rails--rails/activemodel/CHANGELOG.md

## Rails 4.0.0 (unreleased) ##

*   Use BCrypt's MIN_COST in the test environment for speedier tests when using `has_secure_pasword`.

    *Brian Cardarella + Jeremy Kemper + Trevor Turk*

*   Add `ActiveModel::ForbiddenAttributesProtection`, a simple module to
    protect attributes from mass assignment when non-permitted attributes are passed.

    *DHH + Guillermo Iguaran*

*   `ActiveModel::MassAssignmentSecurity` has been extracted from Active Model and the
    `protected_attributes` gem should be added to Gemfile in order to use
    `attr_accessible` and `attr_protected` macros in your models.

    *Guillermo Iguaran*

*   Due to a change in builder, nil values and empty strings now generates
    closed tags, so instead of this:

        <pseudonyms nil=\"true\"></pseudonyms>

    It generates this:

        <pseudonyms nil=\"true\"/>

    *Carlos Antonio da Silva*

*   Changed inclusion and exclusion validators to accept a symbol for `:in` option.

    This allows to use dynamic inclusion/exclusion values using methods, besides the current lambda/proc support.

    *Gabriel Sobrinho*

*   `AM::Validation#validates` ability to pass custom exception to `:strict` option.

    *Bogdan Gusiev*

*   Changed `ActiveModel::Serializers::Xml::Serializer#add_associations` to by default
    propagate `:skip_types, :dasherize, :camelize` keys to included associations.
    It can be overriden on each association by explicitly specifying the option on one
    or more associations

    *Anthony Alberto*

*   Changed `AM::Serializers::JSON.include_root_in_json' default value to false.
    Now, AM Serializers and AR objects have the same default behaviour. Fixes #6578.

        class User < ActiveRecord::Base; end

        class Person
          include ActiveModel::Model
          include ActiveModel::AttributeMethods
          include ActiveModel::Serializers::JSON

          attr_accessor :name, :age

          def attributes
            instance_values
          end
        end

        user.as_json
        => {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true}
        # root is not included

        person.as_json
        => {"name"=>"Francesco", "age"=>22}
        # root is not included

    *Francesco Rodriguez*

*   Passing false hash values to `validates` will no longer enable the corresponding validators *Steve Purcell*

*   `ConfirmationValidator` error messages will attach to `:#{attribute}_confirmation` instead of `attribute` *Brian Cardarella*

*   Added ActiveModel::Model, a mixin to make Ruby objects work with AP out of box *Guillermo Iguaran*

*   `AM::Errors#to_json`: support `:full_messages` parameter *Bogdan Gusiev*

*   Trim down Active Model API by removing `valid?` and `errors.full_messages` *José Valim*

*   When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide *Jan Berdajs + Egor Homakov*

Please check [3-2-stable](https://github.com/rails/rails/blob/3-2-stable/activemodel/CHANGELOG.md) for previous changes.
changelog updates for Rails 4 [ci skip] 2012-03-08 15:52:17 -05:00			`## Rails 4.0.0 (unreleased) ##`

Use BCrypt's MIN_COST in the test environment for speedier tests 2012-11-14 10:42:54 -05:00			* Use BCrypt's MIN_COST in the test environment for speedier tests when using `has_secure_pasword`.

			`Brian Cardarella + Jeremy Kemper + Trevor Turk`

Update changelogs to add entries about strong_parameters integration 2012-09-19 18:10:32 -04:00			* Add `ActiveModel::ForbiddenAttributesProtection`, a simple module to
			`protect attributes from mass assignment when non-permitted attributes are passed.`

			`DHH + Guillermo Iguaran`

			* `ActiveModel::MassAssignmentSecurity` has been extracted from Active Model and the
			`protected_attributes` gem should be added to Gemfile in order to use
			`attr_accessible` and `attr_protected` macros in your models.

			`Guillermo Iguaran`

Update Active Model xml serialization test to reflect a change in builder Due to a change in builder, nil values and empty strings now generates closed tags, so instead of this: <pseudonyms nil=\"true\"></pseudonyms> It generates this: <pseudonyms nil=\"true\"/> Document this change in Rails so that people can track it down easily if necessary. 2012-09-07 12:08:30 -04:00			`* Due to a change in builder, nil values and empty strings now generates`
			`closed tags, so instead of this:`

			`<pseudonyms nil=\"true\"></pseudonyms>`

			`It generates this:`

			`<pseudonyms nil=\"true\"/>`

			`Carlos Antonio da Silva`

Accept a symbol for `:in` option on inclusion and exclusion validators 2012-08-12 16:38:22 -04:00			* Changed inclusion and exclusion validators to accept a symbol for `:in` option.

			`This allows to use dynamic inclusion/exclusion values using methods, besides the current lambda/proc support.`

			`Gabriel Sobrinho`

Merge pull request #7024 from bogdan/strict_validation_custom_exception AM::Validation#validates: custom exception for :strict option Conflicts: activemodel/CHANGELOG.md 2012-08-16 15:59:04 -04:00			* `AM::Validation#validates` ability to pass custom exception to `:strict` option.

			`Bogdan Gusiev`

			* Changed `ActiveModel::Serializers::Xml::Serializer#add_associations` to by default
			propagate `:skip_types, :dasherize, :camelize` keys to included associations.
			`It can be overriden on each association by explicitly specifying the option on one`
			`or more associations`

			`Anthony Alberto`
Following the false issue reporting I did here : https://github.com/rails/rails/issues/6958 - Enable propagation of :skip_types, :dasherize and :camelize on included models by default - Adding the option to override this propagation on a per-include basis (:include => { :model => { :dasherize => false } } - Enough tests to prove it works - Updated activemodel CHANGELOG.md Squashed my commits 2012-07-27 15:13:05 -04:00
change AMS::JSON.include_root_in_json default value to false Changes: * Update `include_root_in_json` default value to false for default value to false for `ActiveModel::Serializers::JSON`. * Remove unnecessary change to include_root_in_json option in wrap_parameters template. * Update `as_json` documentation. * Fix JSONSerialization tests. Problem: It's confusing that AM serializers behave differently from AR, even when AR objects include AM serializers module. class User < ActiveRecord::Base; end class Person include ActiveModel::Model include ActiveModel::AttributeMethods include ActiveModel::Serializers::JSON attr_accessor :name, :age def attributes instance_values end end user.as_json => {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true} # root is not included person.as_json => {"person"=>{"name"=>"Francesco", "age"=>22}} # root is included ActiveRecord::Base.include_root_in_json => false Person.include_root_in_json => true # different default values for include_root_in_json Proposal: Change the default value of AM serializers to false, update the misleading documentation and remove unnecessary change to false of include_root_in_json option with AR objects. class User < ActiveRecord::Base; end class Person include ActiveModel::Model include ActiveModel::AttributeMethods include ActiveModel::Serializers::JSON attr_accessor :name, :age def attributes instance_values end end user.as_json => {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true} # root is not included person.as_json => {"name"=>"Francesco", "age"=>22} # root is not included ActiveRecord::Base.include_root_in_json => false Person.include_root_in_json => false # same behaviour, more consistent Fixes #6578. 2012-06-06 02:11:39 -04:00			* Changed `AM::Serializers::JSON.include_root_in_json' default value to false.
			`Now, AM Serializers and AR objects have the same default behaviour. Fixes #6578.`

			`class User < ActiveRecord::Base; end`

			`class Person`
			`include ActiveModel::Model`
			`include ActiveModel::AttributeMethods`
			`include ActiveModel::Serializers::JSON`

			`attr_accessor :name, :age`

			`def attributes`
			`instance_values`
			`end`
			`end`

			`user.as_json`
			`=> {"id"=>1, "name"=>"Konata Izumi", "age"=>16, "awesome"=>true}`
			`# root is not included`

			`person.as_json`
			`=> {"name"=>"Francesco", "age"=>22}`
			`# root is not included`

			`Francesco Rodriguez`

Don't enable validations when passing false hash values to ActiveModel.validates Passing a falsey option value for a validator currently causes that validator to be enabled, just like "true": ActiveModel.validates :foo, :presence => false This is rather counterintuitive, and makes it inconvenient to wrap `validates` in methods which may conditionally enable different validators. As an example, one is currently forced to write: def has_slug(source_field, options={:unique => true}) slugger = Proc.new { \|r\| r[:slug] = self.class.sluggify(r[source_field]) if r[:slug].blank? } before_validation slugger validations = { :presence => true, :slug => true } if options[:unique] validations[:uniqueness] = true end validates :slug, validations end because the following reasonable-looking alternative fails to work as expected: def has_slug(source_field, options={:unique => true}) slugger = Proc.new { \|r\| r[:slug] = self.class.sluggify(r[source_field]) if r[:slug].blank? } before_validation slugger validates :slug, :presence => true, :slug => true, :uniqueness => options[:unique] end (This commit includes a test, and all activemodel and activerecord tests pass as before.) 2012-05-28 09:39:09 -04:00			* Passing false hash values to `validates` will no longer enable the corresponding validators Steve Purcell

Reordered changelog entry 2012-04-23 21:30:24 -04:00			* `ConfirmationValidator` error messages will attach to `:#{attribute}_confirmation` instead of `attribute` Brian Cardarella

Add ActiveModel::Model, a mixin to make Ruby objects to work with AP inmediatly 2012-03-02 23:20:17 -05:00			`* Added ActiveModel::Model, a mixin to make Ruby objects work with AP out of box Guillermo Iguaran`

AM::Errors: allow :full_messages parameter for #as_json 2012-02-17 05:12:10 -05:00			* `AM::Errors#to_json`: support `:full_messages` parameter Bogdan Gusiev

Trim down Active Model API by removing valid? and errors.full_messages 2012-02-07 17:10:14 -05:00			* Trim down Active Model API by removing `valid?` and `errors.full_messages` José Valim

add credit to committer of pull request #6569 2012-10-18 10:28:45 -04:00			* When `^` or `$` are used in the regular expression provided to `validates_format_of` and the :multiline option is not set to true, an exception will be raised. This is to prevent security vulnerabilities when using `validates_format_of`. The problem is described in detail in the Rails security guide Jan Berdajs + Egor Homakov
prevent users from unknowingly using bad regexps that can compromise security (http://homakov.blogspot.co.uk/2012/05/saferweb-injects-in-various-ruby.html) 2012-06-07 18:08:51 -04:00
CHANGELOGs are now per branch Changes in old branches needed to be manually synched in CHANGELOGs of newer ones. This has proven to be brittle, sometimes one just forgets this manual step. With this commit we switch to CHANGELOGs per branch. When a new major version is cut from master, the CHANGELOGs in master start being blank. A link to the CHANGELOG of the previous branch allows anyone interested to follow the history. 2012-08-28 15:15:12 -04:00			`Please check [3-2-stable](https://github.com/rails/rails/blob/3-2-stable/activemodel/CHANGELOG.md) for previous changes.`