Makes issue safe_attributes extensible (#6000).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4491 e93f8b46-1217-0410-a6f0-8f06a7374b81pull/351/head
parent
8407db9854
commit
3409333522
@ -0,0 +1,75 @@ |
||||
# Redmine - project management software |
||||
# Copyright (C) 2006-2010 Jean-Philippe Lang |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# as published by the Free Software Foundation; either version 2 |
||||
# of the License, or (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||||
|
||||
module Redmine |
||||
module SafeAttributes |
||||
def self.included(base) |
||||
base.extend(ClassMethods) |
||||
end |
||||
|
||||
module ClassMethods |
||||
# Declares safe attributes |
||||
# An optional Proc can be given for conditional inclusion |
||||
# |
||||
# Example: |
||||
# safe_attributes 'title', 'pages' |
||||
# safe_attributes 'isbn', :if => {|book, user| book.author == user} |
||||
def safe_attributes(*args) |
||||
@safe_attributes ||= [] |
||||
if args.empty? |
||||
@safe_attributes |
||||
else |
||||
options = args.last.is_a?(Hash) ? args.pop : {} |
||||
@safe_attributes << [args, options] |
||||
end |
||||
end |
||||
end |
||||
|
||||
# Returns an array that can be safely set by user or current user |
||||
# |
||||
# Example: |
||||
# book.safe_attributes # => ['title', 'pages'] |
||||
# book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] |
||||
def safe_attribute_names(user=User.current) |
||||
names = [] |
||||
self.class.safe_attributes.collect do |attrs, options| |
||||
if options[:if].nil? || options[:if].call(self, user) |
||||
names += attrs.collect(&:to_s) |
||||
end |
||||
end |
||||
names.uniq |
||||
end |
||||
|
||||
# Returns a hash with unsafe attributes removed |
||||
# from the given attrs hash |
||||
# |
||||
# Example: |
||||
# book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'}) |
||||
# # => {'title' => 'My book'} |
||||
def delete_unsafe_attributes(attrs, user=User.current) |
||||
safe = safe_attribute_names(user) |
||||
attrs.dup.delete_if {|k,v| !safe.include?(k)} |
||||
end |
||||
|
||||
# Sets attributes from attrs that are safe |
||||
# attrs is a Hash with string keys |
||||
def safe_attributes=(attrs, user=User.current) |
||||
return unless attrs.is_a?(Hash) |
||||
self.attributes = delete_unsafe_attributes(attrs, user) |
||||
end |
||||
end |
||||
end |
@ -0,0 +1,87 @@ |
||||
# Redmine - project management software |
||||
# Copyright (C) 2006-2010 Jean-Philippe Lang |
||||
# |
||||
# This program is free software; you can redistribute it and/or |
||||
# modify it under the terms of the GNU General Public License |
||||
# as published by the Free Software Foundation; either version 2 |
||||
# of the License, or (at your option) any later version. |
||||
# |
||||
# This program is distributed in the hope that it will be useful, |
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of |
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||||
# GNU General Public License for more details. |
||||
# |
||||
# You should have received a copy of the GNU General Public License |
||||
# along with this program; if not, write to the Free Software |
||||
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
||||
|
||||
require File.dirname(__FILE__) + '/../../../test_helper' |
||||
|
||||
class Redmine::SafeAttributesTest < ActiveSupport::TestCase |
||||
|
||||
class Base |
||||
def attributes=(attrs) |
||||
attrs.each do |key, value| |
||||
send("#{key}=", value) |
||||
end |
||||
end |
||||
end |
||||
|
||||
class Person < Base |
||||
attr_accessor :firstname, :lastname, :login |
||||
include Redmine::SafeAttributes |
||||
safe_attributes :firstname, :lastname |
||||
safe_attributes :login, :if => lambda {|person, user| user.admin?} |
||||
end |
||||
|
||||
class Book < Base |
||||
attr_accessor :title |
||||
include Redmine::SafeAttributes |
||||
safe_attributes :title |
||||
end |
||||
|
||||
def test_safe_attribute_names |
||||
p = Person.new |
||||
assert_equal ['firstname', 'lastname'], p.safe_attribute_names(User.anonymous) |
||||
assert_equal ['firstname', 'lastname', 'login'], p.safe_attribute_names(User.find(1)) |
||||
end |
||||
|
||||
def test_safe_attribute_names_without_user |
||||
p = Person.new |
||||
User.current = nil |
||||
assert_equal ['firstname', 'lastname'], p.safe_attribute_names |
||||
User.current = User.find(1) |
||||
assert_equal ['firstname', 'lastname', 'login'], p.safe_attribute_names |
||||
end |
||||
|
||||
def test_set_safe_attributes |
||||
p = Person.new |
||||
p.send('safe_attributes=', {'firstname' => 'John', 'lastname' => 'Smith', 'login' => 'jsmith'}, User.anonymous) |
||||
assert_equal 'John', p.firstname |
||||
assert_equal 'Smith', p.lastname |
||||
assert_nil p.login |
||||
|
||||
p = Person.new |
||||
User.current = User.find(1) |
||||
p.send('safe_attributes=', {'firstname' => 'John', 'lastname' => 'Smith', 'login' => 'jsmith'}, User.find(1)) |
||||
assert_equal 'John', p.firstname |
||||
assert_equal 'Smith', p.lastname |
||||
assert_equal 'jsmith', p.login |
||||
end |
||||
|
||||
def test_set_safe_attributes_without_user |
||||
p = Person.new |
||||
User.current = nil |
||||
p.safe_attributes = {'firstname' => 'John', 'lastname' => 'Smith', 'login' => 'jsmith'} |
||||
assert_equal 'John', p.firstname |
||||
assert_equal 'Smith', p.lastname |
||||
assert_nil p.login |
||||
|
||||
p = Person.new |
||||
User.current = User.find(1) |
||||
p.safe_attributes = {'firstname' => 'John', 'lastname' => 'Smith', 'login' => 'jsmith'} |
||||
assert_equal 'John', p.firstname |
||||
assert_equal 'Smith', p.lastname |
||||
assert_equal 'jsmith', p.login |
||||
end |
||||
end |
Loading…
Reference in new issue