From 2212af00c0bf6fa95f690d57aa288b43e46af6b6 Mon Sep 17 00:00:00 2001 From: joegatt Date: Fri, 30 Aug 2013 09:17:32 +0200 Subject: [PATCH] Remove protected_attributes gem Use strong parameters to manage whitelisting, Rails 4-style. --- Gemfile | 1 - Gemfile.lock | 3 --- app/controllers/books_controller.rb | 11 ++++++++++- app/controllers/links_controller.rb | 11 ++++++++++- app/models/book.rb | 5 ----- app/models/evernote_note.rb | 2 -- app/models/link.rb | 4 ---- app/models/note.rb | 4 ---- app/models/resource.rb | 5 ----- app/models/user.rb | 4 ---- config/application.rb | 6 ------ config/environments/development.rb | 3 --- config/environments/test.rb | 3 --- config/initializers/acts_as_taggable_on.rb | 12 ------------ config/initializers/paper_trail.rb | 1 - spec/models/evernote_auth_spec.rb | 3 --- 16 files changed, 20 insertions(+), 58 deletions(-) diff --git a/Gemfile b/Gemfile index 8d1fd6d2..5661f59e 100644 --- a/Gemfile +++ b/Gemfile @@ -34,7 +34,6 @@ gem 'omniauth' gem 'omniauth-evernote' gem 'paper_trail', github: 'airblade/paper_trail', branch: 'master' gem 'pjax_rails' -gem 'protected_attributes' # TEMPORARY: This is to enable Rails 4 upgrade gem 'rails-timeago' gem 'safe_yaml' gem 'sass-rails' diff --git a/Gemfile.lock b/Gemfile.lock index f879526e..969024ee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -261,8 +261,6 @@ GEM jquery-rails polyglot (0.3.3) powerpack (0.0.6) - protected_attributes (1.0.3) - activemodel (>= 4.0.0, < 5.0) pry (0.9.12.2) coderay (~> 1.0.5) method_source (~> 0.8) @@ -443,7 +441,6 @@ DEPENDENCIES paper_trail! pg pjax_rails - protected_attributes rails (= 4.0.0) rails-timeago rails_best_practices diff --git a/app/controllers/books_controller.rb b/app/controllers/books_controller.rb index 6b403d4c..b3cb22c3 100644 --- a/app/controllers/books_controller.rb +++ b/app/controllers/books_controller.rb @@ -68,7 +68,7 @@ def update add_breadcrumb I18n.t('books.admin.title_short'), books_admin_path add_breadcrumb "ISBN #{ @book.isbn }", edit_book_path(params[:id]) - if @book.update_attributes(params[:book]) + if @book.update_attributes(book_params) flash[:success] = I18n.t('books.edit.success', title: @book.title) redirect_to books_admin_path else @@ -77,4 +77,13 @@ def update end end + private + + def book_params + params.require(:book).permit(:attempts, :author, :dewey_decimal, :dimensions, :dirty, :editor, :format, + :full_text_url, :google_books_id, :introducer, :isbn_10, :isbn_13, :lang, :lcc_number, + :library_thing_id, :notes, :open_library_id, :page_count, :pages, :published_city, + :published_date, :publisher, :tag, :title, :translator, :weight) + end + end diff --git a/app/controllers/links_controller.rb b/app/controllers/links_controller.rb index c6433211..b562adfe 100644 --- a/app/controllers/links_controller.rb +++ b/app/controllers/links_controller.rb @@ -58,7 +58,7 @@ def update add_breadcrumb I18n.t('links.admin.title_short'), links_admin_path add_breadcrumb @link.channel, edit_link_path(params[:id]) - if @link.update_attributes(params[:link]) + if @link.update_attributes(link_params) flash[:success] = I18n.t('links.edit.success', channel: @link.channel) redirect_to links_admin_path else @@ -66,4 +66,13 @@ def update render :edit end end + + private + + def link_params + params.require(:link).permit(:altitude, :attempts, :author, :canonical_url, :channel, :dirty, :domain, :error, + :lang, :latitude, :longitude, :modified, :name, :paywall, :protocol, :publisher, + :title, :url, :website_name) + end + end diff --git a/app/models/book.rb b/app/models/book.rb index 1322fdad..ed7b959c 100644 --- a/app/models/book.rb +++ b/app/models/book.rb @@ -4,11 +4,6 @@ class Book < ActiveRecord::Base include Syncable - attr_accessible :title, :author, :editor, :introducer, :translator, :lang, :published_date, :published_city, :pages, - :isbn_10, :isbn_13, :page_count, :google_books_id, :publisher, :library_thing_id, :open_library_id, - :tag, :dirty, :attempts, :notes, :format, :dimensions, :weight, :dewey_decimal, :lcc_number, - :full_text_url - has_and_belongs_to_many :notes default_scope { order('tag') } diff --git a/app/models/evernote_note.rb b/app/models/evernote_note.rb index 7cf213e0..6fa940c5 100644 --- a/app/models/evernote_note.rb +++ b/app/models/evernote_note.rb @@ -5,8 +5,6 @@ class EvernoteNote < ActiveRecord::Base include Evernotable include Syncable - attr_accessible :cloud_note_identifier, :evernote_auth_id, :note_id, :dirty, :attempts, :content_hash, :update_sequence_number - # REVIEW: , dependent: :destroy (causes Stack Level Too Deep. # See: http://api.rubyonrails.org/classes/ActiveRecord/Associations/ClassMethods.html ("Options" ... ":dependent") ) belongs_to :note diff --git a/app/models/link.rb b/app/models/link.rb index 6a96e2d5..c5fe2ea7 100644 --- a/app/models/link.rb +++ b/app/models/link.rb @@ -4,10 +4,6 @@ class Link < ActiveRecord::Base include Syncable - attr_accessible :protocol, :channel, :domain, :url_or_canonical_url, :name, :title, :website_name, :author, :lang, - :modified, :url, :canonical_url, :error, :paywall, :publisher, :dirty, :attempts, :longitude, - :latitude, :altitude - has_and_belongs_to_many :notes default_scope { order('channel') } diff --git a/app/models/note.rb b/app/models/note.rb index e0bc2a40..93df3770 100644 --- a/app/models/note.rb +++ b/app/models/note.rb @@ -4,10 +4,6 @@ class Note < ActiveRecord::Base include Syncable - attr_accessible :title, :body, :external_updated_at, :resources, :latitude, :longitude, :lang, :author, - :last_edited_by, :source, :source_application, :source_url, :sources, :tag_list, :instruction_list, - :hide, :active, :is_citation, :listable - attr_writer :tag_list, :instruction_list has_many :evernote_notes, dependent: :destroy diff --git a/app/models/resource.rb b/app/models/resource.rb index 53b3bf7e..abe480dd 100644 --- a/app/models/resource.rb +++ b/app/models/resource.rb @@ -5,11 +5,6 @@ class Resource < ActiveRecord::Base include Evernotable include Syncable - attr_accessible :note_id, :cloud_resource_identifier, :mime, :width, :height, :caption, :description, :credit, - :source_url, :external_updated_at, :latitude, :longitude, :altitude, :camera_make, :camera_model, :file_name, - :local_file_name, :attachment, :data_hash, :dirty, :attempts, - :raw_location, :template_location, :cut_location, :blank_location - belongs_to :note scope :attached_images, -> { where("mime LIKE 'image%'").where(attachment: nil) } diff --git a/app/models/user.rb b/app/models/user.rb index 02543cc3..c4b4742d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -4,8 +4,4 @@ class User < ActiveRecord::Base # :lockable, :timeoutable and :omniauthable devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable - - # Setup accessible (or protected) attributes for your model - attr_accessible :email, :password, :password_confirmation, :remember_me - # attr_accessible :title, :body end diff --git a/config/application.rb b/config/application.rb index 3fc2620f..86ecd5a8 100644 --- a/config/application.rb +++ b/config/application.rb @@ -39,12 +39,6 @@ class Application < Rails::Application # like if you have constraints or database-specific column types # config.active_record.schema_format = :sql - # Enforce whitelist mode for mass assignment. - # This will create an empty whitelist of attributes available for mass-assignment for all models - # in your app. As such, your models will need to explicitly whitelist or blacklist accessible - # parameters by using an attr_accessible or attr_protected declaration. - config.active_record.whitelist_attributes = true - # Enable the asset pipeline config.assets.enabled = true diff --git a/config/environments/development.rb b/config/environments/development.rb index 3084c08f..00d6c14c 100644 --- a/config/environments/development.rb +++ b/config/environments/development.rb @@ -20,9 +20,6 @@ # Only use best-standards-support built into browsers config.action_dispatch.best_standards_support = :builtin - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Do not compress assets config.assets.compress = false diff --git a/config/environments/test.rb b/config/environments/test.rb index 3c4d02d2..03c8e61a 100644 --- a/config/environments/test.rb +++ b/config/environments/test.rb @@ -33,9 +33,6 @@ host: Settings.host } - # Raise exception on mass assignment protection for Active Record models - config.active_record.mass_assignment_sanitizer = :strict - # Print deprecation notices to the stderr config.active_support.deprecation = :stderr diff --git a/config/initializers/acts_as_taggable_on.rb b/config/initializers/acts_as_taggable_on.rb index 943d7360..61d266ee 100644 --- a/config/initializers/acts_as_taggable_on.rb +++ b/config/initializers/acts_as_taggable_on.rb @@ -13,15 +13,3 @@ def to_param extend FriendlyId friendly_id :name, use: :slugged end - -# TEMPORARY: for Rails 4 compatibility, when we remove attribute accessor gem, we can remove this -# https://github.com/mbleigh/acts-as-taggable-on/issues/389 -module ActsAsTaggableOn - class Tag - attr_accessible :name - end - - class Tagging - attr_accessible :tag_id, :context, :taggable - end -end diff --git a/config/initializers/paper_trail.rb b/config/initializers/paper_trail.rb index 89f96201..798cde43 100644 --- a/config/initializers/paper_trail.rb +++ b/config/initializers/paper_trail.rb @@ -1,6 +1,5 @@ module PaperTrail class Version < ActiveRecord::Base - attr_accessible :sequence, :word_count, :tag_list, :instruction_list, :event, :whodunnit, :object serialize :tag_list serialize :instruction_list end diff --git a/spec/models/evernote_auth_spec.rb b/spec/models/evernote_auth_spec.rb index e14857eb..c47dd6d6 100644 --- a/spec/models/evernote_auth_spec.rb +++ b/spec/models/evernote_auth_spec.rb @@ -10,8 +10,5 @@ it { should be_valid } it { should respond_to(:auth) } - - it { should_not allow_mass_assignment_of(:auth) } - it { should have_many(:evernote_notes) } end