Module: Redmine::SafeAttributes

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(base) ⇒ Object



22
23
24
# File 'lib/redmine/safe_attributes.rb', line 22

def self.included(base)
  base.extend(ClassMethods)
end

Instance Method Details

#delete_unsafe_attributes(attrs, user = User.current) ⇒ Object

Returns a hash with unsafe attributes removed from the given attrs hash

Example:

book.delete_unsafe_attributes({'title' => 'My book', 'foo' => 'bar'})
# => {'title' => 'My book'}


77
78
79
80
# File 'lib/redmine/safe_attributes.rb', line 77

def delete_unsafe_attributes(attrs, user=User.current)
  safe = safe_attribute_names(user)
  attrs.dup.delete_if {|k, v| !safe.include?(k.to_s)}
end

#safe_attribute?(attr, user = nil) ⇒ Boolean

Returns true if attr can be set by user or the current user

Returns:

  • (Boolean)


67
68
69
# File 'lib/redmine/safe_attributes.rb', line 67

def safe_attribute?(attr, user=nil)
  safe_attribute_names(user).include?(attr.to_s)
end

#safe_attribute_names(user = nil) ⇒ Object

Returns an array that can be safely set by user or current user

Example:

book.safe_attributes # => ['title', 'pages']
book.safe_attributes(book.author) # => ['title', 'pages', 'isbn']


53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/redmine/safe_attributes.rb', line 53

def safe_attribute_names(user=nil)
  return @safe_attribute_names if @safe_attribute_names && user.nil?
  names = []
  self.class.safe_attributes.collect do |attrs, options|
    if options[:if].nil? || options[:if].call(self, user || User.current)
      names += attrs.collect(&:to_s)
    end
  end
  names.uniq!
  @safe_attribute_names = names if user.nil?
  names
end

#safe_attributes=(attrs, user = User.current) ⇒ Object

Sets attributes from attrs that are safe attrs is a Hash with string keys



84
85
86
87
88
89
90
91
# File 'lib/redmine/safe_attributes.rb', line 84

def safe_attributes=(attrs, user=User.current)
  if attrs.respond_to?(:to_unsafe_hash)
    attrs = attrs.to_unsafe_hash
  end

  return unless attrs.is_a?(Hash)
  self.attributes = delete_unsafe_attributes(attrs, user)
end