kolan
/
Redmine
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Safe attributes for repositories. 

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@9876 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Jean-Philippe Lang 2012-06-19 19:47:54 +00:00
parent 3b854bee59
commit 585d08765e
4 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/repositories_controller.rb
View File

@ -47,7 +47,8 @@ class RepositoriesController < ApplicationController
def create def create
attrs = pickup_extra_info attrs = pickup_extra_info
@repository = Repository.factory(params[:repository_scm], attrs[:attrs]) @repository = Repository.factory(params[:repository_scm])
@repository.safe_attributes = params[:repository]
if attrs[:attrs_extra].keys.any? if attrs[:attrs_extra].keys.any?
@repository.merge_extra_info(attrs[:attrs_extra]) @repository.merge_extra_info(attrs[:attrs_extra])
end end
@ -64,7 +65,7 @@ class RepositoriesController < ApplicationController
def update def update
attrs = pickup_extra_info attrs = pickup_extra_info
@repository.attributes = attrs[:attrs] @repository.safe_attributes = attrs[:attrs]
if attrs[:attrs_extra].keys.any? if attrs[:attrs_extra].keys.any?
@repository.merge_extra_info(attrs[:attrs_extra]) @repository.merge_extra_info(attrs[:attrs_extra])
end end

9
app/models/repository.rb
View File

@ -19,6 +19,7 @@ class ScmFetchError < Exception; end
class Repository < ActiveRecord::Base class Repository < ActiveRecord::Base
include Redmine::Ciphering include Redmine::Ciphering
include Redmine::SafeAttributes
belongs_to :project belongs_to :project
has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC" has_many :changesets, :order => "#{Changeset.table_name}.committed_on DESC, #{Changeset.table_name}.id DESC"
@ -42,6 +43,14 @@ class Repository < ActiveRecord::Base
# Checks if the SCM is enabled when creating a repository # Checks if the SCM is enabled when creating a repository
validate :repo_create_validation, :on => :create validate :repo_create_validation, :on => :create
safe_attributes 'identifier',
'url',
'login',
'password',
'path_encoding',
'log_encoding',
'is_default'
def repo_create_validation def repo_create_validation
unless Setting.enabled_scm.include?(self.class.name.demodulize) unless Setting.enabled_scm.include?(self.class.name.demodulize)
errors.add(:type, :invalid) errors.add(:type, :invalid)

2
app/models/repository/cvs.rb
View File

@ -21,6 +21,8 @@ require 'digest/sha1'
class Repository::Cvs < Repository class Repository::Cvs < Repository
validates_presence_of :url, :root_url, :log_encoding validates_presence_of :url, :root_url, :log_encoding
safe_attributes 'root_url'
def self.human_attribute_name(attribute_key_name, *args) def self.human_attribute_name(attribute_key_name, *args)
attr_name = attribute_key_name.to_s attr_name = attribute_key_name.to_s
if attr_name == "root_url" if attr_name == "root_url"

4
lib/redmine/safe_attributes.rb
View File

@ -31,7 +31,11 @@ module Redmine
def safe_attributes(*args) def safe_attributes(*args)
@safe_attributes ||= [] @safe_attributes ||= []
if args.empty? if args.empty?
if superclass.include?(Redmine::SafeAttributes)
@safe_attributes + superclass.safe_attributes
else
@safe_attributes @safe_attributes
end
else else
options = args.last.is_a?(Hash) ? args.pop : {} options = args.last.is_a?(Hash) ? args.pop : {}
@safe_attributes << [args, options] @safe_attributes << [args, options]