Method: StandardAPI::Includes.sanitize
- Defined in:
- lib/standard_api/includes.rb
.sanitize(includes, permit, normalized = false) ⇒ Object
sanitize(=> {}, [:key]) # => => {} sanitize(=> {}, => true) # => => {} sanitize(=> {}, :value => {}}, [:key]) => # Raises ParseError sanitize(=> {}, :value => {}}, => true) => # Raises ParseError sanitize(=> {:value => {}}, => [:value]) # => => {:value => {}} sanitize(=> {:value => {}}, => {:value => true}) # => => {:value => {}} sanitize(=> {:value => {}}, [:key]) => # Raises ParseError
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/standard_api/includes.rb', line 44 def self.sanitize(includes, permit, normalized=false) includes = normalize(includes) if !normalized permitted = ActiveSupport::HashWithIndifferentAccess.new if permit.is_a?(Array) permit = permit.inject({}) { |acc, v| acc[v] = true; acc } end permit = normalize(permit.with_indifferent_access) includes.each do |k, v| if permit.has_key?(k) || ['where', 'order'].include?(k.to_s) permitted[k] = sanitize(v, permit[k] || {}, true) else if [:raise, nil].include?(Rails.configuration.try(:action_on_unpermitted_includes)) raise(ActionDispatch::ParamsParser::ParseError.new(<<-ERR.squish, nil)) Invalid Include: #{k}" Set config.action_on_unpermitted_includes = :warm to log instead of raise ERR else Rails.logger.try(:warn, "Invalid Include: #{k}") end end end permitted end |