Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Revert "AM::MassAssingmentSecurity: improve performance"

It introduces backwards incompatible changes in the API.

This reverts commit 7d1379f.
  • Loading branch information...
commit eb8f0ddb67440d26eb0e179a0c43df8ea2a53b1e 1 parent f961ec4
@josevalim josevalim authored
View
34 activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -3,18 +3,20 @@ module MassAssignmentSecurity
class Sanitizer
# Returns all attributes not denied by the authorizer.
def sanitize(attributes, authorizer)
- attributes.reject do |attr, value|
- if authorizer.deny?(attr)
- process_removed_attribute(attr)
- true
- end
- end
+ sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
+ debug_protected_attribute_removal(attributes, sanitized_attributes)
+ sanitized_attributes
end
protected
- def process_removed_attribute(attr)
- raise NotImplementedError, "#process_removed_attribute(attr) suppose to be overwritten"
+ def debug_protected_attribute_removal(attributes, sanitized_attributes)
+ removed_keys = attributes.keys - sanitized_attributes.keys
+ process_removed_attributes(removed_keys) if removed_keys.any?
+ end
+
+ def process_removed_attributes(attrs)
+ raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
end
end
@@ -32,8 +34,8 @@ def logger?
@target.respond_to?(:logger) && @target.logger
end
- def process_removed_attribute(attr)
- logger.warn "Can't mass-assign protected attribute: #{attr}" if logger?
+ def process_removed_attributes(attrs)
+ logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
end
end
@@ -42,19 +44,19 @@ def initialize(target = nil)
super()
end
- def process_removed_attribute(attr)
- return if insensitive_attributes.include?(attr)
- raise ActiveModel::MassAssignmentSecurity::Error.new(attr)
+ def process_removed_attributes(attrs)
+ return if (attrs - insensitive_attributes).empty?
+ raise ActiveModel::MassAssignmentSecurity::Error.new(attrs)
end
def insensitive_attributes
- @insensitive_attributes ||= ['id']
+ ['id']
end
end
class Error < StandardError
- def initialize(attr)
- super("Can't mass-assign protected attribute: #{attr}")
+ def initialize(attrs)
+ super("Can't mass-assign protected attributes: #{attrs.join(', ')}")
end
end
end
View
2  activemodel/test/cases/mass_assignment_security_test.rb
@@ -4,7 +4,7 @@
class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer
- def process_removed_attribute(attr)
+ def process_removed_attributes(attrs)
raise StandardError
end
Please sign in to comment.
Something went wrong with that request. Please try again.