Permalink
Browse files

implementing strong_parameters support

  • Loading branch information...
1 parent c72adef commit 9dc6644c886dce1e66ce82060d63987a201ad6a0 @garysweaver committed Oct 29, 2012
View
@@ -1,12 +1,9 @@
script: bundle exec rake test
rvm:
- - ree
- 1.9.2
- 1.9.3
before_install:
- gem update --system
- gem --version
env:
- - RAILS=3.0.12
- - RAILS=3.1.4
- RAILS=3.2.3
View
@@ -1,4 +1,12 @@
-## Master (unreleased)
+## ActiveAdmin for Rails 3.2.x with Strong Parameters (unreleased)
+
+## Patched 0.5.0 version (unreleased)
+
+### Enhancements
+
+Added Strong Parameters niceties:
+* Added `config.enforce_strong_parameters` config setting for allowing permit all params on assumed resource.
+* Added `permitted_params` method to explicitly define params to permit on assumed resource.
## 0.5.0
View
@@ -11,14 +11,13 @@ gem 'rails', rails_version
gem 'bourbon'
case rails_version
-when /^3\.0/
- # Do nothing, bundler should figure it out
-when /^3\.(1|2)/
+when /^3\.2)/
@latortuga

latortuga Oct 29, 2012

Typo, my friend. Bundler refuses to bundle as-is because of the mismatched paren.

@garysweaver

garysweaver Oct 29, 2012

Owner

Thanks, Drew! Something else wrong too. Somehow GitHub is showing master as having the same changes as this branch in my fork. I'm going to have to have some fun with git now. :(

@garysweaver

garysweaver Oct 29, 2012

Owner

K fixed the mistaken commit to master and removed that parenth. Sorry bout that. thx! just started rake and its tests, so will see how that goes...

@garysweaver

garysweaver Oct 29, 2012

Owner

Ok, did another commit to return nil from resource_params when params[name of model] is nil. Now I don't see a relation to failing tests and the SP related code, well at the moment at least.

# These are the gems you have to have for Rails 3.1 to be happy
gem 'sass-rails'
gem 'uglifier'
+ gem 'strong_parameters'
else
- raise "Rails #{rails_version} is not supported yet"
+ raise "Rails #{rails_version} is not supported"
end
group :development, :test do
View
@@ -43,9 +43,15 @@ https://github.com/gregbell/active_admin/blob/master/CONTRIBUTING.md
== Getting Started
Active Admin is released as a Ruby Gem. The gem is to be installed within a Ruby
-on Rails 3 application. To install, simply add the following to your Gemfile:
+on Rails 3 application.
- gem 'activeadmin'
+This is a special branch of ActiveAdmin just for those that are early adopters of Strong Parameters which will be included in Rails 4:
+
+To install it, add the following to your Gemfile:
+
+ gem 'activeadmin', git: 'https://github.com/gregbell/active_admin.git', branch: 'rails-3_2-with-strong-parameters'
+
+Note: you don't *need* to be using this branch just to use ActiveAdmin in Rails 3.2 with Strong Parameters. See the Strong Parameters section for more details.
After updating your bundle, run the installer
@@ -110,6 +116,28 @@ Iconic Icons::
Excellent SVG icon set designed by P.J. Onori: http://somerandomdude.com/projects/iconic
+== Strong Parameters
+
+In config:
+
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ config.enforce_strong_parameters = false
+
+In controller config, optionally specify permitted params:
+
+ ActiveAdmin.register Post do
+ # Allow static list
+ permitted_params :a, :b, :c
+
+ # Conditionally control access at runtime
+ permitted_params do
+ [:a, :b, :c]
+ end
+ end
+
+
== Copyright
Copyright (c) 2011 Greg Bell, VersaPay Corporation. See LICENSE for details.
View
@@ -28,4 +28,5 @@ Gem::Specification.new do |s|
s.add_dependency("sass", ">= 3.1.0")
s.add_dependency("fastercsv", ">= 0")
s.add_dependency("arbre", ">= 1.0.1")
+ s.add_development_dependency("strong_parameters", ">= 0.1.4")
end
@@ -69,6 +69,11 @@ def self.inheritable_setting(name, default)
# Default CSV separator
inheritable_setting :csv_column_separator, ','
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ inheritable_setting :enforce_strong_parameters, false
+
# Active Admin makes educated guesses when displaying objects, this is
# the list of methods it tries calling in order
setting :display_name_methods, [ :display_name,
View
@@ -30,6 +30,22 @@ def config
@config
end
+ # Specify which params to permit by strong_parameters.
+ #
+ # Allows a static list:
+ # permitted_params :a, :b, :c
+ #
+ # or conditionally control access at runtime:
+ # permitted_params do
+ # [:a, :b, :c]
+ # end
+ def permitted_params(*args)
+ ps = args.clone
+ ps << yield if block_given?
+ # @config.controller is the controller class
+ @config.controller.params_to_permit = ps.flatten
+ end
+
# Include a module with this resource. The modules's `included` method
# is called with the instance of the `ActiveAdmin::DSL` passed into it.
#
@@ -6,7 +6,7 @@
require 'active_admin/resource_controller/decorators'
require 'active_admin/resource_controller/scoping'
require 'active_admin/resource_controller/sidebars'
-require 'active_admin/resource_controller/resource_class_methods'
+require 'active_admin/resource_controller/inherited_resources_overrides'
module ActiveAdmin
# All Resources Controller inherits from this controller.
@@ -26,7 +26,7 @@ class ResourceController < BaseController
include Decorators
include Scoping
include Sidebars
- extend ResourceClassMethods
+ extend InheritedResourcesOverrides
class << self
def active_admin_config=(config)
@@ -42,7 +42,7 @@ def active_admin_config=(config)
# need to install our resource_class method each time we're inherited from.
def inherited(base)
super(base)
- base.override_resource_class_methods!
+ base.override_inherited_resources_methods!
end
public :belongs_to
@@ -0,0 +1,38 @@
+module ActiveAdmin
+ class ResourceController < BaseController
+ module InheritedResourcesOverrides
+
+ # Override the default resource_class class and instance
+ # methods to only return the class defined in the instance
+ # of ActiveAdmin::Resource
+ def override_inherited_resources_methods!
+ self.class_eval do
+ class << self
+ # set by DSL
+ attr_accessor :params_to_permit
+ end
+
+ def self.resource_class=(klass); end
+
+ def self.resource_class
+ @active_admin_config ? @active_admin_config.resource_class : nil
+ end
+
+ def resource_class
+ self.class.resource_class
+ end
+
+ def resource_params
+ return [] if request.get?
+ if active_admin_config.namespace.application.enforce_strong_parameters || (self.class.params_to_permit && self.class.params_to_permit.size > 0)
+ # hack because couldn't get SP to work properly
+ [ params[self.class.resource_class.name.underscore.to_sym].permit!.reject{|k,v|!self.class.params_to_permit.include?(k.to_sym)} ]
+ else
+ [ params[self.class.resource_class.name.underscore.to_sym].permit! ]
+ end
+ end
+ end
+ end
+ end
+ end
+end
@@ -1,24 +0,0 @@
-module ActiveAdmin
- class ResourceController < BaseController
- module ResourceClassMethods
-
- # Override the default resource_class class and instance
- # methods to only return the class defined in the instance
- # of ActiveAdmin::Resource
- def override_resource_class_methods!
- self.class_eval do
- def self.resource_class=(klass); end
-
- def self.resource_class
- @active_admin_config ? @active_admin_config.resource_class : nil
- end
-
- def resource_class
- self.class.resource_class
- end
- end
- end
-
- end
- end
-end
@@ -146,4 +146,9 @@ ActiveAdmin.setup do |config|
#
# Set the CSV builder separator (default is ",")
# config.csv_column_separator = ','
+
+ # Whether or not to enforce strong parameters. Default is false, which will call permit!
+ # on the resource in params in the controller for update and create, if strong_parameters gem is found.
+ # If true then it will not do that, and the user will need to explicitly define the params to be permitted.
+ config.enforce_strong_parameters = false
end

0 comments on commit 9dc6644

Please sign in to comment.