vinsol / nested_attributes_uniqueness Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
nested_attributes_uniqueness's People
Contributors
Stargazers
Watchers
nested_attributes_uniqueness's Issues
NoMethodError (undefined method `get' for #<ActiveModel::Errors
I'm using this gem in a Rails 5.1.2 app - and I get the error:
[00733c5a-0286-4536-b00b-fef626257e65] Completed 500 Internal Server Error in 39ms (ActiveRecord: 9.9ms)
[00733c5a-0286-4536-b00b-fef626257e65]
[00733c5a-0286-4536-b00b-fef626257e65] NoMethodError (undefined method `get' for #<ActiveModel::Errors:0x007f9f8c355e48>
Did you mean? gem):
[00733c5a-0286-4536-b00b-fef626257e65]
[00733c5a-0286-4536-b00b-fef626257e65] nested_attributes_uniqueness (0.1.1) lib/nested_attributes_uniqueness/validator.rb:80:in `block in validate_unique_attribute_in_collection'Looks like rails has deprecated the get method on ActiveModel::Errors. Please fix and release a new version asap.
Option to have custom error message
Could you please accept a message key as part of the options hash - so that we can set our own custom value? Current state is that our internal collection name is exposed to the end-user - which we would like to avoid.
Add support for Rspecs
cc @ankit1910 @udit7590.
Unescaped SQL Query for invalid user input data
It is always recommended to never interpolate user inputed string for Querying the DB directly. It may arise SQL injecting in the code.
class User < ActiveRecord::Base
has_many :posts
accepts_nested_attributes_for :posts
validates_uniqueness_in_memory :posts, :name
end
class Post < ActiveRecord::Base
belongs_to :user
end
User.create({
username: 'kuldeepaggarwal',
posts_attributes: {
'0' => {
name: "4' OR '1"
}
}
})OUTPUT:
D, [2015-10-02T00:48:04.613449 #37951] DEBUG -- : (0.1ms) BEGIN
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:48:04.615495 #37951] DEBUG -- : Post Load (0.2ms) SELECT `posts`.* FROM `posts` WHERE (name = '4' OR '1')
D, [2015-10-02T00:48:04.618642 #37951] DEBUG -- : SQL (0.2ms) INSERT INTO `users` (`username`) VALUES ('kuldeepaggarwal')
D, [2015-10-02T00:48:04.619550 #37951] DEBUG -- : SQL (0.4ms) INSERT INTO `posts` (`user_id`, `name`) VALUES (1, '4\' OR \'1')
D, [2015-10-02T00:48:04.619945 #37951] DEBUG -- : (0.2ms) COMMIT
.Please publish v1.0.1 to rubygems.org
Unexpected DB calls
unless File.exist?('Gemfile')
File.write('Gemfile', <<-GEMFILE)
source 'https://rubygems.org'
# gem 'rails', '4.2.1' # works with '4.2.0'
gem 'rails', path: '/Users/kuldeepaggarwal/projects/kd-rails'
gem 'mysql2'
GEMFILE
system 'bundle'
end
require 'bundler'
Bundler.setup(:default)
require 'active_record'
require 'minitest/autorun'
require 'logger'
require 'byebug'
require 'nested_attributes_uniqueness'
# This connection will do for database-independent bug reports.
ActiveRecord::Base.establish_connection(adapter: 'mysql2',
host: 'localhost',
username: 'rot',
password: '',
database: 'test')
ActiveRecord::Base.logger = Logger.new(STDOUT)
ActiveRecord::Schema.define do
create_table :users, force: true do |t|
t.string :username
end
create_table :posts, force: true do |t|
t.belongs_to :user
t.string :name
end
end
class User < ActiveRecord::Base
has_many :posts
accepts_nested_attributes_for :posts
validates_uniqueness_in_memory :posts, :name
end
class Post < ActiveRecord::Base
validates_uniqueness_of :name
belongs_to :user
end
class BugTest < Minitest::Test
def test_from_escaping_attributes
user = User.create({
username: 'kuldeepaggarwal',
posts_attributes: {
'0' => {
name: "4' OR '0"
},
'1' => {
name: "4' OR '0"
},
'2' => {
name: "5' OR '0"
}
}
})
end
end-- create_table(:users, {:force=>true})
D, [2015-10-02T00:38:54.074801 #37844] DEBUG -- : (1.9ms) DROP TABLE `users`
D, [2015-10-02T00:38:54.085251 #37844] DEBUG -- : (10.1ms) CREATE TABLE `users` (`id` int AUTO_INCREMENT PRIMARY KEY, `username` varchar(255)) ENGINE=InnoDB
-> 0.0326s
-- create_table(:posts, {:force=>true})
D, [2015-10-02T00:38:54.087888 #37844] DEBUG -- : (1.7ms) DROP TABLE `posts`
D, [2015-10-02T00:38:54.095489 #37844] DEBUG -- : (7.3ms) CREATE TABLE `posts` (`id` int AUTO_INCREMENT PRIMARY KEY, `user_id` int, `name` varchar(255)) ENGINE=InnoDB
-> 0.0101s
Run options: --seed 4718
# Running:
D, [2015-10-02T00:38:54.139805 #37844] DEBUG -- : (0.1ms) BEGIN
D, [2015-10-02T00:38:54.148146 #37844] DEBUG -- : Post Exists (0.3ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'a' LIMIT 1
D, [2015-10-02T00:38:54.149115 #37844] DEBUG -- : Post Exists (0.2ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'a' LIMIT 1
D, [2015-10-02T00:38:54.150205 #37844] DEBUG -- : Post Exists (0.2ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'b' LIMIT 1
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:38:54.151831 #37844] DEBUG -- : Post Load (0.2ms) SELECT `posts`.* FROM `posts` WHERE (name = 'a')
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:38:54.154987 #37844] DEBUG -- : Post Load (0.1ms) SELECT `posts`.* FROM `posts` WHERE (name = 'b')
D, [2015-10-02T00:38:54.155221 #37844] DEBUG -- : (0.1ms) ROLLBACK
.
Finished in 0.044503s, 22.4705 runs/s, 0.0000 assertions/s.
1 runs, 0 assertions, 0 failures, 0 errors, 0 skipsYou can see in the o/p that multiple queries are hitting on the DB for validating uniquness.
May be this is expected but this will be very difficult for the users to use this in their existing & Big projects.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.