开发者

Rails is_a?(Scope)

开发者 https://www.devze.com 2023-02-10 01:01 出处:网络
I\'d like to get params from a request, namely: model and scope Then, I\'d like to fetch: eval(\"#{params[:model]}.#{params[:scope]}\")

I'd like to get params from a request, namely: model and scope

Then, I'd like to fetch:

 eval("#{params[:model]}.#{params[:scope]}")

But... if a delete_all is pa开发者_如何学Cssed in scope, I'd be endangered... So I'd like to test whether or not the scope is really a scope.

Any method to perform that? (I'm using Rails3)


This does not really answers your question, but may still be useful if there is no way to determine if a method is a scope or not:

You can check the resulting SQL

eval("#{params[:model]}.#{params[:scope]}.to_sql")

and check for dangerous SQL calls (DELETE, TRUNCATE, UPDATE, INSERT).

EDIT :

You can also check that the scope you're calling on your model is defined in this model, and not in a parent class like ActiveRecord::Base.

model.method(scope.to_sym).owner == model

EDIT 2 :

You can also call the scope on an empty set of records, and check the class of the result. For a scope it's going to be ActiveRecord::Relation, but for a delete_all it's going to be Fixnum :

model.where('0').scope.class == ActiveRecord::Relation
0

精彩评论

暂无评论...
验证码 换一张
取 消