Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

support regexes for more complex matching rules

  • Loading branch information...
commit 17d03f77aa19234b0e93dec51d6ab49bc9e5dd07 1 parent 76d5031
@dcunning dcunning authored
View
29 lib/param_accessible/rule.rb
@@ -40,12 +40,12 @@ def accessible_params_for controller, dest
return if @only_options != nil && !@only_options.include?(controller.action_name)
return if @except_options != nil && @except_options.include?(controller.action_name)
- accessible_hash_for controller, @attributes, dest
+ accessible_hash_for controller.params, @attributes, dest
end
protected
- def accessible_hash_for controller, attributes, dest
+ def accessible_hash_for params, attributes, dest
attributes.each do |key, value|
if value.is_a?(Hash)
attrs = dest[key]
@@ -54,13 +54,28 @@ def accessible_hash_for controller, attributes, dest
dest[key] = attrs
end
- accessible_hash_for controller, value, attrs
- else
+ nested_params = params[key] if params.is_a?(Hash)
+ accessible_hash_for nested_params, value, attrs
+
+ elsif key.is_a?(String)
dest[key] = value
+
+ elsif key.is_a?(Regexp) && params
+ accessible_params_for_regex key, params, dest
end
end
end
+ def accessible_params_for_regex regex, params, dest
+ params.keys.each do |key|
+ if key.to_s =~ regex
+ dest[key] = nil
+ end
+ end
+
+ dest
+ end
+
# When specifying params to protect, we allow a combination of arrays and hashes much like how
# ActiveRecord::Base#find's :include options works. This method normalizes that into just nested hashes,
# stringifying the keys and setting all values to nil. This format is easier/faster to work with when
@@ -85,7 +100,11 @@ def normalize_params(params, params_out = {})
end
def normalize_key(k)
- k.to_s
+ if k.is_a?(Regexp)
+ k
+ else
+ k.to_s
+ end
end
end
View
6 spec/app_root/app/controllers/regex_controller.rb
@@ -0,0 +1,6 @@
+class RegexController < ApplicationController
+
+ param_accessible /^foo/
+ param_accessible :user => [/^bar/]
+
+end
View
34 spec/lib/regex_spec.rb
@@ -0,0 +1,34 @@
+require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
+
+describe RegexController do
+ include RSpec::Rails::ControllerExampleGroup
+
+ it "should allow base parameters matching a regex" do
+ post :create, :foo => 'hi', :foobar => 'hey'
+ response.code.should == '200'
+ end
+
+ it "should not allow base parameters not matching a regex" do
+ begin
+ post :create, :nuts => "hi"
+ raise "should fail"
+ rescue ParamAccessible::Error => e
+ e.inaccessible_params.should == %w(nuts)
+ end
+ end
+
+ it "should allow nested parameters matching the regex" do
+ post :create, :user => {:bar => 'hi', :bar_me => 'hey'}
+ response.code.should == '200'
+ end
+
+ it "should not allow nested parameters not matching a regex" do
+ begin
+ post :create, :user => {:nuts => "hi"}
+ raise "should fail"
+ rescue ParamAccessible::Error => e
+ e.inaccessible_params.should == %w(user[nuts])
+ end
+ end
+
+end
Please sign in to comment.
Something went wrong with that request. Please try again.