vinsol / nested_attributes_uniqueness Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
License: MIT License
cc @ankit1910 @udit7590.
I'm using this gem in a Rails 5.1.2 app - and I get the error:
[00733c5a-0286-4536-b00b-fef626257e65] Completed 500 Internal Server Error in 39ms (ActiveRecord: 9.9ms)
[00733c5a-0286-4536-b00b-fef626257e65]
[00733c5a-0286-4536-b00b-fef626257e65] NoMethodError (undefined method `get' for #<ActiveModel::Errors:0x007f9f8c355e48>
Did you mean? gem):
[00733c5a-0286-4536-b00b-fef626257e65]
[00733c5a-0286-4536-b00b-fef626257e65] nested_attributes_uniqueness (0.1.1) lib/nested_attributes_uniqueness/validator.rb:80:in `block in validate_unique_attribute_in_collection'
Looks like rails has deprecated the get
method on ActiveModel::Errors. Please fix and release a new version asap.
It is always recommended to never interpolate user inputed string for Querying the DB directly. It may arise SQL injecting in the code.
class User < ActiveRecord::Base
has_many :posts
accepts_nested_attributes_for :posts
validates_uniqueness_in_memory :posts, :name
end
class Post < ActiveRecord::Base
belongs_to :user
end
User.create({
username: 'kuldeepaggarwal',
posts_attributes: {
'0' => {
name: "4' OR '1"
}
}
})
OUTPUT:
D, [2015-10-02T00:48:04.613449 #37951] DEBUG -- : (0.1ms) BEGIN
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:48:04.615495 #37951] DEBUG -- : Post Load (0.2ms) SELECT `posts`.* FROM `posts` WHERE (name = '4' OR '1')
D, [2015-10-02T00:48:04.618642 #37951] DEBUG -- : SQL (0.2ms) INSERT INTO `users` (`username`) VALUES ('kuldeepaggarwal')
D, [2015-10-02T00:48:04.619550 #37951] DEBUG -- : SQL (0.4ms) INSERT INTO `posts` (`user_id`, `name`) VALUES (1, '4\' OR \'1')
D, [2015-10-02T00:48:04.619945 #37951] DEBUG -- : (0.2ms) COMMIT
.
Could you please accept a message
key as part of the options hash - so that we can set our own custom value? Current state is that our internal collection name is exposed to the end-user - which we would like to avoid.
unless File.exist?('Gemfile')
File.write('Gemfile', <<-GEMFILE)
source 'https://rubygems.org'
# gem 'rails', '4.2.1' # works with '4.2.0'
gem 'rails', path: '/Users/kuldeepaggarwal/projects/kd-rails'
gem 'mysql2'
GEMFILE
system 'bundle'
end
require 'bundler'
Bundler.setup(:default)
require 'active_record'
require 'minitest/autorun'
require 'logger'
require 'byebug'
require 'nested_attributes_uniqueness'
# This connection will do for database-independent bug reports.
ActiveRecord::Base.establish_connection(adapter: 'mysql2',
host: 'localhost',
username: 'rot',
password: '',
database: 'test')
ActiveRecord::Base.logger = Logger.new(STDOUT)
ActiveRecord::Schema.define do
create_table :users, force: true do |t|
t.string :username
end
create_table :posts, force: true do |t|
t.belongs_to :user
t.string :name
end
end
class User < ActiveRecord::Base
has_many :posts
accepts_nested_attributes_for :posts
validates_uniqueness_in_memory :posts, :name
end
class Post < ActiveRecord::Base
validates_uniqueness_of :name
belongs_to :user
end
class BugTest < Minitest::Test
def test_from_escaping_attributes
user = User.create({
username: 'kuldeepaggarwal',
posts_attributes: {
'0' => {
name: "4' OR '0"
},
'1' => {
name: "4' OR '0"
},
'2' => {
name: "5' OR '0"
}
}
})
end
end
-- create_table(:users, {:force=>true})
D, [2015-10-02T00:38:54.074801 #37844] DEBUG -- : (1.9ms) DROP TABLE `users`
D, [2015-10-02T00:38:54.085251 #37844] DEBUG -- : (10.1ms) CREATE TABLE `users` (`id` int AUTO_INCREMENT PRIMARY KEY, `username` varchar(255)) ENGINE=InnoDB
-> 0.0326s
-- create_table(:posts, {:force=>true})
D, [2015-10-02T00:38:54.087888 #37844] DEBUG -- : (1.7ms) DROP TABLE `posts`
D, [2015-10-02T00:38:54.095489 #37844] DEBUG -- : (7.3ms) CREATE TABLE `posts` (`id` int AUTO_INCREMENT PRIMARY KEY, `user_id` int, `name` varchar(255)) ENGINE=InnoDB
-> 0.0101s
Run options: --seed 4718
# Running:
D, [2015-10-02T00:38:54.139805 #37844] DEBUG -- : (0.1ms) BEGIN
D, [2015-10-02T00:38:54.148146 #37844] DEBUG -- : Post Exists (0.3ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'a' LIMIT 1
D, [2015-10-02T00:38:54.149115 #37844] DEBUG -- : Post Exists (0.2ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'a' LIMIT 1
D, [2015-10-02T00:38:54.150205 #37844] DEBUG -- : Post Exists (0.2ms) SELECT 1 AS one FROM `posts` WHERE `posts`.`name` = BINARY 'b' LIMIT 1
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:38:54.151831 #37844] DEBUG -- : Post Load (0.2ms) SELECT `posts`.* FROM `posts` WHERE (name = 'a')
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
DEPRECATION WARNING: ActiveModel::Errors#get is deprecated and will be removed in Rails 5.1. To achieve the same use model.errors[:name]. (called from block in validate_unique_attribute_in_collection at /Users/kuldeepaggarwal/projects/nested_attributes_uniqueness/lib/nested_attributes_uniqueness/validator.rb:80)
D, [2015-10-02T00:38:54.154987 #37844] DEBUG -- : Post Load (0.1ms) SELECT `posts`.* FROM `posts` WHERE (name = 'b')
D, [2015-10-02T00:38:54.155221 #37844] DEBUG -- : (0.1ms) ROLLBACK
.
Finished in 0.044503s, 22.4705 runs/s, 0.0000 assertions/s.
1 runs, 0 assertions, 0 failures, 0 errors, 0 skips
You can see in the o/p that multiple queries are hitting on the DB for validating uniquness.
May be this is expected but this will be very difficult for the users to use this in their existing & Big projects.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.