Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Add scaffold_controller generator with support for strong_parameters …

…by default
  • Loading branch information...
commit a824706c823763c2c4b8f0e56a6f1fe456fb4d0d 1 parent 1e238a2
@guilleiguaran guilleiguaran authored
View
1  .gitignore
@@ -5,3 +5,4 @@ test/dummy/db/*.sqlite3
test/dummy/log/*.log
test/dummy/tmp/
test/dummy/.sass-cache
+tmp/
View
12 lib/generators/rails/USAGE
@@ -0,0 +1,12 @@
+Description:
+ Stubs out a scaffolded controller and its views. Different from rails
+ scaffold_controller, it uses strong_parameters to whitelist permissible
+ attributes in a private method.
+ Pass the model name, either CamelCased or under_scored. The controller
+ name is retrieved as a pluralized version of the model name.
+
+ To create a controller within a module, specify the model name as a
+ path like 'parent_module/controller_name'.
+
+ This generates a controller class in app/controllers and invokes helper,
+ template engine and test framework generators.
View
10 lib/generators/rails/strong_parameters_controller_generator.rb
@@ -0,0 +1,10 @@
+require 'rails/generators/rails/scaffold_controller/scaffold_controller_generator'
+
+module Rails
+ module Generators
+ class StrongParametersControllerGenerator < ScaffoldControllerGenerator
+ argument :attributes, :type => :array, :default => [], :banner => "field:type field:type"
+ source_root File.expand_path("../templates", __FILE__)
+ end
+ end
+end
View
94 lib/generators/rails/templates/controller.rb
@@ -0,0 +1,94 @@
+<% module_namespacing do -%>
+class <%= controller_class_name %>Controller < ApplicationController
+ # GET <%= route_url %>
+ # GET <%= route_url %>.json
+ def index
+ @<%= plural_table_name %> = <%= orm_class.all(class_name) %>
+
+ respond_to do |format|
+ format.html # index.html.erb
+ format.json { render json: <%= "@#{plural_table_name}" %> }
+ end
+ end
+
+ # GET <%= route_url %>/1
+ # GET <%= route_url %>/1.json
+ def show
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
+
+ respond_to do |format|
+ format.html # show.html.erb
+ format.json { render json: <%= "@#{singular_table_name}" %> }
+ end
+ end
+
+ # GET <%= route_url %>/new
+ # GET <%= route_url %>/new.json
+ def new
+ @<%= singular_table_name %> = <%= orm_class.build(class_name) %>
+
+ respond_to do |format|
+ format.html # new.html.erb
+ format.json { render json: <%= "@#{singular_table_name}" %> }
+ end
+ end
+
+ # GET <%= route_url %>/1/edit
+ def edit
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
+ end
+
+ # POST <%= route_url %>
+ # POST <%= route_url %>.json
+ def create
+ @<%= singular_table_name %> = <%= orm_class.build(class_name, "#{singular_table_name}_params") %>
+
+ respond_to do |format|
+ if @<%= orm_instance.save %>
+ format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully created.'" %> }
+ format.json { render json: <%= "@#{singular_table_name}" %>, status: :created, location: <%= "@#{singular_table_name}" %> }
+ else
+ format.html { render action: "new" }
+ format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity }
+ end
+ end
+ end
+
+ # PATCH/PUT <%= route_url %>/1
+ # PATCH/PUT <%= route_url %>/1.json
+ def update
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
+
+ respond_to do |format|
+ if @<%= orm_instance.update_attributes("#{singular_table_name}_params") %>
+ format.html { redirect_to @<%= singular_table_name %>, notice: <%= "'#{human_name} was successfully updated.'" %> }
+ format.json { head :no_content }
+ else
+ format.html { render action: "edit" }
+ format.json { render json: <%= "@#{orm_instance.errors}" %>, status: :unprocessable_entity }
+ end
+ end
+ end
+
+ # DELETE <%= route_url %>/1
+ # DELETE <%= route_url %>/1.json
+ def destroy
+ @<%= singular_table_name %> = <%= orm_class.find(class_name, "params[:id]") %>
+ @<%= orm_instance.destroy %>
+
+ respond_to do |format|
+ format.html { redirect_to <%= index_helper %>_url }
+ format.json { head :no_content }
+ end
+ end
+
+ private
+
+ # Use this method to whitelist the permissible parameters. Example:
+ # params.require(:person).permit(:name, :age)
+ # Also, you can specialize this method with per-user checking of permissible attributes.
+ def <%= "#{singular_table_name}_params" %>
+ params.require(<%= ":#{singular_table_name}" %>).permit(<%= attributes.map {|a| ":#{a.name}" }.sort.join(', ') %>)
+ end
+end
+<% end -%>
View
1  lib/strong_parameters.rb
@@ -1,2 +1,3 @@
require 'action_controller/parameters'
require 'active_model/forbidden_attributes_protection'
+require 'strong_parameters/railtie'
View
11 lib/strong_parameters/railtie.rb
@@ -0,0 +1,11 @@
+require 'rails/railtie'
+
+module StrongParameters
+ class Railtie < ::Rails::Railtie
+ if config.respond_to?(:app_generators)
+ config.app_generators.scaffold_controller = :strong_parameters_controller
+ else
+ config.generators.scaffold_controller = :strong_parameters_controller
+ end
+ end
+end
View
1  strong_parameters.gemspec
@@ -16,6 +16,7 @@ Gem::Specification.new do |s|
s.add_dependency "actionpack", ">= 3.2.0"
s.add_dependency "activemodel", ">= 3.2.0"
+ s.add_dependency "railties", ">= 3.2.0"
s.add_development_dependency "rake"
end
View
31 test/controller_generator_test.rb
@@ -0,0 +1,31 @@
+require 'rails/generators/test_case'
+require 'generators/rails/strong_parameters_controller_generator'
+
+class StrongParametersControllerGeneratorTest < Rails::Generators::TestCase
+ tests Rails::Generators::StrongParametersControllerGenerator
+ arguments %w(User name:string age:integer --orm=none)
+ destination File.expand_path("../tmp", File.dirname(__FILE__))
+ setup :prepare_destination
+
+ def test_controller_content
+ run_generator
+
+ assert_file "app/controllers/users_controller.rb" do |content|
+
+ assert_instance_method :create, content do |m|
+ assert_match(/@user = User\.new\(user_params\)/, m)
+ assert_match(/@user\.save/, m)
+ assert_match(/@user\.errors/, m)
+ end
+
+ assert_instance_method :update, content do |m|
+ assert_match(/@user = User\.find\(params\[:id\]\)/, m)
+ assert_match(/@user\.update_attributes\(user_params\)/, m)
+ assert_match(/@user\.errors/, m)
+ end
+
+ assert_match(/def user_params/, content)
+ assert_match(/params\.require\(:user\)\.permit\(:age, :name\)/, content)
+ end
+ end
+end

0 comments on commit a824706

Please sign in to comment.
Something went wrong with that request. Please try again.