Module: Heimdallr
- Defined in:
- lib/heimdallr.rb,
lib/heimdallr/model.rb,
lib/heimdallr/evaluator.rb,
lib/heimdallr/validator.rb,
lib/heimdallr/proxy/record.rb,
lib/heimdallr/legacy_resource.rb,
lib/heimdallr/proxy/collection.rb
Overview
See README.
Defined Under Namespace
Modules: LegacyResource, Model, Proxy Classes: Evaluator, InsecureOperationError, PermissionError, Validator
Class Attribute Summary collapse
-
.allow_insecure_associations ⇒ Boolean
Allow implicit insecure association access.
-
.skip_eager_condition_injection ⇒ Boolean
Allow unrestricted association fetching in case of eager loading.
Class Attribute Details
.allow_insecure_associations ⇒ Boolean
Allow implicit insecure association access. Consider this code:
class User < ActiveRecord::Base
include Heimdallr::Model
has_many :articles
end
class Article < ActiveRecord::Base
# No Heimdallr::Model!
end
If the allow_insecure_associations setting is false (the default), then user.restrict(context).articles fetch would cause an InsecureOperationError. This may be undesirable in some environments; setting allow_insecure_associations to true will prevent the error from being raised.
28 29 30 |
# File 'lib/heimdallr.rb', line 28 def allow_insecure_associations @allow_insecure_associations end |
.skip_eager_condition_injection ⇒ Boolean
Allow unrestricted association fetching in case of eager loading.
By default, associations are restricted with fetch scope either when they are accessed or when they are eagerly loaded (with #includes). Condition injection on eager loads are known to be quirky in some cases, particularly deeply nested polymorphic associations, and if the layout of your database guarantees that any data fetched through explicitly eagerly loaded associations will be safe to view (or if you restrict it manually), you can enable this setting to skip automatic condition injection.
42 43 44 |
# File 'lib/heimdallr.rb', line 42 def skip_eager_condition_injection @skip_eager_condition_injection end |