Adds attribute protection to properties

Public Facing * through either :protected or :accessible8 flags * prevents protected attributes from being set in mass assignment Developer Facing * refactors #initialize and #update_attribute_without_saving to use same private methods to set attributes on ExtendedDocument * adds new mixin to do protection Signed-off-by: Tapajós <tapajos@gmail.com>
2009-09-26 18:24:26 -05:00 · 2009-09-26 18:24:26 -05:00 · b5d09afef5
commit b5d09afef5
parent 58d621d399
5 changed files with 191 additions and 12 deletions
--- a/lib/couchrest/more/extended_document.rb
+++ b/lib/couchrest/more/extended_document.rb
@ -14,6 +14,7 @@ module CouchRest
    include CouchRest::Mixins::ExtendedAttachments
    include CouchRest::Mixins::ClassProxy
    include CouchRest::Mixins::Collection
+		include CouchRest::Mixins::AttributeProtection

    def self.subclasses
      @subclasses ||= []
@ -40,11 +41,7 @@ module CouchRest
    
    def initialize(passed_keys={})
      apply_defaults # defined in CouchRest::Mixins::Properties
-      passed_keys.each do |k,v|
-        if self.respond_to?("#{k}=")
-          self.send("#{k}=", passed_keys.delete(k))
-        end
-      end if passed_keys
+			set_attributes(passed_keys)
      super
      cast_keys      # defined in CouchRest::Mixins::Properties
      unless self['_id'] && self['_rev']
@ -150,12 +147,8 @@ module CouchRest
      # make a copy, we don't want to change arguments
      attrs = hash.dup
      %w[_id _rev created_at updated_at].each {|attr| attrs.delete(attr)}
-      attrs.each do |k, v|
-        raise NoMethodError, "#{k}= method not available, use property :#{k}" unless self.respond_to?("#{k}=")
-      end      
-      attrs.each do |k, v|
-        self.send("#{k}=",v)
-      end
+      check_properties_exist(attrs)
+			set_attributes(attrs)
    end
    alias :attributes= :update_attributes_without_saving

@ -280,6 +273,22 @@ module CouchRest
        end
      end
    end
-    
+
+		private
+
+		def check_properties_exist(attrs)
+      attrs.each do |k, v|
+        raise NoMethodError, "#{k}= method not available, use property :#{k}" unless self.respond_to?("#{k}=")
+      end      
+		end
+
+		def set_attributes(hash)
+			attrs = remove_protected_attributes(hash)
+      attrs.each do |k,v|
+        if self.respond_to?("#{k}=")
+          self.send("#{k}=", attrs.delete(k))
+        end
+      end
+		end
  end
 end