Module | Merb::ParamsFilter::ControllerMixin::ClassMethods |
In: |
merb-param-protection/lib/merb-param-protection.rb
|
Filters parameters out from the default log string
Params will still be passed to the controller properly, they will show up as [FILTERED] in the merb logs.
log_params_filtered :password, ‘token‘
# File merb-param-protection/lib/merb-param-protection.rb, line 73 73: def log_params_filtered(*args) 74: self.log_params_args = args.collect { |arg| arg.to_sym } 75: end
Ensures these parameters are sent for the object
params_accessible :post => [:title, :body]
# File merb-param-protection/lib/merb-param-protection.rb, line 55 55: def params_accessible(args = {}) 56: assign_filtered_params(:accessible_params_args, args) 57: end
Protects parameters of an object
params_protected :post => [:status, :author_id]
# File merb-param-protection/lib/merb-param-protection.rb, line 63 63: def params_protected(args = {}) 64: assign_filtered_params(:protected_params_args, args) 65: end
# File merb-param-protection/lib/merb-param-protection.rb, line 79 79: def assign_filtered_params(method, args) 80: validate_filtered_params(method, args) 81: 82: # If the method is nil, set to initial hash, otherwise merge 83: self.send(method).nil? ? self.send(method.to_s + '=', args) : self.send(method).merge!(args) 84: end
# File merb-param-protection/lib/merb-param-protection.rb, line 86 86: def validate_filtered_params(method, args) 87: # Reversing methods 88: params_methods = [:accessible_params_args, :protected_params_args] 89: params_methods.delete(method) 90: params_method = params_methods.first 91: 92: # Make sure the opposite method is not nil 93: unless self.send(params_method).nil? 94: # Loop through arg's keys 95: args.keys.each do |key| 96: # If the key exists on the opposite method, raise exception 97: if self.send(params_method).include?(key) 98: case method 99: when :accessible_params_args : raise "Cannot make accessible a controller (#{self}) that is already protected" 100: when :protected_params_args : raise "Cannot protect controller (#{self}) that is already accessible" 101: end 102: end 103: end 104: end 105: end