restrict search filters to description, species

This commit is contained in:
Emi Matchu 2010-05-15 15:00:53 -04:00
parent 80b1bf7c61
commit 1de7df3c4a
2 changed files with 8 additions and 2 deletions

View file

@ -66,9 +66,11 @@ class Item < ActiveRecord::Base
"%,#{species.id},%", "%,#{species.id},%",
"%,#{species.id}" "%,#{species.id}"
)) ))
else elsif @property == 'description' || @property.blank?
column = @property ? @property : :name column = @property == 'description' ? :description : :name
condition = items[column].matches("%#{self}%") condition = items[column].matches("%#{self}%")
else
raise ArgumentError, "Unknown search filter \"#{@property}\""
end end
condition = condition.not if @negative condition = condition.not if @negative
scope.where(condition) scope.where(condition)

View file

@ -164,5 +164,9 @@ describe Item do
specify "should raise exception for a query that's too short" do specify "should raise exception for a query that's too short" do
lambda { Item.search('e').all }.should raise_error(ArgumentError) lambda { Item.search('e').all }.should raise_error(ArgumentError)
end end
specify "should not be able to search other attributes thru filters" do
lambda { Item.search('id:1').all }.should raise_error(ArgumentError)
end
end end
end end