lib/paper_trail/events/base.rb in paper_trail-13.0.0 vs lib/paper_trail/events/base.rb in paper_trail-14.0.0
- old
+ new
@@ -20,10 +20,23 @@
# The value inserted into the `event` column of the versions table can also
# be overridden by the user, with `paper_trail_event`.
#
# @api private
class Base
+ E_FORBIDDEN_METADATA_KEY = <<-EOS.squish
+ Forbidden metadata key: %s. As of PT 14, the following metadata keys are
+ forbidden: %s
+ EOS
+ FORBIDDEN_METADATA_KEYS = %i[
+ created_at
+ id
+ item_id
+ item_subtype
+ item_type
+ updated_at
+ ].freeze
+
# @api private
def initialize(record, in_after_callback)
@record = record
@in_after_callback = in_after_callback
end
@@ -42,10 +55,17 @@
end
end
private
+ # @api private
+ def assert_metadatum_key_is_permitted(key)
+ return unless FORBIDDEN_METADATA_KEYS.include?(key.to_sym)
+ raise PaperTrail::InvalidOption,
+ format(E_FORBIDDEN_METADATA_KEY, key, FORBIDDEN_METADATA_KEYS)
+ end
+
# Rails 5.1 changed the API of `ActiveRecord::Dirty`. See
# https://github.com/paper-trail-gem/paper_trail/pull/899
#
# @api private
def attribute_changed_in_latest_version?(attr_name)
@@ -173,18 +193,21 @@
# Updates `data` from `controller_info`.
#
# @api private
def merge_metadata_from_controller_into(data)
- data.merge(PaperTrail.request.controller_info || {})
+ metadata = PaperTrail.request.controller_info || {}
+ metadata.keys.each { |k| assert_metadatum_key_is_permitted(k) }
+ data.merge(metadata)
end
# Updates `data` from the model's `meta` option.
#
# @api private
def merge_metadata_from_model_into(data)
@record.paper_trail_options[:meta].each do |k, v|
+ assert_metadatum_key_is_permitted(k)
data[k] = model_metadatum(v, data[:event])
end
end
# Given a `value` from the model's `meta` option, returns an object to be
@@ -219,10 +242,10 @@
end
# @api private
def notable_changes
changes_in_latest_version.delete_if { |k, _v|
- !notably_changed.include?(k)
+ notably_changed.exclude?(k)
}
end
# @api private
def notably_changed