Foodsoft/foodsoft
1
1
Fork 0
Code Issues 36 Pull requests 5 Projects 1 Releases Wiki Activity

add foodsoft_config protection whitelisting

Browse source
This commit is contained in:
wvengen 2014-06-27 09:07:47 +02:00
parent 3fee071a10
commit f09ef892dc
2 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

9
lib/foodsoft_config.rb
View file

@ -28,6 +28,9 @@
# shared_lists: false # allow database connection override
# use_messages: true # foodcoops can't disable the use of messages
#
# When you like to whitelist protected attributes, define an entry +all: true+,
# then you can whitelist specific attributes setting them to +false+.
#
class FoodsoftConfig
# @!attribute scope
@ -152,7 +155,11 @@ class FoodsoftConfig
# @return [Boolean] Whether this key may be set in the database
def allowed_key?(key)
# fast check for keys without nesting
return !self.config[:protected][key]
if self.config[:protected].include? key
return !self.config[:protected][key]
else
return !self.config[:protected][:all]
end
# @todo allow to check nested keys as well
end