Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Mass assignment with inheritance column #9

Merged
merged 1 commit into from

2 participants

@diminish7

Related to rails commit:
rails/rails@89b5b31

which adds STI support to init and building associations, allowing
you to do

  • BaseClass.new(:type => "SubClass")
  • parent.children.build(:type => "SubClass")
  • parent.build_child(:type => "SubClass")

to initialize an STI subclass.

This commit ensures that a protected inheritance column is still
respected during init

@pixeltrix
Owner

@diminish7 is it possible to add some negative assertions, e.g. specifying a type that isn't a subclass of the model. I know there are some tests for it in the main rails repository I just want to make sure we don't break anything here.

@diminish7 diminish7 Mass assignment with inheritance column
Related to rails commit:
rails/rails@89b5b31

which adds STI support to init and building associations, allowing
you to do

* BaseClass.new(:type => "SubClass")
* parent.children.build(:type => "SubClass")
* parent.build_child(:type => "SubClass")

to initialize an STI subclass.

This commit ensures that a protected inheritance column is still
respected during init
a1f0f71
@diminish7

@pixeltrix Sure: Just amended the commit to include those tests. Thanks!

@pixeltrix pixeltrix merged commit c8aa047 into rails:master

1 check passed

Details default The Travis build passed
@pixeltrix
Owner

@diminish7 thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Jan 16, 2013
  1. @diminish7

    Mass assignment with inheritance column

    diminish7 authored diminish7 committed
    Related to rails commit:
    rails/rails@89b5b31
    
    which adds STI support to init and building associations, allowing
    you to do
    
    * BaseClass.new(:type => "SubClass")
    * parent.children.build(:type => "SubClass")
    * parent.build_child(:type => "SubClass")
    
    to initialize an STI subclass.
    
    This commit ensures that a protected inheritance column is still
    respected during init
This page is out of date. Refresh to see the latest.
View
2  lib/active_record/mass_assignment_security.rb
@@ -8,6 +8,7 @@
require "active_record/mass_assignment_security/relation"
require "active_record/mass_assignment_security/validations"
require "active_record/mass_assignment_security/associations"
+require "active_record/mass_assignment_security/inheritance"
class ActiveRecord::Base
include ActiveRecord::MassAssignmentSecurity::Core
@@ -16,6 +17,7 @@ class ActiveRecord::Base
include ActiveRecord::MassAssignmentSecurity::Relation
include ActiveRecord::MassAssignmentSecurity::Validations
include ActiveRecord::MassAssignmentSecurity::NestedAttributes
+ include ActiveRecord::MassAssignmentSecurity::Inheritance
end
ActiveRecord::SchemaMigration.attr_accessible(:version)
View
18 lib/active_record/mass_assignment_security/inheritance.rb
@@ -0,0 +1,18 @@
+module ActiveRecord
+ module MassAssignmentSecurity
+ module Inheritance
+ extend ActiveSupport::Concern
+
+ module ClassMethods
+ private
+ # Detect the subclass from the inheritance column of attrs. If the inheritance column value
+ # is not self or a valid subclass, raises ActiveRecord::SubclassNotFound
+ # If this is a StrongParameters hash, and access to inheritance_column is not permitted,
+ # this will ignore the inheritance column and return nil
+ def subclass_from_attrs(attrs)
+ active_authorizer[:default].deny?(inheritance_column) ? nil : super
+ end
+ end
+ end
+ end
+end
View
18 test/attribute_sanitization_test.rb
@@ -254,6 +254,24 @@ def test_protection_against_class_attribute_writers
assert !Task.new.respond_to?("#{method}=")
end
end
+
+ def test_new_with_protected_inheritance_column
+ firm = Company.new(type: "Firm")
+ assert_equal firm.class, Company
+ end
+
+ def test_new_with_accessible_inheritance_column
+ corporation = Corporation.new(type: "SpecialCorporation")
+ assert_equal corporation.class, SpecialCorporation
+ end
+
+ def test_new_with_invalid_inheritance_column_class
+ assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "InvalidCorporation") }
+ end
+
+ def test_new_with_unrelated_inheritance_column_class
+ assert_raise(ActiveRecord::SubclassNotFound) { Corporation.new(type: "Person") }
+ end
end
View
7 test/models/company.rb
@@ -96,3 +96,10 @@ def log_after_remove(record)
log << "after_remove#{record.id}"
end
end
+
+class Corporation < Company
+ attr_accessible :type, :name, :description
+end
+
+class SpecialCorporation < Corporation
+end
Something went wrong with that request. Please try again.