diff --git a/lib/ransack/nodes/attribute.rb b/lib/ransack/nodes/attribute.rb index 3e6792e..20d9ca6 100644 --- a/lib/ransack/nodes/attribute.rb +++ b/lib/ransack/nodes/attribute.rb @@ -19,7 +19,8 @@ module Ransack end def valid? - bound? && attr + bound? && attr && + context.klassify(parent).ransackable_attributes.include?(attr_name) end def type @@ -50,4 +51,4 @@ module Ransack end end -end \ No newline at end of file +end diff --git a/spec/ransack/adapters/active_record/base_spec.rb b/spec/ransack/adapters/active_record/base_spec.rb index 302da17..90c65f5 100644 --- a/spec/ransack/adapters/active_record/base_spec.rb +++ b/spec/ransack/adapters/active_record/base_spec.rb @@ -59,9 +59,14 @@ module Ransack s.result.to_sql.should_not match /ORDER BY "people"."name" \|\| "only_search" \|\| "people"."name" ASC/ end + it 'allows search by "only_search" field' do + s = Person.search(:only_search_eq => 'htimS cirA') + s.result.to_sql.should match /WHERE "people"."name" \|\| "only_search" \|\| "people"."name" = 'htimS cirA'/ + end + it "can't be searched by 'only_sort'" do s = Person.search(:only_sort_eq => 'htimS cirA') - s.result.to_sql.should_not match /'htimS cirA'/ + s.result.to_sql.should_not match /WHERE "people"."name" \|\| "only_sort" \|\| "people"."name" = 'htimS cirA'/ end end diff --git a/spec/support/schema.rb b/spec/support/schema.rb index 601d054..e406392 100644 --- a/spec/support/schema.rb +++ b/spec/support/schema.rb @@ -29,11 +29,11 @@ class Person < ActiveRecord::Base Arel::Nodes::InfixOperation.new('||', parent.table[:name], parent.table[:name]) end - ransacker :only_search, :formatter => proc {|v| "only_search#{v}"} do |parent| + ransacker :only_search do |parent| Arel::Nodes::InfixOperation.new('|| "only_search" ||', parent.table[:name], parent.table[:name]) end - ransacker :only_sort, :formatter => proc {|v| "only_sort#{v}"} do |parent| + ransacker :only_sort do |parent| Arel::Nodes::InfixOperation.new('|| "only_sort" ||', parent.table[:name], parent.table[:name]) end