Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

implementing strong_parameters support

  • Loading branch information...
commit 9dc6644c886dce1e66ce82060d63987a201ad6a0 1 parent c72adef
@garysweaver authored
View
3  .travis.yml
@@ -1,12 +1,9 @@
script: bundle exec rake test
rvm:
- - ree
- 1.9.2
- 1.9.3
before_install:
- gem update --system
- gem --version
env:
- - RAILS=3.0.12
- - RAILS=3.1.4
- RAILS=3.2.3
View
10 CHANGELOG.md
@@ -1,4 +1,12 @@
-## Master (unreleased)
+## ActiveAdmin for Rails 3.2.x with Strong Parameters (unreleased)
+
+## Patched 0.5.0 version (unreleased)
+
+### Enhancements
+
+Added Strong Parameters niceties:
+* Added `config.enforce_strong_parameters` config setting for allowing permit all params on assumed resource.
+* Added `permitted_params` method to explicitly define params to permit on assumed resource.
## 0.5.0
View
7 Gemfile
@@ -11,14 +11,13 @@ gem 'rails', rails_version
gem 'bourbon'
case rails_version
-when /^3\.0/
- # Do nothing, bundler should figure it out
-when /^3\.(1|2)/
+when /^3\.2)/

Typo, my friend. Bundler refuses to bundle as-is because of the mismatched paren.

@garysweaver Owner

Thanks, Drew! Something else wrong too. Somehow GitHub is showing master as having the same changes as this branch in my fork. I'm going to have to have some fun with git now. :(

@garysweaver Owner

K fixed the mistaken commit to master and removed that parenth. Sorry bout that. thx! just started rake and its tests, so will see how that goes...

@garysweaver Owner

Ok, did another commit to return nil from resource_params when params[name of model] is nil. Now I don't see a relation to failing tests and the SP related code, well at the moment at least.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
# These are the gems you have to have for Rails 3.1 to be happy
gem 'sass-rails'
gem 'uglifier'
+ gem 'strong_parameters'
else
- raise "Rails #{rails_version} is not supported yet"
+ raise "Rails #{rails_version} is not supported"
end
group :development, :test do
View
32 README.rdoc
@@ -43,9 +43,15 @@ https://github.com/gregbell/active_admin/blob/master/CONTRIBUTING.md
== Getting Started
Active Admin is released as a Ruby Gem. The gem is to be installed within a Ruby
-on Rails 3 application. To install, simply add the following to your Gemfile:
+on Rails 3 application.
- gem 'activeadmin'
+This is a special branch of ActiveAdmin just for those that are early adopters of Strong Parameters which will be included in Rails 4:
+
+To install it, add the following to your Gemfile:
+
+ gem 'activeadmin', git: 'https://github.com/gregbell/active_admin.git', branch: 'rails-3_2-with-strong-parameters'
+
+Note: you don't *need* to be using this branch just to use ActiveAdmin in Rails 3.2 with Strong Parameters. See the Strong Parameters section for more details.
After updating your bundle, run the installer
@@ -110,6 +116,28 @@ Iconic Icons::
Excellent SVG icon set designed by P.J. Onori: http://somerandomdude.com/projects/iconic
+== Strong Parameters
+
+In config:
+
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ config.enforce_strong_parameters = false
+
+In controller config, optionally specify permitted params:
+
+ ActiveAdmin.register Post do
+ # Allow static list
+ permitted_params :a, :b, :c
+
+ # Conditionally control access at runtime
+ permitted_params do
+ [:a, :b, :c]
+ end
+ end
+
+
== Copyright
Copyright (c) 2011 Greg Bell, VersaPay Corporation. See LICENSE for details.
View
1  activeadmin.gemspec
@@ -28,4 +28,5 @@ Gem::Specification.new do |s|
s.add_dependency("sass", ">= 3.1.0")
s.add_dependency("fastercsv", ">= 0")
s.add_dependency("arbre", ">= 1.0.1")
+ s.add_development_dependency("strong_parameters", ">= 0.1.4")
end
View
5 lib/active_admin/application.rb
@@ -69,6 +69,11 @@ def self.inheritable_setting(name, default)
# Default CSV separator
inheritable_setting :csv_column_separator, ','
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ inheritable_setting :enforce_strong_parameters, false
+
# Active Admin makes educated guesses when displaying objects, this is
# the list of methods it tries calling in order
setting :display_name_methods, [ :display_name,
View
16 lib/active_admin/dsl.rb
@@ -30,6 +30,22 @@ def config
@config
end
+ # Specify which params to permit by strong_parameters.
+ #
+ # Allows a static list:
+ # permitted_params :a, :b, :c
+ #
+ # or conditionally control access at runtime:
+ # permitted_params do
+ # [:a, :b, :c]
+ # end
+ def permitted_params(*args)
+ ps = args.clone
+ ps << yield if block_given?
+ # @config.controller is the controller class
+ @config.controller.params_to_permit = ps.flatten
+ end
+
# Include a module with this resource. The modules's `included` method
# is called with the instance of the `ActiveAdmin::DSL` passed into it.
#
View
6 lib/active_admin/resource_controller.rb
@@ -6,7 +6,7 @@
require 'active_admin/resource_controller/decorators'
require 'active_admin/resource_controller/scoping'
require 'active_admin/resource_controller/sidebars'
-require 'active_admin/resource_controller/resource_class_methods'
+require 'active_admin/resource_controller/inherited_resources_overrides'
module ActiveAdmin
# All Resources Controller inherits from this controller.
@@ -26,7 +26,7 @@ class ResourceController < BaseController
include Decorators
include Scoping
include Sidebars
- extend ResourceClassMethods
+ extend InheritedResourcesOverrides
class << self
def active_admin_config=(config)
@@ -42,7 +42,7 @@ def active_admin_config=(config)
# need to install our resource_class method each time we're inherited from.
def inherited(base)
super(base)
- base.override_resource_class_methods!
+ base.override_inherited_resources_methods!
end
public :belongs_to
View
38 lib/active_admin/resource_controller/inherited_resources_overrides.rb
@@ -0,0 +1,38 @@
+module ActiveAdmin
+ class ResourceController < BaseController
+ module InheritedResourcesOverrides
+
+ # Override the default resource_class class and instance
+ # methods to only return the class defined in the instance
+ # of ActiveAdmin::Resource
+ def override_inherited_resources_methods!
+ self.class_eval do
+ class << self
+ # set by DSL
+ attr_accessor :params_to_permit
+ end
+
+ def self.resource_class=(klass); end
+
+ def self.resource_class
+ @active_admin_config ? @active_admin_config.resource_class : nil
+ end
+
+ def resource_class
+ self.class.resource_class
+ end
+
+ def resource_params
+ return [] if request.get?
+ if active_admin_config.namespace.application.enforce_strong_parameters || (self.class.params_to_permit && self.class.params_to_permit.size > 0)
+ # hack because couldn't get SP to work properly
+ [ params[self.class.resource_class.name.underscore.to_sym].permit!.reject{|k,v|!self.class.params_to_permit.include?(k.to_sym)} ]
+ else
+ [ params[self.class.resource_class.name.underscore.to_sym].permit! ]
+ end
+ end
+ end
+ end
+ end
+ end
+end
View
24 lib/active_admin/resource_controller/resource_class_methods.rb
@@ -1,24 +0,0 @@
-module ActiveAdmin
- class ResourceController < BaseController
- module ResourceClassMethods
-
- # Override the default resource_class class and instance
- # methods to only return the class defined in the instance
- # of ActiveAdmin::Resource
- def override_resource_class_methods!
- self.class_eval do
- def self.resource_class=(klass); end
-
- def self.resource_class
- @active_admin_config ? @active_admin_config.resource_class : nil
- end
-
- def resource_class
- self.class.resource_class
- end
- end
- end
-
- end
- end
-end
View
5 lib/generators/active_admin/install/templates/active_admin.rb.erb
@@ -146,4 +146,9 @@ ActiveAdmin.setup do |config|
#
# Set the CSV builder separator (default is ",")
# config.csv_column_separator = ','
+
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ config.enforce_strong_parameters = false
end
Please sign in to comment.
Something went wrong with that request. Please try again.