Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

add ability to globally disable/enable strong parameters #55

Closed
wants to merge 2 commits into from

2 participants

@garysweaver

#49

Added ability to disable or enable strong parameters via configuration, e.g:

StrongParameters.enabled = true
@garysweaver garysweaver referenced this pull request in activeadmin/activeadmin
Closed

Add support for strong_parameters #1731

@dhh
Owner

What's the use case for this? Why would you include the strong parameters gem if you do not intend to use it?

@garysweaver

@dhh Thanks for asking! In ActiveAdmin primarily those using Rails 3.x will not be using SP, but we need a way to be able to test SP support in the Gem, specifically for this ticket in which we are trying to get a patch in to ActiveAdmin to support SP: activeadmin/activeadmin#1731

I think having the ability to disable SP will provide a way for projects to ease into using SP without having to have separate forks. There is a high probability that the way I went about making it configurable is not optimal. I'd be happy to try to improve it, but could use some light guidance if you think that would be a good direction. If there is a better way in general to address testing of optional inclusion of SP, please let me know. Thanks!

@dhh
Owner

Gary, if your project can work either with or without Strong Parameters, you can just check whether the constant has been defined or not and let the user add the gem to his or her gemfile. I don't think you'd need a separate fork here.

@garysweaver

@dhh ActiveAdmin currently works under the premise that SP is not used, and because there is no way that I know of to easily reload the environment to use a different Gem right in the middle of testing (but maybe there is), this is the easiest way I know of to get the job done. It isn't just a matter of testing whether SP is loaded or not, it is a matter of having SP working only for certain tests.

@dhh
Owner
@garysweaver

@dhh I understand. However, this will very likely come up again for others that want to use SP and want to ease the transition. Unless there is an alternative, then the projects seem to have to fork just to be able to test with and without SP. That does not seem like a good solution. So, what would you suggest?

@dhh
Owner

I suggest that any project that wants to be able to operate both with and without strong parameters have the user add the gem to their gemfile and detect it by checking for the constant.

All this is a legacy concern anyway soon as Rails 4.0 will force strong parameters on everyone and you won't be able to turn it off.

@dhh dhh closed this
@thebyrd thebyrd referenced this pull request in plataformatec/devise
Closed

ActiveModel::ForbiddenAttributesError on Rails4 branch #2327

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
5 lib/action_controller/parameters.rb
@@ -1,6 +1,7 @@
require 'active_support/concern'
require 'active_support/core_ext/hash/indifferent_access'
require 'action_controller'
+require 'strong_parameters/config'
module ActionController
class ParameterMissing < IndexError
@@ -32,7 +33,7 @@ def permit!
end
def require(key)
- self[key].presence || raise(ActionController::ParameterMissing.new(key))
+ !::StrongParameters.enabled? || self[key].presence || raise(ActionController::ParameterMissing.new(key))
end
alias :required :require
@@ -73,7 +74,7 @@ def [](key)
def fetch(key, *args)
convert_hashes_to_parameters(key, super)
rescue KeyError
- raise ActionController::ParameterMissing.new(key)
+ raise ActionController::ParameterMissing.new(key) if ::StrongParameters.enabled?
end
def slice(*keys)
View
4 lib/active_model/forbidden_attributes_protection.rb
@@ -1,10 +1,12 @@
+require 'strong_parameters/config'
+
module ActiveModel
class ForbiddenAttributes < StandardError
end
module ForbiddenAttributesProtection
def sanitize_for_mass_assignment(new_attributes, options = {})
- if !new_attributes.respond_to?(:permitted?) || new_attributes.permitted?
+ if ::StrongParameters.enabled? && (!new_attributes.respond_to?(:permitted?) || new_attributes.permitted?)
super
else
raise ActiveModel::ForbiddenAttributes
View
1  lib/strong_parameters.rb
@@ -1,3 +1,4 @@
require 'action_controller/parameters'
require 'active_model/forbidden_attributes_protection'
require 'strong_parameters/railtie'
+require 'strong_parameters/config'
View
8 lib/strong_parameters/config.rb
@@ -0,0 +1,8 @@
+module StrongParameters
+ class << self
+ attr_accessor :enabled
+ def enabled?;!!enabled;end
+ end
+end
+
+StrongParameters.enabled = true
View
17 test/disabling_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+require 'action_controller/parameters'
+
+class DisablingTest < ActiveSupport::TestCase
+ test "should be able to disable and re-enable strong_parameters" do
+ # assume is enabled by default
+ assert_raises(ActionController::ParameterMissing) do
+ ActionController::Parameters.new(person: {}).require(:person)
+ end
+ StrongParameters.enabled = false
+ ActionController::Parameters.new(person: {}).require(:person)
+ StrongParameters.enabled = true
+ assert_raises(ActionController::ParameterMissing) do
+ ActionController::Parameters.new(person: {}).require(:person)
+ end
+ end
+end
Something went wrong with that request. Please try again.