I'm not sure if this is something supported directly by Active Record or something that is added by the Composite Primary Keys gem that we use but it is possible to get multiple fields out of an active record at one time using the [] operator. Composite Primary Keys (CPK) uses this to get multi-field keys for associations.
For example, CPK grabs multiple fields from my user object like this:
user[[:client_id, :source_id]]
Even though both of those fields were allowed in Protector, the read was returning null because it was looking for the array as a single field.
This patch allows array based read permission checks and only allows them if all of the fields are authorized.
I'm not sure if this is something supported directly by Active Record or something that is added by the Composite Primary Keys gem that we use but it is possible to get multiple fields out of an active record at one time using the
[]
operator. Composite Primary Keys (CPK) uses this to get multi-field keys for associations.For example, CPK grabs multiple fields from my user object like this:
Even though both of those fields were allowed in Protector, the read was returning
null
because it was looking for the array as a single field.This patch allows array based read permission checks and only allows them if all of the fields are authorized.