Merge pull request #5431 from bogdan/mas_performance

AM::MassAssingmentSecurity: improve performance

Merge pull request #5431 from bogdan/mas_performance
AM::MassAssingmentSecurity: improve performance
cc1c4acc · José Valim · ab1b352a · 7d1379ff · cc1c4acc · cc1c4acc
2 changed file
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -3,20 +3,18 @@ module MassAssignmentSecurity
    class Sanitizer
      # Returns all attributes not denied by the authorizer.
      def sanitize(attributes, authorizer)
-        sanitized_attributes = attributes.reject { |key, value| authorizer.deny?(key) }
-        debug_protected_attribute_removal(attributes, sanitized_attributes)
-        sanitized_attributes
+        attributes.reject do |attr, value|
+          if authorizer.deny?(attr)
+            process_removed_attribute(attr)
+            true
+          end
+        end
      end

    protected

-      def debug_protected_attribute_removal(attributes, sanitized_attributes)
-        removed_keys = attributes.keys - sanitized_attributes.keys
-        process_removed_attributes(removed_keys) if removed_keys.any?
-      end
-
-      def process_removed_attributes(attrs)
-        raise NotImplementedError, "#process_removed_attributes(attrs) suppose to be overwritten"
+      def process_removed_attribute(attr)
+        raise NotImplementedError, "#process_removed_attribute(attr) suppose to be overwritten"
      end
    end

@@ -34,8 +32,8 @@ def logger?
        @target.respond_to?(:logger) && @target.logger
      end

-      def process_removed_attributes(attrs)
-        logger.warn "Can't mass-assign protected attributes: #{attrs.join(', ')}" if logger?
+      def process_removed_attribute(attr)
+        logger.warn "Can't mass-assign protected attribute: #{attr}" if logger?
      end
    end

@@ -44,19 +42,19 @@ def initialize(target = nil)
        super()
      end

-      def process_removed_attributes(attrs)
-        return if (attrs - insensitive_attributes).empty?
-        raise ActiveModel::MassAssignmentSecurity::Error.new(attrs)
+      def process_removed_attribute(attr)
+        return if insensitive_attributes.include?(attr)
+        raise ActiveModel::MassAssignmentSecurity::Error.new(attr)
      end

      def insensitive_attributes
-        ['id']
+        @insensitive_attributes ||= ['id']
      end
    end

    class Error < StandardError
-      def initialize(attrs)
-        super("Can't mass-assign protected attributes: #{attrs.join(', ')}")
+      def initialize(attr)
+        super("Can't mass-assign protected attribute: #{attr}")
      end
    end
  end

--- a/activemodel/test/cases/mass_assignment_security_test.rb
+++ b/activemodel/test/cases/mass_assignment_security_test.rb
@@ -4,7 +4,7 @@

 class CustomSanitizer < ActiveModel::MassAssignmentSecurity::Sanitizer

-  def process_removed_attributes(attrs)
+  def process_removed_attribute(attr)
    raise StandardError
  end