mirror of
https://github.com/drapergem/draper
synced 2023-03-27 23:21:17 -04:00
Clean up protections with regards to method_missing in AR circumventing denied methods
This commit is contained in:
parent
08c8937c96
commit
c70045aeac
6 changed files with 48 additions and 31 deletions
|
@ -4,7 +4,7 @@ module Draper
|
|||
class_attribute :denied, :allowed, :model_class
|
||||
attr_accessor :model
|
||||
|
||||
DEFAULT_DENIED = Object.new.methods
|
||||
DEFAULT_DENIED = Object.new.methods << :method_missing
|
||||
FORCED_PROXY = [:to_param]
|
||||
self.denied = DEFAULT_DENIED
|
||||
|
||||
|
|
|
@ -19,9 +19,11 @@ describe Draper::Base do
|
|||
end
|
||||
|
||||
context("selecting methods") do
|
||||
it "echos the methods of the wrapped class" do
|
||||
it "echos the methods of the wrapped class except default exclusions" do
|
||||
source.methods.each do |method|
|
||||
subject.should respond_to(method)
|
||||
unless Draper::Base::DEFAULT_DENIED.include?(method)
|
||||
subject.should respond_to(method)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -74,19 +76,24 @@ describe Draper::Base do
|
|||
end
|
||||
end
|
||||
|
||||
describe "a sample usage with denies" do
|
||||
before(:all) do
|
||||
end
|
||||
|
||||
describe "a sample usage with denies" do
|
||||
let(:subject_with_denies){ DecoratorWithDenies.new(source) }
|
||||
|
||||
it "should proxy methods not listed in denies" do
|
||||
subject_with_denies.should respond_to(:hello_world)
|
||||
end
|
||||
|
||||
it "should not echo methods specified with denies" do
|
||||
subject_with_denies.should_not respond_to(:upcase)
|
||||
subject_with_denies.should_not respond_to(:goodnight_moon)
|
||||
end
|
||||
|
||||
it "should not clobber other decorators' methods" do
|
||||
subject.should respond_to(:hello_world)
|
||||
end
|
||||
|
||||
it "should not allow method_missing to circumvent a deny" do
|
||||
expect{subject_with_denies.title}.to raise_error(NoMethodError)
|
||||
end
|
||||
end
|
||||
|
||||
describe "a sample usage with allows" do
|
||||
|
@ -116,15 +123,15 @@ describe Draper::Base do
|
|||
|
||||
let(:using_allows_then_denies){
|
||||
class DecoratorWithAllowsAndDenies < Draper::Base
|
||||
allows :upcase
|
||||
denies :downcase
|
||||
allows :hello_world
|
||||
denies :goodnight_moon
|
||||
end
|
||||
}
|
||||
|
||||
let(:using_denies_then_allows){
|
||||
class DecoratorWithDeniesAndAllows < Draper::Base
|
||||
denies :downcase
|
||||
allows :upcase
|
||||
denies :goodnight_moon
|
||||
allows :hello_world
|
||||
end
|
||||
}
|
||||
|
||||
|
@ -163,9 +170,5 @@ describe Draper::Base do
|
|||
it "should be able to use the pluralize helper" do
|
||||
decorator.sample_truncate.should == "Once..."
|
||||
end
|
||||
|
||||
it "should nullify method_missing to prevent AR from being cute" do
|
||||
pending("How to test this without AR? Ugh.")
|
||||
end
|
||||
end
|
||||
end
|
7
spec/samples/active_record.rb
Normal file
7
spec/samples/active_record.rb
Normal file
|
@ -0,0 +1,7 @@
|
|||
module ActiveRecord
|
||||
class Base
|
||||
def method_missing(name, *args)
|
||||
name
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,3 +1,3 @@
|
|||
class DecoratorWithDenies < Draper::Base
|
||||
denies :upcase
|
||||
denies :goodnight_moon, :title
|
||||
end
|
||||
|
|
21
spec/samples/product.rb
Normal file
21
spec/samples/product.rb
Normal file
|
@ -0,0 +1,21 @@
|
|||
class Product < ActiveRecord::Base
|
||||
def self.find(id)
|
||||
return Product.new
|
||||
end
|
||||
|
||||
def hello_world
|
||||
"Hello, World"
|
||||
end
|
||||
|
||||
def goodnight_moon
|
||||
"Goodnight, Moon"
|
||||
end
|
||||
|
||||
def title
|
||||
"Sample Title"
|
||||
end
|
||||
|
||||
def block
|
||||
yield
|
||||
end
|
||||
end
|
|
@ -1,17 +1,3 @@
|
|||
class Product
|
||||
def self.find(id)
|
||||
return Product.new
|
||||
end
|
||||
|
||||
def hello_world
|
||||
"Hello, World"
|
||||
end
|
||||
|
||||
def block
|
||||
yield
|
||||
end
|
||||
end
|
||||
|
||||
class ProductDecorator < Draper::Base
|
||||
decorates :product
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue