Skip to content

Require explict allowlisting of attributes and associations#1400

Merged
deivid-rodriguez merged 1 commit intomainfrom
improve-defaults
Feb 6, 2023
Merged

Require explict allowlisting of attributes and associations#1400
deivid-rodriguez merged 1 commit intomainfrom
improve-defaults

Conversation

@deivid-rodriguez
Copy link
Contributor

@deivid-rodriguez deivid-rodriguez commented Feb 1, 2023

Fixes #1273.

@deivid-rodriguez deivid-rodriguez force-pushed the improve-defaults branch 5 times, most recently from 742c863 to 8674980 Compare February 2, 2023 12:59
@deivid-rodriguez deivid-rodriguez marked this pull request as ready for review February 2, 2023 14:15
@deivid-rodriguez deivid-rodriguez mentioned this pull request Feb 2, 2023
Closed
@deivid-rodriguez
Copy link
Contributor Author

deivid-rodriguez commented Feb 2, 2023

@scarroll32 Ok with releasing this as Ransack 4.0?

Narnach
Narnach reviewed Feb 3, 2023
View reviewed changes
lukas-eu
lukas-eu reviewed Feb 3, 2023
View reviewed changes
Copy link
Contributor

@lukas-eu lukas-eu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A typo and another idea for naming the list of all attributes/associations

@tagliala tagliala mentioned this pull request Feb 3, 2023
Closed
@deivid-rodriguez deivid-rodriguez merged commit 2922e33 into main Feb 6, 2023
@deivid-rodriguez deivid-rodriguez deleted the improve-defaults branch February 6, 2023 23:03
@deivid-rodriguez
Copy link
Contributor Author

deivid-rodriguez commented Feb 6, 2023

I will prepare a release tomorrow.

@deivid-rodriguez
Copy link
Contributor Author

deivid-rodriguez commented Feb 7, 2023

@scarroll32 I created a release draft. It's been a while without releases, so let me know how it looks if you have some time! Otherwise I'll just release this tommorrow™️.

@stillhart stillhart mentioned this pull request Feb 10, 2023
Open
@ykamin-booth ykamin-booth mentioned this pull request Feb 10, 2023
Closed
@boehle boehle mentioned this pull request Feb 17, 2023
Merged
@scarroll32
Copy link
Member

scarroll32 commented Feb 19, 2023

References

@ahukkanen ahukkanen mentioned this pull request Apr 20, 2023
Open
This was referenced Jun 20, 2023
Closed
Merged
@difernandez difernandez mentioned this pull request Aug 3, 2023
Merged
6 tasks
@veelenga veelenga mentioned this pull request Aug 7, 2023
Merged
4 tasks
@eliotsykes eliotsykes mentioned this pull request Aug 30, 2023
Open
@murny murny mentioned this pull request Sep 20, 2023
Merged
@AndreyCerqueiraLima
Copy link

AndreyCerqueiraLima commented Jan 21, 2025

I really understood the security idea about this change.

But when something doesn't have a door the path is "free".
When you put a door on the path and force every player to implement a key to use this door, everything is okay when this door is just for 2 people.

However, when all of the world need to use this door, you generate a big problem! Imagine, need to generate a key for everyone.

So, this behavior break so many applications that discourages people use ransack. Because the core changed and break the whole app, forced to implement this security feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@Narnach Narnach Narnach left review comments

@lukas-eu lukas-eu lukas-eu left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

About default searchable attributes and associations

5 participants

@deivid-rodriguez @scarroll32 @AndreyCerqueiraLima @Narnach @lukas-eu