kotovalexarian-likes-github/rails--rails
1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00
Code Releases Activity

Whitelist legal job parameter types

Browse source
This commit is contained in:
Mike Perham 2014-05-19 04:18:28 -07:00
parent 60b8af42e9
commit 575a837de1
2 changed files with 18 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/active_job/parameters.rb
View file

@ -3,13 +3,17 @@ require 'active_support/core_ext/object/try'
module ActiveJob
class Parameters
TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array]
def self.serialize(params)
params.collect { |param| param.try(:global_id) || param }
params.collect do |param|
raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class)
param.try(:global_id) || param
end
end
def self.deserialize(params)
params.collect { |param| ActiveModel::GlobalLocator.locate(param) || param }
end
end
end

15
test/cases/parameters_test.rb
View file

@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase
test 'should make no change to regular values' do
assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ])
end
test 'should not allow complex objects' do
err = assert_raises RuntimeError do
ActiveJob::Parameters.serialize([ 1, self ])
end
assert_equal "Unsupported parameter type: #{self.class.name}", err.message
end
test 'should serialize records with global id' do
assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ])
end
test 'should serialize values and records together' do
assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ])
end
@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase
test 'should make no change to regular values' do
assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ])
end
test 'should deserialize records with global id' do
assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ])
end
test 'should serialize values and records together' do
assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ])
end