2011-05-02 18:37:40 -04:00
|
|
|
require 'active_support/core_ext/hash/slice'
|
2011-05-02 19:36:58 -04:00
|
|
|
require 'active_support/core_ext/hash/except'
|
2011-05-17 14:51:44 -04:00
|
|
|
require 'active_support/core_ext/module/anonymous'
|
2012-11-26 23:37:24 -05:00
|
|
|
require 'action_dispatch/http/mime_type'
|
2011-04-28 04:56:11 -04:00
|
|
|
|
|
|
|
module ActionController
|
2011-08-27 16:55:54 -04:00
|
|
|
# Wraps the parameters hash into a nested hash. This will allow clients to submit
|
|
|
|
# POST requests without having to specify any root elements.
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
2011-08-20 14:19:57 -04:00
|
|
|
# This functionality is enabled in +config/initializers/wrap_parameters.rb+
|
2011-08-27 16:55:54 -04:00
|
|
|
# and can be customized. If you are upgrading to \Rails 3.1, this file will
|
2011-08-20 14:19:57 -04:00
|
|
|
# need to be created for the functionality to be enabled.
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# You could also turn it on per controller by setting the format array to
|
2011-08-27 16:55:54 -04:00
|
|
|
# a non-empty array:
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# class UsersController < ApplicationController
|
2012-09-18 23:19:49 -04:00
|
|
|
# wrap_parameters format: [:json, :xml]
|
2011-04-28 04:56:11 -04:00
|
|
|
# end
|
|
|
|
#
|
2011-08-27 16:55:54 -04:00
|
|
|
# If you enable +ParamsWrapper+ for +:json+ format, instead of having to
|
2011-04-28 04:56:11 -04:00
|
|
|
# send JSON parameters like this:
|
|
|
|
#
|
|
|
|
# {"user": {"name": "Konata"}}
|
|
|
|
#
|
2011-08-27 16:55:54 -04:00
|
|
|
# You can send parameters like this:
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# {"name": "Konata"}
|
|
|
|
#
|
2011-08-27 16:55:54 -04:00
|
|
|
# And it will be wrapped into a nested hash with the key name matching the
|
2011-04-28 04:56:11 -04:00
|
|
|
# controller's name. For example, if you're posting to +UsersController+,
|
|
|
|
# your new +params+ hash will look like this:
|
|
|
|
#
|
|
|
|
# {"name" => "Konata", "user" => {"name" => "Konata"}}
|
|
|
|
#
|
|
|
|
# You can also specify the key in which the parameters should be wrapped to,
|
2011-05-19 10:33:25 -04:00
|
|
|
# and also the list of attributes it should wrap by using either +:include+ or
|
|
|
|
# +:exclude+ options like this:
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# class UsersController < ApplicationController
|
2012-09-18 23:19:49 -04:00
|
|
|
# wrap_parameters :person, include: [:username, :password]
|
2011-04-28 04:56:11 -04:00
|
|
|
# end
|
|
|
|
#
|
2012-01-05 15:18:54 -05:00
|
|
|
# On ActiveRecord models with no +:include+ or +:exclude+ option set,
|
2012-09-18 23:19:49 -04:00
|
|
|
# it will only wrap the parameters returned by the class method
|
|
|
|
# <tt>attribute_names</tt>.
|
2011-12-07 22:50:01 -05:00
|
|
|
#
|
2011-04-28 04:56:11 -04:00
|
|
|
# If you're going to pass the parameters to an +ActiveModel+ object (such as
|
2012-04-28 00:33:56 -04:00
|
|
|
# <tt>User.new(params[:user])</tt>), you might consider passing the model class to
|
2011-04-28 04:56:11 -04:00
|
|
|
# the method instead. The +ParamsWrapper+ will actually try to determine the
|
|
|
|
# list of attribute names from the model and only wrap those attributes:
|
|
|
|
#
|
|
|
|
# class UsersController < ApplicationController
|
|
|
|
# wrap_parameters Person
|
|
|
|
# end
|
|
|
|
#
|
2011-05-19 10:33:25 -04:00
|
|
|
# You still could pass +:include+ and +:exclude+ to set the list of attributes
|
2011-04-28 04:56:11 -04:00
|
|
|
# you want to wrap.
|
|
|
|
#
|
|
|
|
# By default, if you don't specify the key in which the parameters would be
|
|
|
|
# wrapped to, +ParamsWrapper+ will actually try to determine if there's
|
|
|
|
# a model related to it or not. This controller, for example:
|
|
|
|
#
|
|
|
|
# class Admin::UsersController < ApplicationController
|
|
|
|
# end
|
|
|
|
#
|
2012-04-27 03:00:30 -04:00
|
|
|
# will try to check if <tt>Admin::User</tt> or +User+ model exists, and use it to
|
2011-06-04 10:41:44 -04:00
|
|
|
# determine the wrapper key respectively. If both models don't exist,
|
2011-04-28 04:56:11 -04:00
|
|
|
# it will then fallback to use +user+ as the key.
|
|
|
|
module ParamsWrapper
|
|
|
|
extend ActiveSupport::Concern
|
|
|
|
|
|
|
|
EXCLUDE_PARAMETERS = %w(authenticity_token _method utf8)
|
|
|
|
|
2012-11-13 16:52:01 -05:00
|
|
|
require 'mutex_m'
|
|
|
|
|
|
|
|
class Options < Struct.new(:name, :format, :include, :exclude, :klass, :model) # :nodoc:
|
|
|
|
include Mutex_m
|
|
|
|
|
2012-11-13 14:38:36 -05:00
|
|
|
def self.from_hash(hash)
|
2012-11-13 16:39:42 -05:00
|
|
|
name = hash[:name]
|
|
|
|
format = Array(hash[:format])
|
|
|
|
include = hash[:include] && Array(hash[:include]).collect(&:to_s)
|
|
|
|
exclude = hash[:exclude] && Array(hash[:exclude]).collect(&:to_s)
|
2012-11-13 17:26:22 -05:00
|
|
|
new name, format, include, exclude, nil, nil
|
|
|
|
end
|
|
|
|
|
2014-12-17 20:03:29 -05:00
|
|
|
def initialize(name, format, include, exclude, klass, model) # :nodoc:
|
2012-11-13 17:26:22 -05:00
|
|
|
super
|
|
|
|
@include_set = include
|
|
|
|
@name_set = name
|
2012-11-13 14:38:36 -05:00
|
|
|
end
|
2012-11-13 16:52:01 -05:00
|
|
|
|
|
|
|
def model
|
|
|
|
super || synchronize { super || self.model = _default_wrap_model }
|
|
|
|
end
|
|
|
|
|
2012-11-13 17:26:22 -05:00
|
|
|
def include
|
|
|
|
return super if @include_set
|
|
|
|
|
|
|
|
m = model
|
|
|
|
synchronize do
|
|
|
|
return super if @include_set
|
|
|
|
|
|
|
|
@include_set = true
|
|
|
|
|
|
|
|
unless super || exclude
|
|
|
|
if m.respond_to?(:attribute_names) && m.attribute_names.any?
|
|
|
|
self.include = m.attribute_names
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-13 17:32:47 -05:00
|
|
|
def name
|
|
|
|
return super if @name_set
|
|
|
|
|
|
|
|
m = model
|
|
|
|
synchronize do
|
|
|
|
return super if @name_set
|
|
|
|
|
|
|
|
@name_set = true
|
|
|
|
|
|
|
|
unless super || klass.anonymous?
|
|
|
|
self.name = m ? m.to_s.demodulize.underscore :
|
|
|
|
klass.controller_name.singularize
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2012-11-13 16:52:01 -05:00
|
|
|
private
|
|
|
|
# Determine the wrapper model from the controller's name. By convention,
|
|
|
|
# this could be done by trying to find the defined model that has the
|
|
|
|
# same singularize name as the controller. For example, +UsersController+
|
|
|
|
# will try to find if the +User+ model exists.
|
|
|
|
#
|
|
|
|
# This method also does namespace lookup. Foo::Bar::UsersController will
|
|
|
|
# try to find Foo::Bar::User, Foo::User and finally User.
|
|
|
|
def _default_wrap_model #:nodoc:
|
|
|
|
return nil if klass.anonymous?
|
|
|
|
model_name = klass.name.sub(/Controller$/, '').classify
|
|
|
|
|
|
|
|
begin
|
|
|
|
if model_klass = model_name.safe_constantize
|
|
|
|
model_klass
|
|
|
|
else
|
|
|
|
namespaces = model_name.split("::")
|
|
|
|
namespaces.delete_at(-2)
|
|
|
|
break if namespaces.last == model_name
|
|
|
|
model_name = namespaces.join("::")
|
|
|
|
end
|
|
|
|
end until model_klass
|
|
|
|
|
|
|
|
model_klass
|
|
|
|
end
|
2012-11-13 14:38:36 -05:00
|
|
|
end
|
|
|
|
|
2011-04-28 04:56:11 -04:00
|
|
|
included do
|
|
|
|
class_attribute :_wrapper_options
|
2012-11-13 14:38:36 -05:00
|
|
|
self._wrapper_options = Options.from_hash(format: [])
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
module ClassMethods
|
2012-11-13 14:38:36 -05:00
|
|
|
def _set_wrapper_options(options)
|
|
|
|
self._wrapper_options = Options.from_hash(options)
|
|
|
|
end
|
|
|
|
|
2011-04-28 04:56:11 -04:00
|
|
|
# Sets the name of the wrapper key, or the model which +ParamsWrapper+
|
|
|
|
# would use to determine the attribute names from.
|
|
|
|
#
|
|
|
|
# ==== Examples
|
2012-10-27 16:05:27 -04:00
|
|
|
# wrap_parameters format: :xml
|
2011-08-27 16:55:54 -04:00
|
|
|
# # enables the parameter wrapper for XML format
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# wrap_parameters :person
|
|
|
|
# # wraps parameters into +params[:person]+ hash
|
|
|
|
#
|
|
|
|
# wrap_parameters Person
|
2011-06-04 10:41:44 -04:00
|
|
|
# # wraps parameters by determining the wrapper key from Person class
|
2011-04-28 04:56:11 -04:00
|
|
|
# (+person+, in this case) and the list of attribute names
|
|
|
|
#
|
2012-10-27 16:05:27 -04:00
|
|
|
# wrap_parameters include: [:username, :title]
|
2011-04-28 04:56:11 -04:00
|
|
|
# # wraps only +:username+ and +:title+ attributes from parameters.
|
|
|
|
#
|
|
|
|
# wrap_parameters false
|
2011-06-04 10:41:44 -04:00
|
|
|
# # disables parameters wrapping for this controller altogether.
|
2011-04-28 04:56:11 -04:00
|
|
|
#
|
|
|
|
# ==== Options
|
|
|
|
# * <tt>:format</tt> - The list of formats in which the parameters wrapper
|
|
|
|
# will be enabled.
|
2011-05-19 10:33:25 -04:00
|
|
|
# * <tt>:include</tt> - The list of attribute names which parameters wrapper
|
2011-04-28 04:56:11 -04:00
|
|
|
# will wrap into a nested hash.
|
2011-05-19 10:33:25 -04:00
|
|
|
# * <tt>:exclude</tt> - The list of attribute names which parameters wrapper
|
2011-04-28 04:56:11 -04:00
|
|
|
# will exclude from a nested hash.
|
|
|
|
def wrap_parameters(name_or_model_or_options, options = {})
|
2011-05-02 18:37:40 -04:00
|
|
|
model = nil
|
|
|
|
|
|
|
|
case name_or_model_or_options
|
|
|
|
when Hash
|
2011-04-28 04:56:11 -04:00
|
|
|
options = name_or_model_or_options
|
2011-05-02 18:37:40 -04:00
|
|
|
when false
|
|
|
|
options = options.merge(:format => [])
|
|
|
|
when Symbol, String
|
|
|
|
options = options.merge(:name => name_or_model_or_options)
|
|
|
|
else
|
|
|
|
model = name_or_model_or_options
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
|
2012-11-13 16:46:06 -05:00
|
|
|
opts = Options.from_hash _wrapper_options.to_h.slice(:format).merge(options)
|
|
|
|
opts.model = model
|
|
|
|
opts.klass = self
|
2012-11-13 13:45:04 -05:00
|
|
|
|
2012-11-13 17:32:47 -05:00
|
|
|
self._wrapper_options = opts
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Sets the default wrapper key or model which will be used to determine
|
|
|
|
# wrapper key and attribute names. Will be called automatically when the
|
|
|
|
# module is inherited.
|
|
|
|
def inherited(klass)
|
2012-11-13 14:38:36 -05:00
|
|
|
if klass._wrapper_options.format.any?
|
2012-11-13 16:46:06 -05:00
|
|
|
params = klass._wrapper_options.dup
|
|
|
|
params.klass = klass
|
2012-11-13 17:32:47 -05:00
|
|
|
klass._wrapper_options = params
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
super
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# Performs parameters wrapping upon the request. Will be called automatically
|
|
|
|
# by the metal call stack.
|
|
|
|
def process_action(*args)
|
|
|
|
if _wrapper_enabled?
|
2014-01-28 16:51:01 -05:00
|
|
|
if request.parameters[_wrapper_key].present?
|
|
|
|
wrapped_hash = _extract_parameters(request.parameters)
|
|
|
|
else
|
|
|
|
wrapped_hash = _wrap_parameters request.request_parameters
|
|
|
|
end
|
|
|
|
|
2012-04-29 11:16:32 -04:00
|
|
|
wrapped_keys = request.request_parameters.keys
|
|
|
|
wrapped_filtered_hash = _wrap_parameters request.filtered_parameters.slice(*wrapped_keys)
|
2011-04-28 04:56:11 -04:00
|
|
|
|
|
|
|
# This will make the wrapped hash accessible from controller and view
|
|
|
|
request.parameters.merge! wrapped_hash
|
|
|
|
request.request_parameters.merge! wrapped_hash
|
|
|
|
|
2014-10-07 09:23:51 -04:00
|
|
|
# This will display the wrapped hash in the log file
|
2011-05-02 19:36:58 -04:00
|
|
|
request.filtered_parameters.merge! wrapped_filtered_hash
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
super
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
2011-05-02 19:36:58 -04:00
|
|
|
|
2014-10-07 09:23:51 -04:00
|
|
|
# Returns the wrapper key which will be used to stored wrapped parameters.
|
2011-04-28 04:56:11 -04:00
|
|
|
def _wrapper_key
|
2012-11-13 14:38:36 -05:00
|
|
|
_wrapper_options.name
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
# Returns the list of enabled formats.
|
|
|
|
def _wrapper_formats
|
2012-11-13 14:38:36 -05:00
|
|
|
_wrapper_options.format
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
|
2011-05-02 19:36:58 -04:00
|
|
|
# Returns the list of parameters which will be selected for wrapped.
|
|
|
|
def _wrap_parameters(parameters)
|
2014-01-28 16:51:01 -05:00
|
|
|
{ _wrapper_key => _extract_parameters(parameters) }
|
|
|
|
end
|
|
|
|
|
|
|
|
def _extract_parameters(parameters)
|
|
|
|
if include_only = _wrapper_options.include
|
2011-05-19 10:33:25 -04:00
|
|
|
parameters.slice(*include_only)
|
2011-05-02 19:36:58 -04:00
|
|
|
else
|
2012-11-13 14:38:36 -05:00
|
|
|
exclude = _wrapper_options.exclude || []
|
2011-05-19 10:33:25 -04:00
|
|
|
parameters.except(*(exclude + EXCLUDE_PARAMETERS))
|
2011-05-02 19:36:58 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2011-04-28 04:56:11 -04:00
|
|
|
# Checks if we should perform parameters wrapping.
|
|
|
|
def _wrapper_enabled?
|
2011-05-02 18:37:40 -04:00
|
|
|
ref = request.content_mime_type.try(:ref)
|
2011-05-17 06:55:03 -04:00
|
|
|
_wrapper_formats.include?(ref) && _wrapper_key && !request.request_parameters[_wrapper_key]
|
2011-04-28 04:56:11 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|