lib/trust/controller/resource.rb in trust-0.8.3 vs lib/trust/controller/resource.rb in trust-1.4.2
- old
+ new
@@ -42,18 +42,20 @@
class Resource
delegate :logger, :to => Rails
attr_reader :properties, :params, :action
attr_reader :info, :parent_info, :relation
+ attr_reader :params_handler
def initialize(controller, properties, action_name, params, request) # nodoc
@action = action_name.to_sym
-
+ @params_handler = {}
@controller, @properties, @params = controller, properties, params
@info = extract_resource_info(properties.model, params)
if properties.has_associations?
@parent_info = extract_parent_info(properties.associations, params, request)
+ self.parent = parent_info.object if parent_info
end
@relation = @info.relation(@parent_info)
end
# Returns the instance variable in the controller
@@ -71,28 +73,66 @@
# resource.instance = Account.find_by_number(123456)
def instance=(instance)
@controller.instance_variable_set(:"@#{instance_name}", instance)
end
- # Returns the parameters for the instance
+ # Returns the parameters for the instance (Rails 3)
#
# ==== Example
#
# # in AccountsController
# resource.instance_params # same as params[:account]
def instance_params
info.params
end
+
+ # Returns strong parameters for the instance (Rails 4)
+ # This call will take advantage of the spesified in permissions.
+ # If no such permissions is defined, it will fall back to instance_params
+ #
+ # ==== Example
+ #
+ # # assume the following permissions defined
+ # class Account < Default
+ # require :account
+ # permit :number, :amount
+ # end
+ #
+ # # in AccountsController
+ # resource.strong_params # same as params.require(:account).permit(:number, :amount)
+ #
+ # # as a new action
+ # resource.strong_params(true) # same as params.fetch(:account, {}).permit(:number, :amount)
+ #
+ def strong_params(new_action = new_action?)
+ if params_handler.size > 0
+ if params_handler[:require]
+ new_action ?
+ params.fetch(params_handler[:require], {}).permit(params_handler[:permit]) :
+ params.require(params_handler[:require]).permit(params_handler[:permit])
+ else
+ params.permit(params_handler[:permit])
+ end
+ else
+ instance_params
+ end
+ end
+ if Trust.rails_generation < 4
+ def strong_params(new_action = new_action?)
+ instance_params
+ end
+ end
+
# Returns the parents instance variable when you use +belongs_to+ for nested routes
def parent
- @controller.instance_variable_get(:"@#{parent_name}")
+ parent_name && @controller.instance_variable_get(:"@#{parent_name}")
end
# Sets the parent instance variable
def parent=(instance)
- @controller.instance_variable_set(:"@#{parent_name}", instance)
+ @controller.instance_variable_set(:"@#{parent_name}", instance) if parent_name
end
# Returns the cinstance variable for ollection
def instances
@controller.instance_variable_get(:"@#{plural_instance_name}")
@@ -122,24 +162,42 @@
# See Trust::Controller::ResourceInfo.collection which controls the behavior of this method.
def collection(instance = nil)
@info.collection(@parent_info, instance)
end
+ # true if action is a collection action
+ def collection_action?
+ @collection_action ||= properties.collection_action?(action)
+ end
+ # true if action is a collection action
+ def member_action?
+ @member_action ||= properties.member_action?(action)
+ end
+
+ # Returns a nested resource if parent is set
+ def nested
+ parent ? [parent, instance] : [instance]
+ end
+
+ # true if action is a new action
+ def new_action?
+ @new_action ||= properties.new_action?(action)
+ end
+
# Loads the resource
#
# See Trust::Controller::Properties which controls the behavior of this method.
#
# It will normally find the instance variable for existing object or initialize them as new.
# If using nested resources and +belongs_to+ has been declared in the controller it will use the
# parent relation if found.
def load
- self.parent = parent_info.object if parent_info
- if properties.new_actions.include?(action)
-# logger.debug "Trust.load: Setting new: class: #{klass} info.params: #{info.params.inspect}"
- self.instance ||= relation.new(info.params)
- @controller.send(:build, action) if @controller.respond_to?(:build,true)
+ if new_action?
+# logger.debug "Trust.load: Setting new: class: #{klass} strong_params: #{strong_params.inspect}"
+ self.instance ||= relation.new(strong_params)
+ @controller.send(:build, action) if @controller.respond_to?(:build, true)
elsif properties.member_actions.include?(action)
# logger.debug "Trust.load: Finding parent: #{parent.inspect}, relation: #{relation.inspect}"
self.instance ||= relation.find(params[:id] || params["#{relation.name.underscore}_id".to_sym])
@controller.send(:build, action) if @controller.respond_to?(:build,true)
else # other outcome would be collection actions
@@ -155,10 +213,20 @@
# resource.instance_name # => :account
def instance_name
info.name
end
+ # Assigns the handler for safe parameters
+ #
+ # This is normally set by the controller during authorization
+ # If you want to set this your self it should
+ def params_handler=(handler)
+ @params_handler = handler
+ end
+
+
+
# Returns the plural name of the instance for the resource
#
# ==== Example
#
# # in AccountsController
@@ -320,14 +388,14 @@
ptr = resources.detect do |r,as|
@klass = classify(r)
@as = as
([@klass] + @klass.descendants).detect do |c|
@name = c.to_s.underscore.tr('/','_').to_sym
- unless @id = request.symbolized_path_parameters["#{@name}_id".to_sym]
+ unless @id = request.path_parameters["#{@name}_id".to_sym]
# see if name space handling is necessary
if c.to_s.include?('::')
@name = c.to_s.demodulize.underscore.to_sym
- @id = request.symbolized_path_parameters["#{@name}_id".to_sym]
+ @id = request.path_parameters["#{@name}_id".to_sym]
end
end
@id
end
@id