllers/inherited_users_controller.rb",
+ "test/app_root/app/controllers/merge_controller.rb",
"test/app_root/app/controllers/protected_controller.rb",
"test/app_root/app/controllers/users_controller.rb",
"test/app_root/config/boot.rb",
@@ -46,17 +48,18 @@ Gem::Specification.new do |s|
"test/app_root/config/environments/sqlite3.rb",
"test/app_root/config/routes.rb",
"test/app_root/lib/console_with_fixtures.rb",
+ "test/inherited_users_controller_test.rb",
+ "test/merge_controller_test.rb",
"test/protected_controller_test.rb",
"test/protector_test.rb",
"test/test_helper.rb",
"test/users_controller_test.rb",
"uninstall.rb"
]
- s.has_rdoc = true
s.homepage = %q{http://github.com/cjbottaro/param_protected}
s.rdoc_options = ["--charset=UTF-8"]
s.require_paths = ["lib"]
- s.rubygems_version = %q{1.3.2}
+ s.rubygems_version = %q{1.3.5}
s.summary = %q{Filter unwanted parameters in your controllers and actions.}
s.test_files = [
"test/accessible_except_test.rb",
@@ -64,6 +67,8 @@ Gem::Specification.new do |s|
"test/app_root/app/controllers/accessible_except_controller.rb",
"test/app_root/app/controllers/accessible_only_controller.rb",
"test/app_root/app/controllers/application_controller.rb",
+ "test/app_root/app/controllers/inherited_users_controller.rb",
+ "test/app_root/app/controllers/merge_controller.rb",
"test/app_root/app/controllers/protected_controller.rb",
"test/app_root/app/controllers/users_controller.rb",
"test/app_root/config/boot.rb",
@@ -75,6 +80,8 @@ Gem::Specification.new do |s|
"test/app_root/config/environments/sqlite3.rb",
"test/app_root/config/routes.rb",
"test/app_root/lib/console_with_fixtures.rb",
+ "test/inherited_users_controller_test.rb",
+ "test/merge_controller_test.rb",
"test/protected_controller_test.rb",
"test/protector_test.rb",
"test/test_helper.rb",
@@ -91,3 +98,4 @@ Gem::Specification.new do |s|
else
end
end
+
Please sign in to comment.
Something went wrong with that request. Please try again.