add foodsoft_config protection whitelisting

This commit is contained in:
wvengen 2014-06-27 09:07:47 +02:00
parent 3fee071a10
commit f09ef892dc
2 changed files with 24 additions and 3 deletions

View file

@ -28,6 +28,9 @@
# shared_lists: false # allow database connection override
# use_messages: true # foodcoops can't disable the use of messages
#
# When you like to whitelist protected attributes, define an entry +all: true+,
# then you can whitelist specific attributes setting them to +false+.
#
class FoodsoftConfig
# @!attribute scope
@ -152,7 +155,11 @@ class FoodsoftConfig
# @return [Boolean] Whether this key may be set in the database
def allowed_key?(key)
# fast check for keys without nesting
return !self.config[:protected][key]
if self.config[:protected].include? key
return !self.config[:protected][key]
else
return !self.config[:protected][:all]
end
# @todo allow to check nested keys as well
end

View file

@ -5,11 +5,11 @@ describe FoodsoftConfig do
let(:other_name) { Faker::Lorem.words(rand(2..4)).join(' ') }
it 'returns a default value' do
expect(FoodsoftConfig[:protected][:database]).to be_true
expect(FoodsoftConfig[:protected][:database]).to be true
end
it 'returns an empty default value' do
expect(FoodsoftConfig[:protected][:LIUhniuyGNKUQTWfbiOQIWYexngo78hqexul]).to be_false
expect(FoodsoftConfig[:protected][:LIUhniuyGNKUQTWfbiOQIWYexngo78hqexul]).to be nil
end
it 'returns a configuration value' do
@ -60,6 +60,20 @@ describe FoodsoftConfig do
end
end
it 'can protect all values' do
old_name = FoodsoftConfig[:name]
FoodsoftConfig.config[:protected][:all] = true
FoodsoftConfig[:name] = name
expect(FoodsoftConfig[:name]).to eq old_name
end
it 'can whitelist a value' do
FoodsoftConfig.config[:protected][:all] = true
FoodsoftConfig.config[:protected][:name] = false
FoodsoftConfig[:name] = name
expect(FoodsoftConfig[:name]).to eq name
end
describe 'has indifferent access', type: :feature do
it 'with symbol' do
FoodsoftConfig[:name] = name