add foodsoft_config protection whitelisting
This commit is contained in:
wvengen
parent
3fee071a10
commit
f09ef892dc
|
|
@ -28,6 +28,9 @@
|
|||
# shared_lists: false # allow database connection override
|
||||
# use_messages: true # foodcoops can't disable the use of messages
|
||||
#
|
||||
# When you like to whitelist protected attributes, define an entry +all: true+,
|
||||
# then you can whitelist specific attributes setting them to +false+.
|
||||
#
|
||||
class FoodsoftConfig
|
||||
|
||||
# @!attribute scope
|
||||
|
|
@ -152,7 +155,11 @@ class FoodsoftConfig
|
|||
# @return [Boolean] Whether this key may be set in the database
|
||||
def allowed_key?(key)
|
||||
# fast check for keys without nesting
|
||||
return !self.config[:protected][key]
|
||||
if self.config[:protected].include? key
|
||||
return !self.config[:protected][key]
|
||||
else
|
||||
return !self.config[:protected][:all]
|
||||
end
|
||||
# @todo allow to check nested keys as well
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -5,11 +5,11 @@ describe FoodsoftConfig do
|
|||
let(:other_name) { Faker::Lorem.words(rand(2..4)).join(' ') }
|
||||
|
||||
it 'returns a default value' do
|
||||
expect(FoodsoftConfig[:protected][:database]).to be_true
|
||||
expect(FoodsoftConfig[:protected][:database]).to be true
|
||||
end
|
||||
|
||||
it 'returns an empty default value' do
|
||||
expect(FoodsoftConfig[:protected][:LIUhniuyGNKUQTWfbiOQIWYexngo78hqexul]).to be_false
|
||||
expect(FoodsoftConfig[:protected][:LIUhniuyGNKUQTWfbiOQIWYexngo78hqexul]).to be nil
|
||||
end
|
||||
|
||||
it 'returns a configuration value' do
|
||||
|
|
@ -60,6 +60,20 @@ describe FoodsoftConfig do
|
|||
end
|
||||
end
|
||||
|
||||
it 'can protect all values' do
|
||||
old_name = FoodsoftConfig[:name]
|
||||
FoodsoftConfig.config[:protected][:all] = true
|
||||
FoodsoftConfig[:name] = name
|
||||
expect(FoodsoftConfig[:name]).to eq old_name
|
||||
end
|
||||
|
||||
it 'can whitelist a value' do
|
||||
FoodsoftConfig.config[:protected][:all] = true
|
||||
FoodsoftConfig.config[:protected][:name] = false
|
||||
FoodsoftConfig[:name] = name
|
||||
expect(FoodsoftConfig[:name]).to eq name
|
||||
end
|
||||
|
||||
describe 'has indifferent access', type: :feature do
|
||||
it 'with symbol' do
|
||||
FoodsoftConfig[:name] = name
|
||||
|
|
|
|||
Loading…
Reference in New Issue