Mercurial > hg > soundsoftware-site
comparison lib/redmine/safe_attributes.rb @ 1115:433d4f72a19b redmine-2.2
Update to Redmine SVN revision 11137 on 2.2-stable branch
| author | Chris Cannam |
|---|---|
| date | Mon, 07 Jan 2013 12:01:42 +0000 |
| parents | cbb26bc654de |
| children | 622f24f53b42 |
comparison
equal
deleted
inserted
replaced
| 929:5f33065ddc4b | 1115:433d4f72a19b |
|---|---|
| 1 # Redmine - project management software | 1 # Redmine - project management software |
| 2 # Copyright (C) 2006-2011 Jean-Philippe Lang | 2 # Copyright (C) 2006-2012 Jean-Philippe Lang |
| 3 # | 3 # |
| 4 # This program is free software; you can redistribute it and/or | 4 # This program is free software; you can redistribute it and/or |
| 5 # modify it under the terms of the GNU General Public License | 5 # modify it under the terms of the GNU General Public License |
| 6 # as published by the Free Software Foundation; either version 2 | 6 # as published by the Free Software Foundation; either version 2 |
| 7 # of the License, or (at your option) any later version. | 7 # of the License, or (at your option) any later version. |
| 29 # safe_attributes 'title', 'pages' | 29 # safe_attributes 'title', 'pages' |
| 30 # safe_attributes 'isbn', :if => {|book, user| book.author == user} | 30 # safe_attributes 'isbn', :if => {|book, user| book.author == user} |
| 31 def safe_attributes(*args) | 31 def safe_attributes(*args) |
| 32 @safe_attributes ||= [] | 32 @safe_attributes ||= [] |
| 33 if args.empty? | 33 if args.empty? |
| 34 @safe_attributes | 34 if superclass.include?(Redmine::SafeAttributes) |
| 35 @safe_attributes + superclass.safe_attributes | |
| 36 else | |
| 37 @safe_attributes | |
| 38 end | |
| 35 else | 39 else |
| 36 options = args.last.is_a?(Hash) ? args.pop : {} | 40 options = args.last.is_a?(Hash) ? args.pop : {} |
| 37 @safe_attributes << [args, options] | 41 @safe_attributes << [args, options] |
| 38 end | 42 end |
| 39 end | 43 end |
| 42 # Returns an array that can be safely set by user or current user | 46 # Returns an array that can be safely set by user or current user |
| 43 # | 47 # |
| 44 # Example: | 48 # Example: |
| 45 # book.safe_attributes # => ['title', 'pages'] | 49 # book.safe_attributes # => ['title', 'pages'] |
| 46 # book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] | 50 # book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] |
| 47 def safe_attribute_names(user=User.current) | 51 def safe_attribute_names(user=nil) |
| 52 return @safe_attribute_names if @safe_attribute_names && user.nil? | |
| 48 names = [] | 53 names = [] |
| 49 self.class.safe_attributes.collect do |attrs, options| | 54 self.class.safe_attributes.collect do |attrs, options| |
| 50 if options[:if].nil? || options[:if].call(self, user) | 55 if options[:if].nil? || options[:if].call(self, user || User.current) |
| 51 names += attrs.collect(&:to_s) | 56 names += attrs.collect(&:to_s) |
| 52 end | 57 end |
| 53 end | 58 end |
| 54 names.uniq | 59 names.uniq! |
| 60 @safe_attribute_names = names if user.nil? | |
| 61 names | |
| 62 end | |
| 63 | |
| 64 # Returns true if attr can be set by user or the current user | |
| 65 def safe_attribute?(attr, user=nil) | |
| 66 safe_attribute_names(user).include?(attr.to_s) | |
| 55 end | 67 end |
| 56 | 68 |
| 57 # Returns a hash with unsafe attributes removed | 69 # Returns a hash with unsafe attributes removed |
| 58 # from the given attrs hash | 70 # from the given attrs hash |
| 59 # | 71 # |