Remove protected_attributes gem and all whitelisting

2013-03-13 11:15:27 -05:00 · 2013-03-13 11:15:27 -05:00 · 2f88f7c0ed
parent ce37c301ff
commit 2f88f7c0ed
7 changed files with 2 additions and 18 deletions
--- a/1
+++ b/1
@ -3,7 +3,6 @@ source "https://rubygems.org"
 gemspec

 gem "rails", "~> 4.0.0.beta", github: "rails/rails", branch: "master"
-gem "protected_attributes", "~> 1.0.0"
 gem "omniauth", "~> 1.0.0"
 gem "omniauth-oauth2", "~> 1.0.0"
 gem "rdoc"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -112,8 +112,6 @@ GEM
    origin (1.0.11)
    orm_adapter (0.4.0)
    polyglot (0.3.3)
-    protected_attributes (1.0.0)
-      activemodel (>= 4.0.0.beta, < 5.0)
    rack (1.5.2)
    rack-openid (1.3.1)
      rack (>= 1.1.0)
@ -163,7 +161,6 @@ DEPENDENCIES
  omniauth-facebook
  omniauth-oauth2 (~> 1.0.0)
  omniauth-openid (~> 1.0.1)
-  protected_attributes (~> 1.0.0)
  rails (~> 4.0.0.beta)!
  rdoc
  sqlite3
--- a/lib/generators/active_record/devise_generator.rb
+++ b/lib/generators/active_record/devise_generator.rb
@ -22,10 +22,7 @@ module ActiveRecord
      end

      def inject_devise_content
-        content = model_contents + <<CONTENT
-  # Setup accessible (or protected) attributes for your model
-  attr_accessible :email, :password, :password_confirmation, :remember_me
-CONTENT
+        content = model_contents

        class_path = if namespaced?
          class_name.to_s.split("::")
--- a/test/generators/active_record_generator_test.rb
+++ b/test/generators/active_record_generator_test.rb
@ -10,13 +10,11 @@ if DEVISE_ORM == :active_record

    test "all files are properly created with rails31 migration syntax" do
      run_generator %w(monster)
-      assert_file "app/models/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
      assert_migration "db/migrate/devise_create_monsters.rb", /def change/
    end

    test "all files for namespaced model are properly created" do
      run_generator %w(admin/monster)
-      assert_file "app/models/admin/monster.rb", /devise/, /attr_accessible (:[a-z_]+(, )?)+/
      assert_migration "db/migrate/devise_create_admin_monsters.rb", /def change/
    end

@ -68,7 +66,7 @@ if DEVISE_ORM == :active_record
      simulate_inside_engine(RailsEngine::Engine, RailsEngine) do
        run_generator ["monster"]

-        assert_file "app/models/rails_engine/monster.rb", /devise/,/attr_accessible (:[a-z_]+(, )?)+/
+        assert_file "app/models/rails_engine/monster.rb", /devise/
      end
    end
  end
--- a/test/rails_app/config/application.rb
+++ b/test/rails_app/config/application.rb
@ -32,11 +32,6 @@ module RailsApp

    config.action_mailer.default_url_options = { :host => "localhost:3000" }

-    if DEVISE_ORM == :active_record
-      # Disable forcing whitelist attributes from protected attributes.
-      config.active_record.whitelist_attributes = false
-    end
-
    # This was used to break devise in some situations
    config.to_prepare do
      Devise::SessionsController.layout "application"
--- a/test/rails_app/lib/shared_user.rb
+++ b/test/rails_app/lib/shared_user.rb
@ -7,7 +7,6 @@ module SharedUser
           :trackable, :validatable, :omniauthable

    attr_accessor :other_key
-    attr_accessible :username, :email, :password, :password_confirmation, :remember_me, :confirmation_sent_at

    # They need to be included after Devise is called.
    extend ExtendMethods
--- a/test/test_models.rb
+++ b/test/test_models.rb
@ -15,7 +15,6 @@ end
 class UserWithVirtualAttributes < User
  devise :case_insensitive_keys => [ :email, :email_confirmation ]
  validates :email, :presence => true, :confirmation => {:on => :create}
-  attr_accessible :email, :email_confirmation
 end

 class Several < Admin