Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add RailsAdmin::Config.included_models as a whitelist approach to lis…

…ting models to be administered by RailsAdmin, an alternative to the auto-discovery + excluded_models configuration.
  • Loading branch information...
commit 57e625066d231bd02af51709743762f2a98a0ef2 1 parent 48b67c2
@wolframarnold wolframarnold authored
View
23 README.mkd
@@ -108,6 +108,29 @@ You can exclude models from RailsAdmin by appending those models to `excluded_mo
config.excluded_models << ClassName
end
+**Whitelist Approach**
+
+By default, RailsAdmin automatically discovers all the models in the system and adds them to its list of models to
+be accessible through RailsAdmin. The `excluded_models` configuration above permits the blacklisting of individual model classes.
+
+If you prefer a whitelist approach, then you can use the `included_models` configuration option instead:
+
+ RailsAdmin.config do |config|
+ config.included_models = [Class1, Class2, Class3]
+ end
+
+Only the models explicitly listed will be put under RailsAdmin access, and the auto-discovery of models is skipped.
+
+The blacklist is effective on top of that, still, so that if you also have:
+
+ RailsAdmin.config do |config|
+ config.excluded_models = [Class1]
+ end
+
+then only `Class2` and `Class3` would be made available to RailsAdmin.
+
+The whitelist approach may be useful if RailsAdmin is used only for a part of the application and you want to make
+sure that new models are not automatically added to RailsAdmin, e.g. because of security concerns.
### Model Class and Instance Labels ###
View
20 lib/rails_admin/abstract_model.rb
@@ -9,16 +9,22 @@ class AbstractModel
# Returns all models for a given Rails app
def self.all
if @models.empty?
+ if RailsAdmin::Config.included_models.any?
+ # Whitelist approach, use only models explicitly listed
+ possible_models = RailsAdmin::Config.included_models.map(&:to_s)
+ else
+ # orig regexp -- found 'class' even if it's within a comment or a quote
+ filenames = Dir.glob(Rails.application.paths.app.models.collect { |path| File.join(path, "**/*.rb") })
+ class_names = []
+ filenames.each do |filename|
+ class_names += File.read(filename).scan(/class ([\w\d_\-:]+)/).flatten
+ end
+ possible_models = Module.constants | class_names
+ end
+
excluded_models = RailsAdmin::Config.excluded_models.map(&:to_s)
excluded_models << ['History']
- # orig regexp -- found 'class' even if it's within a comment or a quote
- filenames = Dir.glob(Rails.application.paths.app.models.collect { |path| File.join(path, "**/*.rb") })
- class_names = []
- filenames.each do |filename|
- class_names += File.read(filename).scan(/class ([\w\d_\-:]+)/).flatten
- end
- possible_models = Module.constants | class_names
#Rails.logger.info "possible_models: #{possible_models.inspect}"
add_models(possible_models, excluded_models)
View
10 lib/rails_admin/config.rb
@@ -15,6 +15,14 @@ module Config
@@excluded_models = []
mattr_accessor :excluded_models
+ # Configuration option to specify a whitelist of models you want to RailsAdmin to work with.
+ # The excluded_models list applies against the whitelist as well and further reduces the models
+ # RailsAdmin will use.
+ # If included_models is left empty ([]), then RailsAdmin will automatically use all the models
+ # in your application (less any excluded_models you may have specified).
+ @@included_models = []
+ mattr_accessor :included_models
+
# Configuration option to specify which method names will be searched for
# to be used as a label for object records. This defaults to [:name, :title]
mattr_accessor :label_methods
@@ -97,4 +105,4 @@ def self.visible_models
end
end
end
-end
+end
View
3  lib/rails_admin/config/model.rb
@@ -25,7 +25,8 @@ def initialize(entity)
end
def excluded?
- @excluded ||= !RailsAdmin::Config.excluded_models.find {|klass| klass.to_s == abstract_model.model.name }.nil?
+ return @excluded unless @excluded.nil?
+ @excluded = !RailsAdmin::AbstractModel.all.map(&:model).include?(abstract_model.model)
end
# Configure create and update views as a bulk operation with given block
View
48 spec/requests/rails_admin_spec.rb
@@ -65,4 +65,52 @@
end
end
+ describe "model whitelist:" do
+
+ before do
+ RailsAdmin::AbstractModel.instance_variable_get("@models").clear
+ RailsAdmin::Config.excluded_models = []
+ RailsAdmin::Config.included_models = []
+ RailsAdmin::Config.reset
+ end
+
+ after :all do
+ RailsAdmin::AbstractModel.instance_variable_get("@models").clear
+ RailsAdmin::Config.excluded_models = []
+ RailsAdmin::Config.included_models = []
+ RailsAdmin::Config.reset
+ end
+
+ it 'should only use included models' do
+ RailsAdmin::Config.included_models = [Team, League]
+ RailsAdmin::AbstractModel.all.map(&:model).should == [League, Team] #it gets sorted
+ end
+
+ it 'should not restrict models if included_models is left empty' do
+ RailsAdmin::Config.included_models = []
+ RailsAdmin::AbstractModel.all.map(&:model).should include(Team, League)
+ end
+
+ it 'should further remove excluded models (whitelist - blacklist)' do
+ RailsAdmin::Config.excluded_models = [Team]
+ RailsAdmin::Config.included_models = [Team, League]
+ RailsAdmin::AbstractModel.all.map(&:model).should == [League]
+ end
+
+ it 'should always exclude history' do
+ RailsAdmin::AbstractModel.all.map(&:model).should_not include(RailsAdmin::History)
+ end
+
+ it 'excluded? returns true for any model not on the list' do
+ RailsAdmin::Config.included_models = [Team, League]
+
+ team_config = RailsAdmin.config(RailsAdmin::AbstractModel.new('Team'))
+ fan_config = RailsAdmin.config(RailsAdmin::AbstractModel.new('Fan'))
+
+ fan_config.should be_excluded
+ team_config.should_not be_excluded
+ end
+
+ end
+
end
Please sign in to comment.
Something went wrong with that request. Please try again.