diff options
| author | Jeremy Kemper <jeremy@bitsweat.net> | 2007-11-28 20:13:17 +0000 |
|---|---|---|
| committer | Jeremy Kemper <jeremy@bitsweat.net> | 2007-11-28 20:13:17 +0000 |
| commit | 3a3e7efee9443fad159dc88a670ad28f12b98438 (patch) | |
| tree | a2fb297ad82927e69debf40d60f23241e3e9c498 | |
| parent | a33007d31a539ef5365ee13455f386c4e0b658fe (diff) | |
| download | rails-3a3e7efee9443fad159dc88a670ad28f12b98438.tar.gz rails-3a3e7efee9443fad159dc88a670ad28f12b98438.tar.bz2 rails-3a3e7efee9443fad159dc88a670ad28f12b98438.zip | |
attr_protected and _accessible use sets of strings instead of arrays of symbols internally. Closes #10300.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8231 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
| -rwxr-xr-x | activerecord/lib/active_record/base.rb | 8 | ||||
| -rwxr-xr-x | activerecord/test/base_test.rb | 16 |
2 files changed, 16 insertions, 8 deletions
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb index eea83ecbbf..65dc7275df 100755 --- a/activerecord/lib/active_record/base.rb +++ b/activerecord/lib/active_record/base.rb @@ -628,7 +628,7 @@ module ActiveRecord #:nodoc: # # To start from an all-closed default and enable attributes as needed, have a look at attr_accessible. def attr_protected(*attributes) - write_inheritable_array("attr_protected", attributes - (protected_attributes || [])) + write_inheritable_attribute("attr_protected", Set.new(attributes.map(&:to_s)) + (protected_attributes || [])) end # Returns an array of all the attributes that have been protected from mass-assignment. @@ -662,7 +662,7 @@ module ActiveRecord #:nodoc: # customer.credit_rating = "Average" # customer.credit_rating # => "Average" def attr_accessible(*attributes) - write_inheritable_array("attr_accessible", attributes - (accessible_attributes || [])) + write_inheritable_attribute("attr_accessible", Set.new(attributes.map(&:to_s)) + (accessible_attributes || [])) end # Returns an array of all the attributes that have been made accessible to mass-assignment. @@ -2084,9 +2084,9 @@ module ActiveRecord #:nodoc: if self.class.accessible_attributes.nil? && self.class.protected_attributes.nil? attributes.reject { |key, value| attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } elsif self.class.protected_attributes.nil? - attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } elsif self.class.accessible_attributes.nil? - attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } + attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"")) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) } else raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both." end diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb index 6fac80b2c4..3c1cac0d49 100755 --- a/activerecord/test/base_test.rb +++ b/activerecord/test/base_test.rb @@ -40,6 +40,11 @@ class LooseDescendant < LoosePerson attr_protected :phone_number end +class LooseDescendantSecond< LoosePerson + attr_protected :phone_number + attr_protected :name +end + class TightPerson < ActiveRecord::Base self.table_name = 'people' attr_accessible :name, :address @@ -843,16 +848,19 @@ class BasicsTest < Test::Unit::TestCase def test_mass_assignment_protection_inheritance assert_nil LoosePerson.accessible_attributes - assert_equal [ :credit_rating, :administrator ], LoosePerson.protected_attributes + assert_equal Set.new([ 'credit_rating', 'administrator' ]), LoosePerson.protected_attributes assert_nil LooseDescendant.accessible_attributes - assert_equal [ :credit_rating, :administrator, :phone_number ], LooseDescendant.protected_attributes + assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number' ]), LooseDescendant.protected_attributes + + assert_nil LooseDescendantSecond.accessible_attributes + assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', 'name' ]), LooseDescendantSecond.protected_attributes, 'Running attr_protected twice in one class should merge the protections' assert_nil TightPerson.protected_attributes - assert_equal [ :name, :address ], TightPerson.accessible_attributes + assert_equal Set.new([ 'name', 'address' ]), TightPerson.accessible_attributes assert_nil TightDescendant.protected_attributes - assert_equal [ :name, :address, :phone_number ], TightDescendant.accessible_attributes + assert_equal Set.new([ 'name', 'address', 'phone_number' ]), TightDescendant.accessible_attributes end def test_readonly_attributes |