module ActiveRecord::MassAssignmentSecurity::NestedAttributes

Constants

UNASSIGNABLE_KEYS

Private Instance Methods

assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {}) click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 72
def assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {})
  options = self.nested_attributes_options[association_name]

  unless attributes_collection.is_a?(Hash) || attributes_collection.is_a?(Array)
    raise ArgumentError, "Hash or Array expected, got #{attributes_collection.class.name} (#{attributes_collection.inspect})"
  end

  if limit = options[:limit]
    limit = case limit
    when Symbol
      send(limit)
    when Proc
      limit.call
    else
      limit
    end

    if limit && attributes_collection.size > limit
      raise TooManyRecords, "Maximum #{limit} records are allowed. Got #{attributes_collection.size} records instead."
    end
  end

  if attributes_collection.is_a? Hash
    keys = attributes_collection.keys
    attributes_collection = if keys.include?('id') || keys.include?(:id)
      [attributes_collection]
    else
      attributes_collection.values
    end
  end

  association = association(association_name)

  existing_records = if association.loaded?
    association.target
  else
    attribute_ids = attributes_collection.map {|a| a['id'] || a[:id] }.compact
    attribute_ids.empty? ? [] : association.scope.where(association.klass.primary_key => attribute_ids)
  end

  attributes_collection.each do |attributes|
    attributes = attributes.with_indifferent_access

    if attributes['id'].blank?
      unless reject_new_record?(association_name, attributes)
        association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
      end
    elsif existing_record = existing_records.detect { |record| record.id.to_s == attributes['id'].to_s }
      unless association.loaded? || call_reject_if(association_name, attributes)
        # Make sure we are operating on the actual object which is in the association's
        # proxy_target array (either by finding it, or adding it if not found)
        target_record = association.target.detect { |record| record == existing_record }

        if target_record
          existing_record = target_record
        else
          association.add_to_target(existing_record)
        end
      end

      if !call_reject_if(association_name, attributes)
        assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy], assignment_opts)
      end
    elsif assignment_opts[:without_protection]
      association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
    else
      raise_nested_attributes_record_not_found!(association_name, attributes['id'])
    end
  end
end
assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {}) click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 51
def assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {})
  options = self.nested_attributes_options[association_name]
  attributes = attributes.with_indifferent_access

  if  (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) &&
      (options[:update_only] || record.id.to_s == attributes['id'].to_s)
    assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes)

  elsif attributes['id'].present? && !assignment_opts[:without_protection]
    raise_nested_attributes_record_not_found!(association_name, attributes['id'])

  elsif !reject_new_record?(association_name, attributes)
    method = "build_#{association_name}"
    if respond_to?(method)
      send(method, attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
    else
      raise ArgumentError, "Cannot build association `#{association_name}'. Are you trying to build a polymorphic one-to-one association?"
    end
  end
end
assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts) click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 143
def assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts)
  record.assign_attributes(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts)
  record.mark_for_destruction if has_destroy_flag?(attributes) && allow_destroy
end
unassignable_keys(assignment_opts) click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 148
def unassignable_keys(assignment_opts)
  assignment_opts[:without_protection] ? UNASSIGNABLE_KEYS - %w[id] : UNASSIGNABLE_KEYS
end