2009-09-27 01:24:26 +02:00
|
|
|
module CouchRest
|
2010-06-20 22:01:11 +02:00
|
|
|
module Model
|
2009-09-27 01:24:26 +02:00
|
|
|
module AttributeProtection
|
2010-08-12 00:41:32 +02:00
|
|
|
# Attribute protection from mass assignment to CouchRest::Model properties
|
|
|
|
#
|
2009-09-27 01:24:26 +02:00
|
|
|
# Protected methods will be removed from
|
2010-08-12 00:41:32 +02:00
|
|
|
# * new
|
2009-09-27 01:24:26 +02:00
|
|
|
# * update_attributes
|
|
|
|
# * upate_attributes_without_saving
|
|
|
|
# * attributes=
|
2010-08-12 00:41:32 +02:00
|
|
|
#
|
2009-09-27 01:24:26 +02:00
|
|
|
# There are two modes of protection
|
2010-08-12 00:41:32 +02:00
|
|
|
# 1) Declare accessible poperties, and assume all unspecified properties are protected
|
|
|
|
# property :name, :accessible => true
|
|
|
|
# property :admin # this will be automatically protected
|
2009-09-27 01:24:26 +02:00
|
|
|
#
|
2010-08-12 00:41:32 +02:00
|
|
|
# 2) Declare protected properties, and assume all unspecified properties are accessible
|
|
|
|
# property :name # this will not be protected
|
2009-09-27 01:24:26 +02:00
|
|
|
# property :admin, :protected => true
|
|
|
|
#
|
2010-08-12 00:41:32 +02:00
|
|
|
# 3) Mix and match, and assume all unspecified properties are protected.
|
|
|
|
# property :name, :accessible => true
|
|
|
|
# property :admin, :protected => true
|
|
|
|
# property :phone # this will be automatically protected
|
|
|
|
#
|
|
|
|
# Note: the timestamps! method protectes the created_at and updated_at properties
|
|
|
|
|
|
|
|
|
2009-09-27 01:24:26 +02:00
|
|
|
def self.included(base)
|
|
|
|
base.extend(ClassMethods)
|
|
|
|
end
|
|
|
|
|
|
|
|
module ClassMethods
|
|
|
|
def accessible_properties
|
|
|
|
properties.select { |prop| prop.options[:accessible] }
|
|
|
|
end
|
|
|
|
|
|
|
|
def protected_properties
|
|
|
|
properties.select { |prop| prop.options[:protected] }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def accessible_properties
|
|
|
|
self.class.accessible_properties
|
|
|
|
end
|
|
|
|
|
|
|
|
def protected_properties
|
|
|
|
self.class.protected_properties
|
|
|
|
end
|
|
|
|
|
|
|
|
def remove_protected_attributes(attributes)
|
|
|
|
protected_names = properties_to_remove_from_mass_assignment.map { |prop| prop.name }
|
|
|
|
return attributes if protected_names.empty?
|
|
|
|
|
2009-10-31 13:49:26 +01:00
|
|
|
attributes.reject! do |property_name, property_value|
|
|
|
|
protected_names.include?(property_name.to_s)
|
2009-09-27 01:24:26 +02:00
|
|
|
end
|
|
|
|
|
|
|
|
attributes || {}
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def properties_to_remove_from_mass_assignment
|
2010-08-12 00:41:32 +02:00
|
|
|
to_remove = protected_properties
|
2009-09-27 01:24:26 +02:00
|
|
|
|
2010-08-12 00:41:32 +02:00
|
|
|
unless accessible_properties.empty?
|
|
|
|
to_remove += properties.reject { |prop| prop.options[:accessible] }
|
2009-09-27 01:24:26 +02:00
|
|
|
end
|
2010-08-12 00:41:32 +02:00
|
|
|
|
|
|
|
to_remove
|
2009-09-27 01:24:26 +02:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|