Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Add support Mass-Assignment Role of ActiveRecord + specs #657

Closed
wants to merge 4 commits into from

4 participants

@rvanlieshout

Finished work on pull request #577 by fixing code and adding specs for an adapter called active_record_31. ActiveRecord 3.0 is still supported using this fork.

@martijn

For clarity's sake I would suggest renaming the :assignment parameter to something like :assign_as

@andhapp andhapp referenced this pull request from a commit
@andhapp andhapp Fix for pull request #657. 30db2eb
@andhapp andhapp referenced this pull request from a commit
Commit has since been removed from the repository and is no longer available.
@andhapp andhapp referenced this pull request from a commit
@andhapp andhapp Fix for pull request #657. ff670ed
@andhapp andhapp referenced this pull request
Open

Fix pull request 657 #686

@andhapp
Collaborator

Fixed the pull request so that it merges cleanly. Here's the new pull request.

Closing this one.

@andhapp andhapp closed this
@ghost Unknown referenced this pull request from a commit in bignerdranch/cancan
@andhapp andhapp Fix for pull request #657. 6e0ef16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Apr 12, 2012
  1. @ramaboo

    fixing #577

    ramaboo authored
Commits on Jun 19, 2012
  1. @rvanlieshout

    Merge branch 'master' of git://github.com/ramaboo/cancan

    rvanlieshout authored
    Conflicts:
    	lib/cancan/controller_resource.rb
  2. @rvanlieshout
  3. @martijn
This page is out of date. Refresh to see the latest.
View
4 Gemfile
@@ -6,6 +6,10 @@ when nil, "active_record"
gem "activerecord", '~> 3.0.9', :require => "active_record"
gem "with_model", "~> 0.2.5"
gem "meta_where"
+when "active_record_31"
+ gem "sqlite3"
+ gem "activerecord", '~> 3.1.6', :require => "active_record"
+ gem "with_model", "~> 0.2.5"
when "data_mapper"
gem "dm-core", "~> 1.0.2"
gem "dm-sqlite-adapter", "~> 1.0.2"
View
2  cancan.gemspec
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
s.require_path = "lib"
s.add_development_dependency 'rspec', '~> 2.6.0'
- s.add_development_dependency 'rails', '~> 3.0.9'
+ s.add_development_dependency 'rails', '> 3.0.9'
s.add_development_dependency 'rr', '~> 0.10.11' # 1.0.0 has respond_to? issues: http://github.com/btakita/rr/issues/issue/43
s.add_development_dependency 'supermodel', '~> 0.1.4'
View
3  lib/cancan/controller_additions.rb
@@ -112,6 +112,9 @@ def load_and_authorize_resource(*args)
# [:+prepend+]
# Passing +true+ will use prepend_before_filter instead of a normal before_filter.
#
+ # [:+assign_as+]
+ # Passed as the role when mass assigning attributes (from Rails 3.1 onwards)
+ #
def load_resource(*args)
cancan_resource_class.add_before_filter(self, :load_resource, *args)
end
View
8 lib/cancan/controller_resource.rb
@@ -82,7 +82,13 @@ def load_collection
end
def build_resource
- resource = resource_base.new(resource_params || {})
+ # use Rails 3.1's assign_attribute when resource_params[:assign_as] is present
+ if @options && @options[:assign_as].present? && (resource = resource_base.new).respond_to?(:assign_attributes)
+ resource.assign_attributes(resource_params || {}, :as => @options[:assign_as])
+ else
+ resource = resource_base.new(resource_params || {})
+ end
+
resource.send("#{parent_name}=", parent_resource) if @options[:singleton] && parent_resource
initial_attributes.each do |attr_name, value|
resource.send("#{attr_name}=", value)
View
47 spec/cancan/controller_resource_spec.rb
@@ -457,4 +457,51 @@ class Project < ::Project; end
lambda { resource.load_and_authorize_resource }.should_not raise_error
@controller.instance_variable_get(:@project).should be_nil
end
+
+ if ENV["MODEL_ADAPTER"] == "active_record_31"
+ context "using an ActiveRecord model with :as" do
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:") unless ActiveRecord::Base.connected?
+
+ with_model :project do
+ table do |t|
+ t.string "name"
+ t.boolean "secret", :default => false
+ end
+ model do
+ attr_accessible :name
+ attr_accessible :name, :secret, :as => :admin
+ end
+ end
+
+ it "should be able to mass assign name" do
+ @params.merge!(:action => "create", :project => { :name => "foobar" })
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_false
+ end
+
+ it "should not be able to mass assign secret" do
+ @params.merge!(:action => "create", :project => { :name => "foobar", :secret => "1" })
+ resource = CanCan::ControllerResource.new(@controller)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_false
+ end
+
+ it "should be able to mass assign secret when using :assign_as" do
+ @params.merge!(:action => "create", :project => { :name => "foobar", :secret => "1" })
+ resource = CanCan::ControllerResource.new(@controller, :assign_as => :admin)
+ resource.load_resource
+
+ project = @controller.instance_variable_get(:@project)
+ project.name.should eql("foobar")
+ project.secret.should be_true
+ end
+ end
+ end
end
View
2  spec/cancan/model_adapters/active_record_adapter_spec.rb
@@ -1,7 +1,7 @@
if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
require "spec_helper"
- ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:")
+ ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => ":memory:") unless ActiveRecord::Base.connected?
describe CanCan::ModelAdapters::ActiveRecordAdapter do
with_model :category do
View
2  spec/spec_helper.rb
@@ -17,7 +17,7 @@
Project.delete_all
Category.delete_all
end
- config.extend WithModel if ENV["MODEL_ADAPTER"].nil? || ENV["MODEL_ADAPTER"] == "active_record"
+ config.extend WithModel if ENV["MODEL_ADAPTER"].nil? || /active_record/ =~ ENV["MODEL_ADAPTER"]
end
class Ability
Something went wrong with that request. Please try again.