couchrest_model/lib/couchrest/model/property_protection.rb

module CouchRest
  module Model
    module PropertyProtection
      extend ActiveSupport::Concern

      # Property protection from mass assignment to CouchRest::Model properties
      #
      # Protected methods will be removed from
      #  * new
      #  * update_attributes
      #  * upate_attributes_without_saving
      #  * attributes=
      #
      # There are two modes of protection
      #  1) Declare accessible poperties, and assume all unspecified properties are protected
      #    property :name,  :accessible => true
      #    property :admin                      # this will be automatically protected
      #
      #  2) Declare protected properties, and assume all unspecified properties are accessible
      #    property :name                       # this will not be protected
      #    property :admin, :protected => true
      #
      #  3) Mix and match, and assume all unspecified properties are protected.
      #    property :name,  :accessible => true
      #    property :admin, :protected  => true # ignored
      #    property :phone                      # this will be automatically protected
      #
      #  Note: the timestamps! method protectes the created_at and updated_at properties


      def self.included(base)
        base.extend(ClassMethods)
      end

      module ClassMethods
        def accessible_properties
          props = properties.select { |prop| prop.options[:accessible] }
          if props.empty?
            props = properties.select { |prop| !prop.options[:protected] }
          end
          props
        end

        def protected_properties
          accessibles = accessible_properties
          properties.reject { |prop| accessibles.include?(prop) }
        end
      end

      def accessible_properties
        self.class.accessible_properties
      end

      def protected_properties
        self.class.protected_properties
      end

      # Return a new copy of the attributes hash with protected attributes
      # removed.
      def remove_protected_attributes(attributes)
        protected_names = protected_properties.map { |prop| prop.name }
        return attributes if protected_names.empty? or attributes.nil?

        attributes.reject do |property_name, property_value|
          protected_names.include?(property_name.to_s)
        end
      end

    end
  end
end
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`module CouchRest`
Renaming to CouchRest Model Refactored basic directory structure. Moved to ActiveSupport for Validations and Callbacks. Cleaned up older code, and removed support for text property types. 2010-06-20 22:01:11 +02:00			`module Model`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`module PropertyProtection`
Adding support for mass_assign_any_attribute config option and refactoring non-api methods into private areas of modules 2010-09-18 15:19:15 +02:00			`extend ActiveSupport::Concern`

Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`# Property protection from mass assignment to CouchRest::Model properties`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`#`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`# Protected methods will be removed from`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`# * new`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`# * update_attributes`
			`# * upate_attributes_without_saving`
			`# * attributes=`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`#`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`# There are two modes of protection`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`# 1) Declare accessible poperties, and assume all unspecified properties are protected`
			`# property :name, :accessible => true`
			`# property :admin # this will be automatically protected`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`#`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`# 2) Declare protected properties, and assume all unspecified properties are accessible`
			`# property :name # this will not be protected`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`# property :admin, :protected => true`
			`#`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`# 3) Mix and match, and assume all unspecified properties are protected.`
			`# property :name, :accessible => true`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`# property :admin, :protected => true # ignored`
Allow mixing of protected and accessible properties. Any unspecified properties are now assumed to be protected by default Signed-off-by: Marcos Tapajós <tapajos@gmail.com> 2010-08-12 00:41:32 +02:00			`# property :phone # this will be automatically protected`
			`#`
			`# Note: the timestamps! method protectes the created_at and updated_at properties`


Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`def self.included(base)`
			`base.extend(ClassMethods)`
			`end`

			`module ClassMethods`
			`def accessible_properties`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`props = properties.select { \|prop\| prop.options[:accessible] }`
			`if props.empty?`
			`props = properties.select { \|prop\| !prop.options[:protected] }`
			`end`
			`props`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`end`

			`def protected_properties`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`accessibles = accessible_properties`
			`properties.reject { \|prop\| accessibles.include?(prop) }`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`end`
			`end`

			`def accessible_properties`
			`self.class.accessible_properties`
			`end`

			`def protected_properties`
			`self.class.protected_properties`
			`end`

Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`# Return a new copy of the attributes hash with protected attributes`
			`# removed.`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`def remove_protected_attributes(attributes)`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`protected_names = protected_properties.map { \|prop\| prop.name }`
			`return attributes if protected_names.empty? or attributes.nil?`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00			`attributes.reject do \|property_name, property_value\|`
Using \|property_name, property_value\| instead of \|key, value\|. 2009-10-31 13:49:26 +01:00			`protected_names.include?(property_name.to_s)`
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`end`
			`end`
Renaming Attribute Protection and solving problem modifying the provided hash to the #attributes= method 2010-10-22 15:39:12 +02:00
Adds attribute protection to properties Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com> 2009-09-27 01:24:26 +02:00			`end`
			`end`
			`end`