Mercurial > hg > soundsoftware-site
comparison lib/redmine/safe_attributes.rb @ 909:cbb26bc654de redmine-1.3
Update to Redmine 1.3-stable branch (Redmine SVN rev 8964)
| author | Chris Cannam |
|---|---|
| date | Fri, 24 Feb 2012 19:09:32 +0000 |
| parents | 8661b858af72 |
| children | 433d4f72a19b |
comparison
equal
deleted
inserted
replaced
| 908:c6c2cbd0afee | 909:cbb26bc654de |
|---|---|
| 1 # Redmine - project management software | 1 # Redmine - project management software |
| 2 # Copyright (C) 2006-2010 Jean-Philippe Lang | 2 # Copyright (C) 2006-2011 Jean-Philippe Lang |
| 3 # | 3 # |
| 4 # This program is free software; you can redistribute it and/or | 4 # This program is free software; you can redistribute it and/or |
| 5 # modify it under the terms of the GNU General Public License | 5 # modify it under the terms of the GNU General Public License |
| 6 # as published by the Free Software Foundation; either version 2 | 6 # as published by the Free Software Foundation; either version 2 |
| 7 # of the License, or (at your option) any later version. | 7 # of the License, or (at your option) any later version. |
| 8 # | 8 # |
| 9 # This program is distributed in the hope that it will be useful, | 9 # This program is distributed in the hope that it will be useful, |
| 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 12 # GNU General Public License for more details. | 12 # GNU General Public License for more details. |
| 13 # | 13 # |
| 14 # You should have received a copy of the GNU General Public License | 14 # You should have received a copy of the GNU General Public License |
| 15 # along with this program; if not, write to the Free Software | 15 # along with this program; if not, write to the Free Software |
| 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | 16 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. |
| 17 | 17 |
| 18 module Redmine | 18 module Redmine |
| 19 module SafeAttributes | 19 module SafeAttributes |
| 20 def self.included(base) | 20 def self.included(base) |
| 21 base.extend(ClassMethods) | 21 base.extend(ClassMethods) |
| 22 end | 22 end |
| 23 | 23 |
| 24 module ClassMethods | 24 module ClassMethods |
| 25 # Declares safe attributes | 25 # Declares safe attributes |
| 26 # An optional Proc can be given for conditional inclusion | 26 # An optional Proc can be given for conditional inclusion |
| 27 # | 27 # |
| 28 # Example: | 28 # Example: |
| 36 options = args.last.is_a?(Hash) ? args.pop : {} | 36 options = args.last.is_a?(Hash) ? args.pop : {} |
| 37 @safe_attributes << [args, options] | 37 @safe_attributes << [args, options] |
| 38 end | 38 end |
| 39 end | 39 end |
| 40 end | 40 end |
| 41 | 41 |
| 42 # Returns an array that can be safely set by user or current user | 42 # Returns an array that can be safely set by user or current user |
| 43 # | 43 # |
| 44 # Example: | 44 # Example: |
| 45 # book.safe_attributes # => ['title', 'pages'] | 45 # book.safe_attributes # => ['title', 'pages'] |
| 46 # book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] | 46 # book.safe_attributes(book.author) # => ['title', 'pages', 'isbn'] |
| 51 names += attrs.collect(&:to_s) | 51 names += attrs.collect(&:to_s) |
| 52 end | 52 end |
| 53 end | 53 end |
| 54 names.uniq | 54 names.uniq |
| 55 end | 55 end |
| 56 | 56 |
| 57 # Returns a hash with unsafe attributes removed | 57 # Returns a hash with unsafe attributes removed |
| 58 # from the given attrs hash | 58 # from the given attrs hash |
| 59 # | 59 # |
| 60 # Example: | 60 # Example: |
| 61 # book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'}) | 61 # book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'}) |
| 62 # # => {'title' => 'My book'} | 62 # # => {'title' => 'My book'} |
| 63 def delete_unsafe_attributes(attrs, user=User.current) | 63 def delete_unsafe_attributes(attrs, user=User.current) |
| 64 safe = safe_attribute_names(user) | 64 safe = safe_attribute_names(user) |
| 65 attrs.dup.delete_if {|k,v| !safe.include?(k)} | 65 attrs.dup.delete_if {|k,v| !safe.include?(k)} |
| 66 end | 66 end |
| 67 | 67 |
| 68 # Sets attributes from attrs that are safe | 68 # Sets attributes from attrs that are safe |
| 69 # attrs is a Hash with string keys | 69 # attrs is a Hash with string keys |
| 70 def safe_attributes=(attrs, user=User.current) | 70 def safe_attributes=(attrs, user=User.current) |
| 71 return unless attrs.is_a?(Hash) | 71 return unless attrs.is_a?(Hash) |
| 72 self.attributes = delete_unsafe_attributes(attrs, user) | 72 self.attributes = delete_unsafe_attributes(attrs, user) |