Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
09daaaa1
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
09daaaa1
编写于
5月 21, 2011
作者:
A
Andrew White
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add support for passing mass assignment roles to dynamic finders. Closes #1170.
上级
1a959ad7
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
50 addition
and
2 deletion
+50
-2
activerecord/lib/active_record/relation/finder_methods.rb
activerecord/lib/active_record/relation/finder_methods.rb
+2
-2
activerecord/test/cases/mass_assignment_security_test.rb
activerecord/test/cases/mass_assignment_security_test.rb
+48
-0
未找到文件。
activerecord/lib/active_record/relation/finder_methods.rb
浏览文件 @
09daaaa1
...
...
@@ -264,6 +264,7 @@ def find_by_attributes(match, attributes, *args)
end
def
find_or_instantiator_by_attributes
(
match
,
attributes
,
*
args
)
options
=
args
.
size
>
1
&&
args
.
last
(
2
).
all?
{
|
a
|
a
.
is_a?
(
Hash
)
}
?
args
.
extract_options!
:
{}
protected_attributes_for_create
,
unprotected_attributes_for_create
=
{},
{}
args
.
each_with_index
do
|
arg
,
i
|
if
arg
.
is_a?
(
Hash
)
...
...
@@ -278,8 +279,7 @@ def find_or_instantiator_by_attributes(match, attributes, *args)
record
=
where
(
conditions
).
first
unless
record
record
=
@klass
.
new
do
|
r
|
r
.
assign_attributes
(
protected_attributes_for_create
)
record
=
@klass
.
new
(
protected_attributes_for_create
,
options
)
do
|
r
|
r
.
assign_attributes
(
unprotected_attributes_for_create
,
:without_protection
=>
true
)
end
yield
(
record
)
if
block_given?
...
...
activerecord/test/cases/mass_assignment_security_test.rb
浏览文件 @
09daaaa1
...
...
@@ -239,6 +239,54 @@ def test_protection_against_class_attribute_writers
end
end
def
test_find_or_initialize_by_with_attr_accessible_attributes
p
=
TightPerson
.
find_or_initialize_by_first_name
(
'Josh'
,
attributes_hash
)
assert_default_attributes
(
p
)
end
def
test_find_or_initialize_by_with_admin_role_with_attr_accessible_attributes
p
=
TightPerson
.
find_or_initialize_by_first_name
(
'Josh'
,
attributes_hash
,
:as
=>
:admin
)
assert_admin_attributes
(
p
)
end
def
test_find_or_initialize_by_with_attr_protected_attributes
p
=
LoosePerson
.
find_or_initialize_by_first_name
(
'Josh'
,
attributes_hash
)
assert_default_attributes
(
p
)
end
def
test_find_or_initialize_by_with_admin_role_with_attr_protected_attributes
p
=
LoosePerson
.
find_or_initialize_by_first_name
(
'Josh'
,
attributes_hash
,
:as
=>
:admin
)
assert_admin_attributes
(
p
)
end
def
test_find_or_create_by_with_attr_accessible_attributes
p
=
TightPerson
.
find_or_create_by_first_name
(
'Josh'
,
attributes_hash
)
assert_default_attributes
(
p
,
true
)
end
def
test_find_or_create_by_with_admin_role_with_attr_accessible_attributes
p
=
TightPerson
.
find_or_create_by_first_name
(
'Josh'
,
attributes_hash
,
:as
=>
:admin
)
assert_admin_attributes
(
p
,
true
)
end
def
test_find_or_create_by_with_attr_protected_attributes
p
=
LoosePerson
.
find_or_create_by_first_name
(
'Josh'
,
attributes_hash
)
assert_default_attributes
(
p
,
true
)
end
def
test_find_or_create_by_with_admin_role_with_attr_protected_attributes
p
=
LoosePerson
.
find_or_create_by_first_name
(
'Josh'
,
attributes_hash
,
:as
=>
:admin
)
assert_admin_attributes
(
p
,
true
)
end
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录