whitelist attributes when active_record storage is used

rumblelabs · Jun 11, 2012 · 2e510cd · 2e510cd
1 parent fb59906
commit 2e510cd
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 33 deletions.
diff --git a/Gemfile b/Gemfile
@@ -6,7 +6,7 @@ group :test, :development do
     #gem "rack-test", '0.5.7'
     #gem "mysql2", '0.2.6'
 
-  gem "rails", '3.2.3'
+  gem "rails", '3.2.5'
     gem "rack-test", '0.6.1'
     gem 'mysql2', '0.3.11'
 

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -1,36 +1,36 @@
 PATH
   remote: .
   specs:
-    rails_exception_handler (2.0.0)
+    rails_exception_handler (2.0.1)
 
 GEM
   remote: http://rubygems.org/
   specs:
-    actionmailer (3.2.3)
-      actionpack (= 3.2.3)
+    actionmailer (3.2.5)
+      actionpack (= 3.2.5)
       mail (~> 2.4.4)
-    actionpack (3.2.3)
-      activemodel (= 3.2.3)
-      activesupport (= 3.2.3)
+    actionpack (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
       builder (~> 3.0.0)
       erubis (~> 2.7.0)
       journey (~> 1.0.1)
       rack (~> 1.4.0)
       rack-cache (~> 1.2)
       rack-test (~> 0.6.1)
-      sprockets (~> 2.1.2)
-    activemodel (3.2.3)
-      activesupport (= 3.2.3)
+      sprockets (~> 2.1.3)
+    activemodel (3.2.5)
+      activesupport (= 3.2.5)
       builder (~> 3.0.0)
-    activerecord (3.2.3)
-      activemodel (= 3.2.3)
-      activesupport (= 3.2.3)
+    activerecord (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
       arel (~> 3.0.2)
       tzinfo (~> 0.3.29)
-    activeresource (3.2.3)
-      activemodel (= 3.2.3)
-      activesupport (= 3.2.3)
-    activesupport (3.2.3)
+    activeresource (3.2.5)
+      activemodel (= 3.2.5)
+      activesupport (= 3.2.5)
+    activesupport (3.2.5)
       i18n (~> 0.6)
       multi_json (~> 1.0)
     arel (3.0.2)
@@ -54,7 +54,7 @@ GEM
       treetop (~> 1.4.8)
     method_source (0.7.1)
     mime-types (1.18)
-    multi_json (1.3.5)
+    multi_json (1.3.6)
     mysql2 (0.3.11)
     polyglot (0.3.3)
     pry (0.9.9.6)
@@ -68,29 +68,29 @@ GEM
       rack
     rack-test (0.6.1)
       rack (>= 1.0)
-    rails (3.2.3)
-      actionmailer (= 3.2.3)
-      actionpack (= 3.2.3)
-      activerecord (= 3.2.3)
-      activeresource (= 3.2.3)
-      activesupport (= 3.2.3)
+    rails (3.2.5)
+      actionmailer (= 3.2.5)
+      actionpack (= 3.2.5)
+      activerecord (= 3.2.5)
+      activeresource (= 3.2.5)
+      activesupport (= 3.2.5)
       bundler (~> 1.0)
-      railties (= 3.2.3)
-    railties (3.2.3)
-      actionpack (= 3.2.3)
-      activesupport (= 3.2.3)
+      railties (= 3.2.5)
+    railties (3.2.5)
+      actionpack (= 3.2.5)
+      activesupport (= 3.2.5)
       rack-ssl (~> 1.3.2)
       rake (>= 0.8.7)
       rdoc (~> 3.4)
-      thor (~> 0.14.6)
+      thor (>= 0.14.6, < 2.0)
     rake (0.9.2.2)
     rdoc (3.12)
       json (~> 1.4)
     rspec (2.10.0)
       rspec-core (~> 2.10.0)
       rspec-expectations (~> 2.10.0)
       rspec-mocks (~> 2.10.0)
-    rspec-core (2.10.0)
+    rspec-core (2.10.1)
     rspec-expectations (2.10.0)
       diff-lcs (~> 1.1.3)
     rspec-mocks (2.10.1)
@@ -104,7 +104,7 @@ GEM
       hike (~> 1.2)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    thor (0.14.6)
+    thor (0.15.2)
     tilt (1.3.3)
     treetop (1.4.10)
       polyglot
@@ -119,6 +119,6 @@ DEPENDENCIES
   mysql2 (= 0.3.11)
   pry
   rack-test (= 0.6.1)
-  rails (= 3.2.3)
+  rails (= 3.2.5)
   rails_exception_handler!
   rspec-rails
diff --git a/lib/rails_exception_handler/configuration.rb b/lib/rails_exception_handler/configuration.rb
@@ -9,6 +9,7 @@ def initialize
     @fallback_layout = 'application'
     @response_mapping = {}
     @responses = {}
+    @whitelisted = false
   end
 
   def active_record?
@@ -43,4 +44,15 @@ def store_request_info(&block)
     @request_info_block = block
   end
 
+  def whitelist(fields)
+    return if(whitelisted?)
+    ErrorMessage.send(:attr_accessible, *fields)
+    @whitelisted = true
+  end
+
+  private
+
+  def whitelisted?
+    @whitelisted
+  end
 end
diff --git a/lib/rails_exception_handler/storage.rb b/lib/rails_exception_handler/storage.rb
@@ -1,5 +1,6 @@
 class RailsExceptionHandler::Storage
   def self.active_record(info)
+    RailsExceptionHandler.configuration.whitelist(info.keys)
     ErrorMessage.create(info)
   end
 

diff --git a/spec/dummy_32/config/application.rb b/spec/dummy_32/config/application.rb
@@ -54,7 +54,7 @@ class Application < Rails::Application
     # This will create an empty whitelist of attributes available for mass-assignment for all models
     # in your app. As such, your models will need to explicitly whitelist or blacklist accessible
     # parameters by using an attr_accessible or attr_protected declaration.
-    # config.active_record.whitelist_attributes = true
+    config.active_record.whitelist_attributes = true
 
     # Enable the asset pipeline
     config.assets.enabled = true