diff --git a/Gemfile.rails_version b/Gemfile.rails_version index 488f186e..a7850908 100644 --- a/Gemfile.rails_version +++ b/Gemfile.rails_version @@ -2,7 +2,6 @@ # separate fragment so that it can be sourced from the test # application's Gemfile in addition to the main development Gemfile. -ENV['RAILS_VERSION'] = '4.0.0' # SMELL Explicitly setting RAILS_VERSION as it's not set if ENV['RAILS_VERSION'] case ENV['RAILS_VERSION'] when /3.0$/ @@ -15,11 +14,11 @@ if ENV['RAILS_VERSION'] gem 'rails', '~> 3.2.0' # A JS runtime is required for Rails 3.1+ gem 'therubyracer', '~> 0.10.2' - when /4.0.0$/ + when /4.0$/ gem 'rails', '~> 4.0.0' # A JS runtime is required for Rails 4.0+ gem 'therubyracer', platforms: :ruby - gem 'protected_attributes' # SMELL remove this to provide full Rails 4 support for Strong Parameters + gem 'protected_attributes', :git => 'git://github.com/rails/protected_attributes.git' else fail "Unknown Rails version #{ENV['RAILS_VERSION']}" end diff --git a/Rakefile b/Rakefile index ae3951bd..78b01e83 100644 --- a/Rakefile +++ b/Rakefile @@ -41,7 +41,11 @@ namespace :testbed do desc 'Generate a minimal surveyor-using rails app' task :generate do Tempfile.open('surveyor_Rakefile') do |f| - f.write("application \"config.time_zone='Rome'\"");f.flush + f.write("application \"config.time_zone='Rome'\"\n") + # SMELL add support for protected_attributes + f.write("application \"config.active_record.whitelist_attributes = true\"\n") + f.write("application \"config.active_record.mass_assignment_sanitizer = :strict\"\n") + f.flush sh "bundle exec rails new testbed --skip-bundle -m #{f.path}" # don't run bundle install until the Gemfile modifications end chdir('testbed') do diff --git a/lib/surveyor/models/answer_methods.rb b/lib/surveyor/models/answer_methods.rb index 4f9950a5..df9e8ba3 100644 --- a/lib/surveyor/models/answer_methods.rb +++ b/lib/surveyor/models/answer_methods.rb @@ -24,8 +24,9 @@ def self.included(base) @@validations_already_included = true end - # Whitelisting attributes - base.send :attr_accessible, :question, :question_id, :text, :short_text, :help_text, :weight, :response_class, :reference_identifier, :data_export_identifier, :common_namespace, :common_identifier, :display_order, :is_exclusive, :display_length, :custom_class, :custom_renderer, :default_value, :display_type, :input_mask, :input_mask_placeholder + # Whitelisting attributes + base.send :attr_accessible, :question, :question_id, :text, :short_text, :help_text, :weight, :response_class, :reference_identifier, :data_export_identifier, :common_namespace, :common_identifier, :display_order, :is_exclusive, :display_length, :custom_class, :custom_renderer, :default_value, :display_type, :input_mask, :input_mask_placeholder + end # Instance Methods diff --git a/lib/surveyor/models/validation_condition_methods.rb b/lib/surveyor/models/validation_condition_methods.rb index 36754d53..b9dcc222 100644 --- a/lib/surveyor/models/validation_condition_methods.rb +++ b/lib/surveyor/models/validation_condition_methods.rb @@ -46,7 +46,8 @@ def is_valid?(response) !(response.as(klass) == compare_to.as(klass)) when "=~" return false if compare_to != self - !(response.as(klass).to_s =~ Regexp.new(self.regexp || "")).nil? + # SMELL Eval regex!! + !(response.as(klass).to_s =~ Regexp.new(eval(self.regexp) || "")).nil? else false end diff --git a/spec/controllers/surveyor_controller_spec.rb b/spec/controllers/surveyor_controller_spec.rb index b3b34842..a9ae5e1a 100644 --- a/spec/controllers/surveyor_controller_spec.rb +++ b/spec/controllers/surveyor_controller_spec.rb @@ -184,7 +184,7 @@ def do_get(params = {}) end context "with update exceptions" do it 'retries the update on a constraint violation' do - response_set.should_receive(:update_from_ui_hash).ordered.with(responses_ui_hash).and_raise(ActiveRecord::StatementInvalid) + response_set.should_receive(:update_from_ui_hash).ordered.with(responses_ui_hash).and_raise(ActiveRecord::StatementInvalid) response_set.should_receive(:update_from_ui_hash).ordered.with(responses_ui_hash) expect { do_put(:r => responses_ui_hash) }.to_not raise_error diff --git a/spec/models/answer_spec.rb b/spec/models/answer_spec.rb index 1bc81a87..89392c26 100644 --- a/spec/models/answer_spec.rb +++ b/spec/models/answer_spec.rb @@ -13,7 +13,7 @@ end it "protects #api_id" do saved_attrs = answer.attributes - if defined? ActiveModel::MassAssignmentSecurity::Error + if defined? ActiveModel::MassAssignmentSecurity::Error expect { answer.update_attributes(:api_id => "NEW") }.to raise_error(ActiveModel::MassAssignmentSecurity::Error) else answer.attributes = {:api_id => "NEW"} # Rails doesn't return false, but this will be checked in the comparison to saved_attrs diff --git a/spec/models/validation_condition_spec.rb b/spec/models/validation_condition_spec.rb index ab321c74..bde17e67 100644 --- a/spec/models/validation_condition_spec.rb +++ b/spec/models/validation_condition_spec.rb @@ -69,8 +69,8 @@ def test_var(vhash, ahash, rhash) end it "should validate a response by regexp" do - test_var({:operator => "=~", :regexp => /^[a-z]{1,6}$/}, {:response_class => "string"}, {:string_value => "clear"}).should be_true - test_var({:operator => "=~", :regexp => /^[a-z]{1,6}$/}, {:response_class => "string"}, {:string_value => "foobarbaz"}).should be_false + test_var({:operator => "=~", :regexp => '/^[a-z]{1,6}$/'}, {:response_class => "string"}, {:string_value => "clear"}).should be_true + test_var({:operator => "=~", :regexp => '/^[a-z]{1,6}$/'}, {:response_class => "string"}, {:string_value => "foobarbaz"}).should be_false end it "should validate a response by integer comparison" do test_var({:operator => ">", :integer_value => 3}, {:response_class => "integer"}, {:integer_value => 4}).should be_true