-
Notifications
You must be signed in to change notification settings - Fork 983
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fixes #8597 - friendly ID should escape slashes for URL parameters #2001
Conversation
c0bfad8
to
b5014f1
Compare
@isratrade can you review please? thanks! |
@unorthodoxgeek, I would suggest do add this to def to_param
Parameterizable.parameterize("#{id}-#{name}")
end Imho, not every model needs a friendly id like |
@unorthodoxgeek ping 🔔 |
fixed. LDAP tests might fail because of lack of Gemfile.lock |
@unorthodoxgeek I agree with @isratrade on a first pass, in |
@elobato - I remove friendly ID in rails 4 anyway... |
@unorthodoxgeek, why are you removing friendly ID? Are you rewriting existing UI or API calls such as api/environments/production (rather than with ## id such as api/environments/1-production) |
[test] |
@isratrade - friendly id doesn't do anything once Parameterizable::ByIdName is included. |
I'm not sure this it's correct that |
friendly id defines the to_param and the find methods on the model. the parametrizable method defines the same methods. thus - it's pointless to have both on the same model. |
@unorthodoxgeek, if you remove Environment.find('production') |
no, nor can I do it with friendly id, because the find method is overridden by the parametrizable module. |
but the API also uses names as identifiers in the url, so we can't forgot about this, or it could break people's scripts. |
API should use IDs, if it supports names it's a huge design flaw on our part. |
Throughout the API documentation, using apipie, we assign |
that's wrong on multiple levels :(
anyway, this means we either stop allowing this horribleness, or we declare
this ticket as unsolvable. it's one or the other.
|
The answer to the issue should be that forward slashes are not allowed as identifiers, so this |
I agree that names in the API is problematic, and we can't claim to make it work 100%. Still, it is what it is for now, and this needs fixing. Merged as 053c032 with friendly_id left in, thanks @unorthodoxgeek. |
just a short explanation - there was a similar PR on friendly id, to which they answered - hey, why not use sluggable? (which means another table in the DB, just for fetching the ID)
there's also an option to sanitise names, which means we don't let slashes in the name (feels intrusive to me, and doesn't solve current broken items)
I think that this monkey patch fixes it in the best possible way - we are able to both keep current (broken) data and have it working, we don't need to add a database table which might break current friendly ids, and this seems like the most performant option of the ones I see.