Remove protected_attributes gem and all whitelisting
This commit is contained in:
parent
ce37c301ff
commit
2f88f7c0ed
1
Gemfile
1
Gemfile
|
@ -3,7 +3,6 @@ source "https://rubygems.org"
|
|||
gemspec
|
||||
|
||||
gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master"
|
||||
gem "protected_attributes", "~> 1.0.0"
|
||||
gem "omniauth", "~> 1.0.0"
|
||||
gem "omniauth-oauth2", "~> 1.0.0"
|
||||
gem "rdoc"
|
||||
|
|
|
@ -112,8 +112,6 @@ GEM
|
|||
origin (1.0.11)
|
||||
orm_adapter (0.4.0)
|
||||
polyglot (0.3.3)
|
||||
protected_attributes (1.0.0)
|
||||
activemodel (>= 4.0.0.beta, < 5.0)
|
||||
rack (1.5.2)
|
||||
rack-openid (1.3.1)
|
||||
rack (>= 1.1.0)
|
||||
|
@ -163,7 +161,6 @@ DEPENDENCIES
|
|||
omniauth-facebook
|
||||
omniauth-oauth2 (~> 1.0.0)
|
||||
omniauth-openid (~> 1.0.1)
|
||||
protected_attributes (~> 1.0.0)
|
||||
rails (~> 4.0.0.beta)!
|
||||
rdoc
|
||||
sqlite3
|
||||
|
|
|
@ -22,10 +22,7 @@ module ActiveRecord
|
|||
end
|
||||
|
||||
def inject_devise_content
|
||||
content = model_contents + <<CONTENT
|
||||
# Setup accessible (or protected) attributes for your model
|
||||
attr_accessible :email, :password, :password_confirmation, :remember_me
|
||||
CONTENT
|
||||
content = model_contents
|
||||
|
||||
class_path = if namespaced?
|
||||
class_name.to_s.split("::")
|
||||
|
|
|
@ -10,13 +10,11 @@ if DEVISE_ORM == :active_record
|
|||
|
||||
test "all files are properly created with rails31 migration syntax" do
|
||||
run_generator %w(monster)
|
||||
assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
|
||||
assert_migration "db/migrate/devise_create_monsters.rb", /def change/
|
||||
end
|
||||
|
||||
test "all files for namespaced model are properly created" do
|
||||
run_generator %w(admin/monster)
|
||||
assert_file "app/models/admin/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
|
||||
assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/
|
||||
end
|
||||
|
||||
|
@ -68,7 +66,7 @@ if DEVISE_ORM == :active_record
|
|||
simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
|
||||
run_generator ["monster"]
|
||||
|
||||
assert_file "app/models/rails_engine/monster.rb", /devise/,/attr_accessible (:[a-z_]+(, )?)+/
|
||||
assert_file "app/models/rails_engine/monster.rb", /devise/
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -32,11 +32,6 @@ module RailsApp
|
|||
|
||||
config.action_mailer.default_url_options = { :host => "localhost:3000" }
|
||||
|
||||
if DEVISE_ORM == :active_record
|
||||
# Disable forcing whitelist attributes from protected attributes.
|
||||
config.active_record.whitelist_attributes = false
|
||||
end
|
||||
|
||||
# This was used to break devise in some situations
|
||||
config.to_prepare do
|
||||
Devise::SessionsController.layout "application"
|
||||
|
|
|
@ -7,7 +7,6 @@ module SharedUser
|
|||
:trackable, :validatable, :omniauthable
|
||||
|
||||
attr_accessor :other_key
|
||||
attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :confirmation_sent_at
|
||||
|
||||
# They need to be included after Devise is called.
|
||||
extend ExtendMethods
|
||||
|
|
|
@ -15,7 +15,6 @@ end
|
|||
class UserWithVirtualAttributes < User
|
||||
devise :case_insensitive_keys => [ :email, :email_confirmation ]
|
||||
validates :email, :presence => true, :confirmation => {:on => :create}
|
||||
attr_accessible :email, :email_confirmation
|
||||
end
|
||||
|
||||
class Several < Admin
|
||||
|
|
Loading…
Reference in New Issue