Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
张重言
rails
提交
139a9f70
R
rails
项目概览
张重言
/
rails
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
R
rails
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
139a9f70
编写于
5月 31, 2011
作者:
J
José Valim
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Transform the symbol into a constant lookup.
上级
16384351
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
32 addition
and
29 deletion
+32
-29
activemodel/lib/active_model/mass_assignment_security.rb
activemodel/lib/active_model/mass_assignment_security.rb
+13
-17
activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
...el/lib/active_model/mass_assignment_security/sanitizer.rb
+15
-8
activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
...del/test/cases/mass_assignment_security/sanitizer_test.rb
+4
-4
未找到文件。
activemodel/lib/active_model/mass_assignment_security.rb
浏览文件 @
139a9f70
...
...
@@ -12,12 +12,8 @@ module MassAssignmentSecurity
class_attribute
:_protected_attributes
class_attribute
:_active_authorizer
class_attribute
:
mass_assignment_sanitizer
,
:mass_assignment_sanitizers
class_attribute
:
_mass_assignment_sanitizer
self
.
mass_assignment_sanitizer
=
:logger
self
.
mass_assignment_sanitizers
=
{
:logger
=>
LoggerSanitizer
.
new
(
self
.
respond_to?
(
:logger
)
&&
self
.
logger
),
:strict
=>
StrictSanitizer
.
new
}
end
# Mass assignment security provides an interface for protecting attributes
...
...
@@ -172,7 +168,7 @@ def attr_accessible(*args)
options
=
args
.
extract_options!
role
=
options
[
:as
]
||
:default
self
.
_accessible_attributes
=
accessible_attributes_configs
.
dup
self
.
_accessible_attributes
=
accessible_attributes_configs
.
dup
self
.
_accessible_attributes
[
role
]
=
self
.
accessible_attributes
(
role
)
+
args
self
.
_active_authorizer
=
self
.
_accessible_attributes
...
...
@@ -195,19 +191,25 @@ def attributes_protected_by_default
[]
end
def
mass_assignment_sanitizer
=
(
value
)
self
.
_mass_assignment_sanitizer
=
if
value
.
is_a?
(
Symbol
)
const_get
(
:"
#{
value
.
to_s
.
camelize
}
Sanitizer"
).
new
(
self
)
else
value
end
end
private
def
protected_attributes_configs
self
.
_protected_attributes
||=
begin
default_black_list
=
BlackList
.
new
(
attributes_protected_by_default
)
Hash
.
new
(
default_black_list
)
Hash
.
new
{
|
h
,
k
|
h
[
k
]
=
BlackList
.
new
(
attributes_protected_by_default
)
}
end
end
def
accessible_attributes_configs
self
.
_accessible_attributes
||=
begin
default_white_list
=
WhiteList
.
new
Hash
.
new
(
default_white_list
)
Hash
.
new
{
|
h
,
k
|
h
[
k
]
=
WhiteList
.
new
}
end
end
end
...
...
@@ -215,13 +217,7 @@ def accessible_attributes_configs
protected
def
sanitize_for_mass_assignment
(
attributes
,
role
=
:default
)
sanitizer
=
case
mass_assignment_sanitizer
when
Symbol
self
.
mass_assignment_sanitizers
[
mass_assignment_sanitizer
]
else
mass_assignment_sanitizer
end
sanitizer
.
sanitize
(
attributes
,
mass_assignment_authorizer
(
role
))
_mass_assignment_sanitizer
.
sanitize
(
attributes
,
mass_assignment_authorizer
(
role
))
end
def
mass_assignment_authorizer
(
role
=
:default
)
...
...
activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
浏览文件 @
139a9f70
require
'active_support/core_ext/module/delegation'
module
ActiveModel
module
MassAssignmentSecurity
class
Sanitizer
def
initialize
(
target
=
nil
)
end
# Returns all attributes not denied by the authorizer.
def
sanitize
(
attributes
,
authorizer
)
sanitized_attributes
=
attributes
.
reject
{
|
key
,
value
|
authorizer
.
deny?
(
key
)
}
...
...
@@ -18,19 +23,22 @@ def debug_protected_attribute_removal(attributes, sanitized_attributes)
def
process_removed_attributes
(
attrs
)
raise
NotImplementedError
,
"#process_removed_attributes(attrs) suppose to be overwritten"
end
end
class
LoggerSanitizer
<
Sanitizer
delegate
:logger
,
:to
=>
:@target
attr_accessor
:logger
def
initialize
(
target
)
@target
=
target
super
end
def
initialize
(
logger
=
nil
)
self
.
logger
=
logger
super
()
def
logger?
@target
.
respond_to?
(
:logger
)
&&
@target
.
logger
end
def
process_removed_attributes
(
attrs
)
self
.
logger
.
debug
"WARNING: Can't mass-assign protected attributes:
#{
attrs
.
join
(
', '
)
}
"
if
self
.
logger
logger
.
debug
"WARNING: Can't mass-assign protected attributes:
#{
attrs
.
join
(
', '
)
}
"
if
logger?
end
end
...
...
@@ -42,6 +50,5 @@ def process_removed_attributes(attrs)
class
Error
<
StandardError
end
end
end
activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
浏览文件 @
139a9f70
...
...
@@ -3,7 +3,7 @@
require
'active_support/core_ext/object/inclusion'
class
SanitizerTest
<
ActiveModel
::
TestCase
attr_accessor
:logger
class
Authorizer
<
ActiveModel
::
MassAssignmentSecurity
::
PermissionSet
def
deny?
(
key
)
...
...
@@ -12,8 +12,8 @@ def deny?(key)
end
def
setup
@logger_sanitizer
=
ActiveModel
::
MassAssignmentSecurity
::
LoggerSanitizer
.
new
@strict_sanitizer
=
ActiveModel
::
MassAssignmentSecurity
::
StrictSanitizer
.
new
@logger_sanitizer
=
ActiveModel
::
MassAssignmentSecurity
::
LoggerSanitizer
.
new
(
self
)
@strict_sanitizer
=
ActiveModel
::
MassAssignmentSecurity
::
StrictSanitizer
.
new
(
self
)
@authorizer
=
Authorizer
.
new
end
...
...
@@ -28,7 +28,7 @@ def setup
test
"debug mass assignment removal with LoggerSanitizer"
do
original_attributes
=
{
'first_name'
=>
'allowed'
,
'admin'
=>
'denied'
}
log
=
StringIO
.
new
@logger_sanitizer
.
logger
=
Logger
.
new
(
log
)
self
.
logger
=
Logger
.
new
(
log
)
@logger_sanitizer
.
sanitize
(
original_attributes
,
@authorizer
)
assert_match
(
/admin/
,
log
.
string
,
"Should log removed attributes:
#{
log
.
string
}
"
)
end
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录