module ActiveRecord::MassAssignmentSecurity::NestedAttributes
Constants
- UNASSIGNABLE_KEYS
Private Instance Methods
assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {})
click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 72 def assign_nested_attributes_for_collection_association(association_name, attributes_collection, assignment_opts = {}) options = self.nested_attributes_options[association_name] unless attributes_collection.is_a?(Hash) || attributes_collection.is_a?(Array) raise ArgumentError, "Hash or Array expected, got #{attributes_collection.class.name} (#{attributes_collection.inspect})" end if limit = options[:limit] limit = case limit when Symbol send(limit) when Proc limit.call else limit end if limit && attributes_collection.size > limit raise TooManyRecords, "Maximum #{limit} records are allowed. Got #{attributes_collection.size} records instead." end end if attributes_collection.is_a? Hash keys = attributes_collection.keys attributes_collection = if keys.include?('id') || keys.include?(:id) [attributes_collection] else attributes_collection.values end end association = association(association_name) existing_records = if association.loaded? association.target else attribute_ids = attributes_collection.map {|a| a['id'] || a[:id] }.compact attribute_ids.empty? ? [] : association.scope.where(association.klass.primary_key => attribute_ids) end attributes_collection.each do |attributes| attributes = attributes.with_indifferent_access if attributes['id'].blank? unless reject_new_record?(association_name, attributes) association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts) end elsif existing_record = existing_records.detect { |record| record.id.to_s == attributes['id'].to_s } unless association.loaded? || call_reject_if(association_name, attributes) # Make sure we are operating on the actual object which is in the association's # proxy_target array (either by finding it, or adding it if not found) target_record = association.target.detect { |record| record == existing_record } if target_record existing_record = target_record else association.add_to_target(existing_record) end end if !call_reject_if(association_name, attributes) assign_to_or_mark_for_destruction(existing_record, attributes, options[:allow_destroy], assignment_opts) end elsif assignment_opts[:without_protection] association.build(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts) else raise_nested_attributes_record_not_found!(association_name, attributes['id']) end end end
assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {})
click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 51 def assign_nested_attributes_for_one_to_one_association(association_name, attributes, assignment_opts = {}) options = self.nested_attributes_options[association_name] attributes = attributes.with_indifferent_access if (options[:update_only] || !attributes['id'].blank?) && (record = send(association_name)) && (options[:update_only] || record.id.to_s == attributes['id'].to_s) assign_to_or_mark_for_destruction(record, attributes, options[:allow_destroy], assignment_opts) unless call_reject_if(association_name, attributes) elsif attributes['id'].present? && !assignment_opts[:without_protection] raise_nested_attributes_record_not_found!(association_name, attributes['id']) elsif !reject_new_record?(association_name, attributes) method = "build_#{association_name}" if respond_to?(method) send(method, attributes.except(*unassignable_keys(assignment_opts)), assignment_opts) else raise ArgumentError, "Cannot build association `#{association_name}'. Are you trying to build a polymorphic one-to-one association?" end end end
assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts)
click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 143 def assign_to_or_mark_for_destruction(record, attributes, allow_destroy, assignment_opts) record.assign_attributes(attributes.except(*unassignable_keys(assignment_opts)), assignment_opts) record.mark_for_destruction if has_destroy_flag?(attributes) && allow_destroy end
unassignable_keys(assignment_opts)
click to toggle source
# File lib/active_record/mass_assignment_security/nested_attributes.rb, line 148 def unassignable_keys(assignment_opts) assignment_opts[:without_protection] ? UNASSIGNABLE_KEYS - %w[id] : UNASSIGNABLE_KEYS end