restrict search filters to description, species

2010-05-15 15:00:53 -04:00 · 2010-05-15 15:00:53 -04:00 · 1de7df3c4a
commit 1de7df3c4a
parent 80b1bf7c61
2 changed files with 8 additions and 2 deletions
--- a/app/models/item.rb
+++ b/app/models/item.rb
@ -66,9 +66,11 @@ class Item < ActiveRecord::Base
          "%,#{species.id},%",
          "%,#{species.id}"
        ))
-      else
-        column = @property ? @property : :name
+      elsif @property == 'description' || @property.blank?
+        column = @property == 'description' ? :description : :name
        condition = items[column].matches("%#{self}%")
+      else
+        raise ArgumentError, "Unknown search filter \"#{@property}\""
      end
      condition = condition.not if @negative
      scope.where(condition)
--- a/spec/models/item_spec.rb
+++ b/spec/models/item_spec.rb
@ -164,5 +164,9 @@ describe Item do
    specify "should raise exception for a query that's too short" do
      lambda { Item.search('e').all }.should raise_error(ArgumentError)
    end
+    
+    specify "should not be able to search other attributes thru filters" do
+      lambda { Item.search('id:1').all }.should raise_error(ArgumentError)
+    end
  end
 end