Sha256: 8e1fcb6d1ef8c21a1cf4ebaa920dca7913c45e338c42483c5cd4baf8e810d69f
Contents?: true
Size: 1.32 KB
Versions: 2
Compression:
Stored size: 1.32 KB
Contents
module ParamProtected
module ControllerModifications
def self.extended(action_controller)
action_controller.class_eval do
extend ClassMethods
include InstanceMethods
alias_method_chain :params, :protection
end
end
module ClassMethods
def param_protected(params, actions = nil)
Protector.instance(self).declare_protection(params, actions, BLACKLIST)
end
def param_accessible(params, actions = nil)
Protector.instance(self).declare_protection(params, actions, WHITELIST)
end
end
module InstanceMethods
def params_with_protection
# #params is called internally by ActionController::Base a few times before an action is dispatched,
# thus we can't filter and cache it right off the bat. We have to wait for #action_name to be present
# to know that we're really in an action and @_params actually contains something. Then we can filter
# and cache it.
if action_name.blank?
params_without_protection
elsif @params_protected
@params_protected
else
@params_protected = Protector.instance(self.class).protect(params_without_protection, action_name)
end
end
end
end
end
Version data entries
2 entries across 2 versions & 2 rubygems
| Version | Path |
|---|---|
| cjbottaro-param_protected-1.1.0 | lib/param_protected/controller_modifications.rb |
| param_protected-1.1.0 | lib/param_protected/controller_modifications.rb |