Permalink
Browse files

Transform the symbol into a constant lookup.

  • Loading branch information...
1 parent 1638435 commit 139a9f7011687d5bb9df940957cd726c75e361cc @josevalim josevalim committed May 31, 2011
@@ -12,12 +12,8 @@ module MassAssignmentSecurity
class_attribute :_protected_attributes
class_attribute :_active_authorizer
- class_attribute :mass_assignment_sanitizer, :mass_assignment_sanitizers
+ class_attribute :_mass_assignment_sanitizer
self.mass_assignment_sanitizer = :logger
- self.mass_assignment_sanitizers = {
- :logger => LoggerSanitizer.new(self.respond_to?(:logger) && self.logger),
- :strict => StrictSanitizer.new
- }
end
# Mass assignment security provides an interface for protecting attributes
@@ -172,7 +168,7 @@ def attr_accessible(*args)
options = args.extract_options!
role = options[:as] || :default
- self._accessible_attributes = accessible_attributes_configs.dup
+ self._accessible_attributes = accessible_attributes_configs.dup
self._accessible_attributes[role] = self.accessible_attributes(role) + args
self._active_authorizer = self._accessible_attributes
@@ -195,33 +191,33 @@ def attributes_protected_by_default
[]
end
+ def mass_assignment_sanitizer=(value)
+ self._mass_assignment_sanitizer = if value.is_a?(Symbol)
+ const_get(:"#{value.to_s.camelize}Sanitizer").new(self)
+ else
+ value
+ end
+ end
+
private
def protected_attributes_configs
self._protected_attributes ||= begin
- default_black_list = BlackList.new(attributes_protected_by_default)
- Hash.new(default_black_list)
+ Hash.new { |h,k| h[k] = BlackList.new(attributes_protected_by_default) }
end
end
def accessible_attributes_configs
self._accessible_attributes ||= begin
- default_white_list = WhiteList.new
- Hash.new(default_white_list)
+ Hash.new { |h,k| h[k] = WhiteList.new }
end
end
end
protected
def sanitize_for_mass_assignment(attributes, role = :default)
- sanitizer = case mass_assignment_sanitizer
- when Symbol
- self.mass_assignment_sanitizers[mass_assignment_sanitizer]
- else
- mass_assignment_sanitizer
- end
- sanitizer.sanitize(attributes, mass_assignment_authorizer(role))
+ _mass_assignment_sanitizer.sanitize(attributes, mass_assignment_authorizer(role))
end
def mass_assignment_authorizer(role = :default)
@@ -1,6 +1,11 @@
+require 'active_support/core_ext/module/delegation'
+
module ActiveModel
module MassAssignmentSecurity
class Sanitizer
+ def initialize(target=nil)
+ end
+
# Returns all attributes not denied by the authorizer.
def sanitize(attributes, authorizer)
sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
@@ -18,19 +23,22 @@ def debug_protected_attribute_removal(attributes, sanitized_attributes)
def process_removed_attributes(attrs)
raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
end
-
end
+
class LoggerSanitizer < Sanitizer
+ delegate :logger, :to => :@target
- attr_accessor :logger
+ def initialize(target)
+ @target = target
+ super
+ end
- def initialize(logger = nil)
- self.logger = logger
- super()
+ def logger?
+ @target.respond_to?(:logger) && @target.logger
end
-
+
def process_removed_attributes(attrs)
- self.logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if self.logger
+ logger.debug "WARNING: Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
end
end
@@ -42,6 +50,5 @@ def process_removed_attributes(attrs)
class Error < StandardError
end
-
end
end
@@ -3,7 +3,7 @@
require 'active_support/core_ext/object/inclusion'
class SanitizerTest < ActiveModel::TestCase
-
+ attr_accessor :logger
class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
def deny?(key)
@@ -12,8 +12,8 @@ def deny?(key)
end
def setup
- @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new
- @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new
+ @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new(self)
+ @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new(self)
@authorizer = Authorizer.new
end
@@ -28,7 +28,7 @@ def setup
test "debug mass assignment removal with LoggerSanitizer" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
log = StringIO.new
- @logger_sanitizer.logger = Logger.new(log)
+ self.logger = Logger.new(log)
@logger_sanitizer.sanitize(original_attributes, @authorizer)
assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
end

0 comments on commit 139a9f7

Please sign in to comment.