openproject/lib/redmine/safe_attributes.rb

#-- encoding: UTF-8
#-- copyright
# OpenProject is a project management system.
#
# Copyright (C) 2012-2013 the OpenProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# See doc/COPYRIGHT.rdoc for more details.
#++

module Redmine
  module SafeAttributes
    def self.included(base)
      base.extend(ClassMethods)
    end

    module ClassMethods
      # Declares safe attributes
      # An optional Proc can be given for conditional inclusion
      #
      # Example:
      #   safe_attributes 'title', 'pages'
      #   safe_attributes 'isbn', :if => {|book, user| book.author == user}
      def safe_attributes(*args)
        @safe_attributes ||= []
        if args.empty?
          if superclass < Redmine::SafeAttributes
            superclass.safe_attributes + @safe_attributes
          else
            @safe_attributes
          end
        else
          options = args.last.is_a?(Hash) ? args.pop : {}
          @safe_attributes << [args, options]
          safe_attributes
        end
      end
    end

    # Returns an array that can be safely set by user or current user
    #
    # Example:
    #   book.safe_attributes # => ['title', 'pages']
    #   book.safe_attributes(book.author) # => ['title', 'pages', 'isbn']
    def safe_attribute_names(user=User.current)
      names = []
      self.class.safe_attributes.collect do |attrs, options|
        if options[:if].nil? || options[:if].call(self, user)
          names += attrs.collect(&:to_s)
        end
      end
      names.uniq
    end

    # Returns a hash with unsafe attributes removed
    # from the given attrs hash
    #
    # Example:
    #   book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'})
    #   # => {'title' => 'My book'}
    def delete_unsafe_attributes(attrs, user=User.current)
      safe = safe_attribute_names(user)
      attrs.dup.delete_if {|k,v| !safe.include?(k.to_s)}
    end

    # Sets attributes from attrs that are safe
    # attrs is a Hash with string keys
    def safe_attributes=(attrs, user=User.current)
      return unless attrs.is_a?(Hash)
      self.attributes = delete_unsafe_attributes(attrs, user)
    end
  end
end
Set source encoding to UTF-8 13 years ago			`#-- encoding: UTF-8`
[#197] Upgrade the copyright in the code files 14 years ago			`#-- copyright`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`# OpenProject is a project management system.`
[#436] Remove trailing whitespace 14 years ago			`#`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`# Copyright (C) 2012-2013 the OpenProject Team`
[#436] Remove trailing whitespace 14 years ago			`#`
[#197] Upgrade the copyright in the code files 14 years ago			`# This program is free software; you can redistribute it and/or`
provide every possible file with a short copyright notice This was done using the rake task: rake copyright:update 12 years ago			`# modify it under the terms of the GNU General Public License version 3.`
[#436] Remove trailing whitespace 14 years ago			`#`
[#197] Upgrade the copyright in the code files 14 years ago			`# See doc/COPYRIGHT.rdoc for more details.`
			`#++`

Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`module Redmine`
			`module SafeAttributes`
			`def self.included(base)`
			`base.extend(ClassMethods)`
			`end`
[#436] Remove trailing whitespace 14 years ago
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`module ClassMethods`
			`# Declares safe attributes`
			`# An optional Proc can be given for conditional inclusion`
			`#`
			`# Example:`
			`# safe_attributes 'title', 'pages'`
			`# safe_attributes 'isbn', :if => {\|book, user\| book.author == user}`
			`def safe_attributes(*args)`
			`@safe_attributes \|\|= []`
			`if args.empty?`
[#282] Make safe_attributes work with sub classes 14 years ago			`if superclass < Redmine::SafeAttributes`
			`superclass.safe_attributes + @safe_attributes`
			`else`
			`@safe_attributes`
			`end`
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`else`
			`options = args.last.is_a?(Hash) ? args.pop : {}`
			`@safe_attributes << [args, options]`
[#282] Make safe_attributes work with sub classes 14 years ago			`safe_attributes`
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`end`
			`end`
			`end`
[#282] Make safe_attributes work with sub classes 14 years ago
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`# Returns an array that can be safely set by user or current user`
			`#`
			`# Example:`
			`# book.safe_attributes # => ['title', 'pages']`
			`# book.safe_attributes(book.author) # => ['title', 'pages', 'isbn']`
			`def safe_attribute_names(user=User.current)`
			`names = []`
			`self.class.safe_attributes.collect do \|attrs, options\|`
			`if options[:if].nil? \|\| options[:if].call(self, user)`
			`names += attrs.collect(&:to_s)`
			`end`
			`end`
			`names.uniq`
			`end`
[#436] Remove trailing whitespace 14 years ago
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`# Returns a hash with unsafe attributes removed`
			`# from the given attrs hash`
[#436] Remove trailing whitespace 14 years ago			`#`
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`# Example:`
			`# book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'})`
			`# # => {'title' => 'My book'}`
			`def delete_unsafe_attributes(attrs, user=User.current)`
			`safe = safe_attribute_names(user)`
[#282] Make safe_attributes work with symbol keys 14 years ago			`attrs.dup.delete_if {\|k,v\| !safe.include?(k.to_s)}`
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`end`
[#436] Remove trailing whitespace 14 years ago
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`# Sets attributes from attrs that are safe`
			`# attrs is a Hash with string keys`
			`def safe_attributes=(attrs, user=User.current)`
			`return unless attrs.is_a?(Hash)`
fix Redmine:SafeAttributes and their tests 12 years ago			`self.attributes = delete_unsafe_attributes(attrs, user)`
Makes issue safe_attributes extensible (#6000). git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81 14 years ago			`end`
			`end`
			`end`