Module: AttributeExt::SafeAttributes

Defined in:

lib/attribute_ext/safe_attributes.rb

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .default_role ⇒ Object

  Returns default role used by SafeAttributes.

• .default_role=(role) ⇒ Object

  Sets SafeAttributes default role that will be used when given role is a nil value or the :default role.

• .included(base) ⇒ Object

  :nodoc:.

• .role_mapper(&block) ⇒ Object

  Returns current role mapper block or sets role mapper if an block is given.

• .role_mapper=(role_mapper) ⇒ Object

  Sets current role mapper to given Proc or removes role mapper if a nil value is given.

Instance Method Summary

• #mass_assignment_authorizer_with_safe_attrs(role = nil) ⇒ Object

  :nodoc:.

• #safe_attribute_names(role = nil) ⇒ Object

  Returns an array with attributes allowed to be mass assigned by given role.

• #safe_attributes_authorizer(role = nil) ⇒ Object
• #safe_attributes_role(role = nil) ⇒ Object

  Returns new mapped role for given role used by SafeAttributes.

Class Method Details

.default_role ⇒ Object

Returns default role used by SafeAttributes. See SafeAttributes#default_role= for how to specify a default role.

# File 'lib/attribute_ext/safe_attributes.rb', line 5

def SafeAttributes.default_role
  @default_role || :default
end

.default_role=(role) ⇒ Object

Sets SafeAttributes default role that will be used when given role is a nil value or the :default role. The SafeAttributes default role will only affect this extension and will not be given to Rails 3.1 mass assignment authorizer.

# File 'lib/attribute_ext/safe_attributes.rb', line 13

def SafeAttributes.default_role=(role)
  @default_role = role
end

.included(base) ⇒ Object

:nodoc:

# File 'lib/attribute_ext/safe_attributes.rb', line 42

def self.included(base)  # :nodoc:
  base.extend(ClassMethods)
  base.alias_method_chain :mass_assignment_authorizer, :safe_attrs
end

.role_mapper(&block) ⇒ Object

Returns current role mapper block or sets role mapper if an block is given. By default no role mapper is active.

AttributeExt::SafeAttributes.role_mapper do |role|
  [:guest, :user, :admin].include?(role) ? role : :guest
end

# File 'lib/attribute_ext/safe_attributes.rb', line 24

def SafeAttributes.role_mapper(&block)
  self.role_mapper = block if block
  @role_mapper
end

.role_mapper=(role_mapper) ⇒ Object

Sets current role mapper to given Proc or removes role mapper if a nil value is given. Any other value will do nothing.

AttributeExt::SafeAttributes.role_mapper = Proc.new do |role|
  [:guest, :user, :admin].include?(role) ? role : :guest
end

See SafeAttributes#role_mapper for an short way to set a role mapper.

# File 'lib/attribute_ext/safe_attributes.rb', line 37

def SafeAttributes.role_mapper=(role_mapper)
  @role_mapper = role_mapper if role_mapper.is_a?(Proc)
  @role_mapper = nil if role_mapper.nil?
end

Instance Method Details

#mass_assignment_authorizer_with_safe_attrs(role = nil) ⇒ Object

:nodoc:

# File 'lib/attribute_ext/safe_attributes.rb', line 99

def mass_assignment_authorizer_with_safe_attrs(role = nil) # :nodoc:
  safe_attributes_authorizer role
end

#safe_attribute_names(role = nil) ⇒ Object

Returns an array with attributes allowed to be mass assigned by given role. Role will be mapped before given to rules. This method should only be used to test own rules without need to create lots of records to test different situations. See AttributeExt specs for details.

# File 'lib/attribute_ext/safe_attributes.rb', line 134

def safe_attribute_names(role = nil)
  role = safe_attributes_role(role)
  
  names = []
  self.class.safe_attributes.collect do |attrs, options|
    next unless options[:as].empty? or options[:as].include?(role)
    next unless options[:if].nil? or safe_attrs_call(options[:if], role)
    next unless options[:unless].nil? or !safe_attrs_call(options[:unless], role)

    names += attrs.collect(&:to_s)
  end
  names.uniq
end

#safe_attributes_authorizer(role = nil) ⇒ Object

# File 'lib/attribute_ext/safe_attributes.rb', line 103

def safe_attributes_authorizer(role = nil)
  if AttributeExt.activemodel_3_0?
    attrs      = safe_attribute_names
    authorizer = mass_assignment_authorizer_without_safe_attrs
  else
    attrs      = safe_attribute_names(role)
    authorizer = mass_assignment_authorizer_without_safe_attrs(role)
  end

  if authorizer.kind_of?(::ActiveModel::MassAssignmentSecurity::WhiteList)
    return authorizer + attrs
  else
    return ::ActiveModel::MassAssignmentSecurity::WhiteList.new attrs
  end
end

#safe_attributes_role(role = nil) ⇒ Object

Returns new mapped role for given role used by SafeAttributes. This method should only be used to test own role mapper implementations without need for a full application. See AttributeExt specs for details.

See role_mapper method in SafeAttributes module for how to set a role mapper.

# File 'lib/attribute_ext/safe_attributes.rb', line 124

def safe_attributes_role(role = nil)
  return AttributeExt::SafeAttributes.role_mapper.call(role) unless AttributeExt::SafeAttributes.role_mapper.nil?
  return AttributeExt::SafeAttributes.default_role if role.nil? or role == :default
  role
end