Module: Redmine::SafeAttributes
- Included in:
- Attachment, AuthSource, Board, Comment, CustomField, Document, EmailAddress, Group, Issue, IssueCategory, IssueRelation, IssueStatus, Journal, Message, News, Project, Repository, Role, TimeEntry, Tracker, User, UserPreference, Version, Wiki, WikiPage
- Defined in:
- lib/redmine/safe_attributes.rb
Defined Under Namespace
Modules: ClassMethods
Class Method Summary collapse
Instance Method Summary collapse
-
#delete_unsafe_attributes(attrs, user = User.current) ⇒ Object
Returns a hash with unsafe attributes removed from the given attrs hash.
-
#safe_attribute?(attr, user = nil) ⇒ Boolean
Returns true if attr can be set by user or the current user.
-
#safe_attribute_names(user = nil) ⇒ Object
Returns an array that can be safely set by user or current user.
-
#safe_attributes=(attrs, user = User.current) ⇒ Object
Sets attributes from attrs that are safe attrs is a Hash with string keys.
Class Method Details
.included(base) ⇒ Object
22 23 24 |
# File 'lib/redmine/safe_attributes.rb', line 22 def self.included(base) base.extend(ClassMethods) end |
Instance Method Details
#delete_unsafe_attributes(attrs, user = User.current) ⇒ Object
Returns a hash with unsafe attributes removed from the given attrs hash
Example:
book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'})
# => {'title' => 'My book'}
77 78 79 80 |
# File 'lib/redmine/safe_attributes.rb', line 77 def delete_unsafe_attributes(attrs, user=User.current) safe = safe_attribute_names(user) attrs.dup.delete_if {|k, v| !safe.include?(k.to_s)} end |
#safe_attribute?(attr, user = nil) ⇒ Boolean
Returns true if attr can be set by user or the current user
67 68 69 |
# File 'lib/redmine/safe_attributes.rb', line 67 def safe_attribute?(attr, user=nil) safe_attribute_names(user).include?(attr.to_s) end |
#safe_attribute_names(user = nil) ⇒ Object
Returns an array that can be safely set by user or current user
Example:
book.safe_attributes # => ['title', 'pages']
book.safe_attributes(book.) # => ['title', 'pages', 'isbn']
53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/redmine/safe_attributes.rb', line 53 def safe_attribute_names(user=nil) return @safe_attribute_names if @safe_attribute_names && user.nil? names = [] self.class.safe_attributes.collect do |attrs, | if [:if].nil? || [:if].call(self, user || User.current) names += attrs.collect(&:to_s) end end names.uniq! @safe_attribute_names = names if user.nil? names end |
#safe_attributes=(attrs, user = User.current) ⇒ Object
Sets attributes from attrs that are safe attrs is a Hash with string keys
84 85 86 87 88 89 90 91 |
# File 'lib/redmine/safe_attributes.rb', line 84 def safe_attributes=(attrs, user=User.current) if attrs.respond_to?(:to_unsafe_hash) attrs = attrs.to_unsafe_hash end return unless attrs.is_a?(Hash) self.attributes = delete_unsafe_attributes(attrs, user) end |