From 7c4e28b6d77542bb8593c091d283a8a85e4387ae Mon Sep 17 00:00:00 2001
From: Ábner Silva de Oliveira <abner.oliveira@serpro.gov.br>
Date: Mon, 27 Jul 2015 17:22:10 -0300
Subject: [PATCH] fixed tasks_controller_test

---
 app/models/task.rb | 56 ++++++++++++++++++++++++++++++--------------------------
 1 file changed, 30 insertions(+), 26 deletions(-)

diff --git a/app/models/task.rb b/app/models/task.rb
index 7bf4fed..36cdb5f 100644
--- a/app/models/task.rb
+++ b/app/models/task.rb
@@ -317,32 +317,36 @@ class Task < ActiveRecord::Base
   scope :closed, :conditions => { :status =>  [Task::Status::CANCELLED, Task::Status::FINISHED] }
   scope :opened, :conditions => { :status =>  [Task::Status::ACTIVE, Task::Status::HIDDEN] }
 
-  # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
-  def self.of type
-    if type
-      where  "type LIKE ?", type
-    else
-      all
-    end
-  end
-
-  # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
-  def self.order_by attribute_name, sort_order
-    if Task.column_names.include? attribute_name
-      # TODO  future versions of rails accepts a hash as param to order method
-      # which helps to prevent sql injection in an shorter way
-      sort_order_filtered = ("ASC".eql? "#{sort_order}".upcase) ? 'asc' : 'desc'
-      sort_expression = Task.column_names.collect {|column_name| "#{column_name} #{sort_order_filtered}" if column_name.eql? attribute_name}
-      order(sort_expression.join) unless sort_expression.join.empty?
-    end
-  end
-
-  # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
-  def self.like field, value
-    if value and Tasks.column_names.include? field
-      where("LOWER(?) LIKE ?", "#{field}", "%#{value.downcase}%")
-    end
-  end
+  # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
+  # def self.of type
+  #   if type
+  #     where  "type LIKE ?", type
+  #   else
+  #     all
+  #   end
+  # end
+  #
+  # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
+  # def self.order_by attribute_name, sort_order
+  #   if Task.column_names.include? attribute_name
+  #     # TODO  future versions of rails accepts a hash as param to order method
+  #     # which helps to prevent sql injection in an shorter way
+  #     sort_order_filtered = ("ASC".eql? "#{sort_order}".upcase) ? 'asc' : 'desc'
+  #     sort_expression = Task.column_names.collect {|column_name| "#{column_name} #{sort_order_filtered}" if column_name.eql? attribute_name}
+  #     order(sort_expression.join) unless sort_expression.join.empty?
+  #   end
+  # end
+  #
+  # # updated scope method to avoid sql injection vunerabillity (http://brakemanscanner.org/docs/warning_types/sql_injection/)
+  # def self.like field, value
+  #   if value and Tasks.column_names.include? field
+  #     where("LOWER(?) LIKE ?", "#{field}", "%#{value.downcase}%")
+  #   end
+  # end
+
+  scope :of, lambda { |type| conditions = type ? "tasks.type LIKE '#{type}'" : "1=1"; {:conditions =>  [conditions]} }
+  scope :order_by, lambda { |attribute, ord| {:order => "#{attribute} #{ord}"} }
+  scope :like, lambda { |field, value| where("LOWER(#{field}) LIKE ?", "%#{value.downcase}%") if value}
 
   scope :pending_all, lambda { |profile, filter_type, filter_text|
     self.to(profile).without_spam.pending.of(filter_type).like('data', filter_text)
--
libgit2 0.21.2