I'd like to get params from a request, namely: model
and scope
Then, I'd like to fetch:
eval("#{params[:model]}.#{params[:scope]}")
But... if a delete_all
is pa开发者_如何学Cssed in scope, I'd be endangered... So I'd like to test whether or not the scope
is really a scope.
Any method to perform that? (I'm using Rails3)
This does not really answers your question, but may still be useful if there is no way to determine if a method is a scope or not:
You can check the resulting SQL
eval("#{params[:model]}.#{params[:scope]}.to_sql")
and check for dangerous SQL calls (DELETE, TRUNCATE, UPDATE, INSERT).
EDIT :
You can also check that the scope you're calling on your model is defined in this model, and not in a parent class like ActiveRecord::Base.
model.method(scope.to_sym).owner == model
EDIT 2 :
You can also call the scope on an empty set of records, and check the class of the result. For a scope it's going to be ActiveRecord::Relation, but for a delete_all it's going to be Fixnum :
model.where('0').scope.class == ActiveRecord::Relation
精彩评论