From fbda1615bcace50670dad4e9578b75d38be598ba Mon Sep 17 00:00:00 2001 From: Michael King Date: Mon, 11 Nov 2013 17:26:17 -0600 Subject: [PATCH 1/5] add test for protected attributes --- spec/cancan/controller_resource_spec.rb | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/spec/cancan/controller_resource_spec.rb b/spec/cancan/controller_resource_spec.rb index 03f16bfb..fddd70fd 100644 --- a/spec/cancan/controller_resource_spec.rb +++ b/spec/cancan/controller_resource_spec.rb @@ -488,4 +488,14 @@ class Section lambda { resource.load_and_authorize_resource }.should_not raise_error @controller.instance_variable_get(:@project).should be_nil end + + context "given load_and_authorize_resource has an attributes method name" do + it "should use attributes method to acquire resource params" do + @params.merge!(:controller => "project", :action => "create") + sanitized = {:first => 1, :second => 2} + stub(@controller).attributes_method {sanitized} + resource = CanCan::ControllerResource.new(@controller, {:attributes => :attributes_method}) + resource.send("resource_params_by_namespaced_name").should eq(sanitized) + end + end end From fd6d9d37ad065488e1236d546c49c92755bc9185 Mon Sep 17 00:00:00 2001 From: Michael King Date: Mon, 11 Nov 2013 17:26:35 -0600 Subject: [PATCH 2/5] get attributes method name from options and stash it as a symbol --- lib/cancan/controller_resource.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb index 702fbcfb..5ca9fbcf 100644 --- a/lib/cancan/controller_resource.rb +++ b/lib/cancan/controller_resource.rb @@ -16,6 +16,7 @@ def initialize(controller, *args) @params = controller.params @options = args.extract_options! @name = args.first + @params_method = @options[:attributes] && @options[:attributes].to_sym raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested] raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name] raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource] From dd62d9086087c4286c29e6e82b7134b646c40064 Mon Sep 17 00:00:00 2001 From: Michael King Date: Mon, 11 Nov 2013 17:26:41 -0600 Subject: [PATCH 3/5] Fallback to legacy behavior if no attributes method specified --- lib/cancan/controller_resource.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb index 5ca9fbcf..1da8e270 100644 --- a/lib/cancan/controller_resource.rb +++ b/lib/cancan/controller_resource.rb @@ -224,7 +224,11 @@ def resource_params end def resource_params_by_namespaced_name - @params[extract_key(namespaced_name)] + if @params_method && @controller.respond_to?(@params_method) + @controller.send(@params_method) + else + @params[extract_key(namespaced_name)] + end end def namespace From 132c8967cd22620ceb6755a52bc1b9088b6bbe09 Mon Sep 17 00:00:00 2001 From: Michael King Date: Tue, 12 Nov 2013 13:18:29 -0600 Subject: [PATCH 4/5] make sure params_method is always set, either to the value passed in or to guessed default --- lib/cancan/controller_resource.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb index 1da8e270..b2a49be9 100644 --- a/lib/cancan/controller_resource.rb +++ b/lib/cancan/controller_resource.rb @@ -16,7 +16,7 @@ def initialize(controller, *args) @params = controller.params @options = args.extract_options! @name = args.first - @params_method = @options[:attributes] && @options[:attributes].to_sym + @params_method = @options.fetch(:attributes, "#{@name}_params").to_sym raise CanCan::ImplementationRemoved, "The :nested option is no longer supported, instead use :through with separate load/authorize call." if @options[:nested] raise CanCan::ImplementationRemoved, "The :name option is no longer supported, instead pass the name as the first argument." if @options[:name] raise CanCan::ImplementationRemoved, "The :resource option has been renamed back to :class, use false if no class." if @options[:resource] From 7ccd3f19acd6c2bb18f019724621d3c42f4f1669 Mon Sep 17 00:00:00 2001 From: Michael King Date: Tue, 12 Nov 2013 13:19:26 -0600 Subject: [PATCH 5/5] cant check respond_to for a private method, rescue of params_method does not exist and run legacy method --- lib/cancan/controller_resource.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/cancan/controller_resource.rb b/lib/cancan/controller_resource.rb index b2a49be9..724b3d15 100644 --- a/lib/cancan/controller_resource.rb +++ b/lib/cancan/controller_resource.rb @@ -224,9 +224,9 @@ def resource_params end def resource_params_by_namespaced_name - if @params_method && @controller.respond_to?(@params_method) + begin @controller.send(@params_method) - else + rescue @params[extract_key(namespaced_name)] end end