diff options
| author | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2019-01-07 14:05:50 -0500 |
|---|---|---|
| committer | Gannon McGibbon <gannon.mcgibbon@gmail.com> | 2019-01-07 14:59:02 -0500 |
| commit | 1e923b498492424ae627d7a2c61339148f887503 (patch) | |
| tree | fbf12561c3ed87e714d5dd4b217c5d5ffd55eea6 | |
| parent | 9cfcc067e626f0f1e220cc00a9f96622a936350d (diff) | |
| download | rails-1e923b498492424ae627d7a2c61339148f887503.tar.gz rails-1e923b498492424ae627d7a2c61339148f887503.tar.bz2 rails-1e923b498492424ae627d7a2c61339148f887503.zip | |
Allow strong params in ActiveRecord::Base#exists?
Allow `ActionController::Params` as argument of
`ActiveRecord::Base#exists?`
| -rw-r--r-- | activerecord/CHANGELOG.md | 4 | ||||
| -rw-r--r-- | activerecord/lib/active_record/relation/finder_methods.rb | 2 | ||||
| -rw-r--r-- | activerecord/test/cases/finder_test.rb | 9 | ||||
| -rw-r--r-- | activerecord/test/support/stubs/strong_parameters.rb | 15 |
4 files changed, 30 insertions, 0 deletions
diff --git a/activerecord/CHANGELOG.md b/activerecord/CHANGELOG.md index ca072be5e1..77f3fca880 100644 --- a/activerecord/CHANGELOG.md +++ b/activerecord/CHANGELOG.md @@ -1,3 +1,7 @@ +* Allow `ActionController::Params` as argument of `ActiveRecord::Base#exists?`. + + *Gannon McGibbon* + * Deprecate passing `migrations_paths` to `connection.assume_migrated_upto_version`. *Ryuta Kamizono* diff --git a/activerecord/lib/active_record/relation/finder_methods.rb b/activerecord/lib/active_record/relation/finder_methods.rb index dc03b196f4..fd84f9c46b 100644 --- a/activerecord/lib/active_record/relation/finder_methods.rb +++ b/activerecord/lib/active_record/relation/finder_methods.rb @@ -312,6 +312,8 @@ module ActiveRecord return false if !conditions || limit_value == 0 + conditions = sanitize_forbidden_attributes(conditions) + if eager_loading? relation = apply_join_dependency(eager_loading: false) return relation.exists?(conditions) diff --git a/activerecord/test/cases/finder_test.rb b/activerecord/test/cases/finder_test.rb index 961ae03a4c..1c53362bac 100644 --- a/activerecord/test/cases/finder_test.rb +++ b/activerecord/test/cases/finder_test.rb @@ -21,6 +21,7 @@ require "models/dog" require "models/car" require "models/tyre" require "models/subscriber" +require "support/stubs/strong_parameters" class FinderTest < ActiveRecord::TestCase fixtures :companies, :topics, :entrants, :developers, :developers_projects, :posts, :comments, :accounts, :authors, :author_addresses, :customers, :categories, :categorizations, :cars @@ -224,6 +225,14 @@ class FinderTest < ActiveRecord::TestCase assert_equal true, Subscriber.exists?(" ") end + def test_exists_with_strong_parameters + assert_equal false, Subscriber.exists?(Parameters.new(nick: "foo")) + + Subscriber.create!(nick: "foo") + + assert_equal true, Subscriber.exists?(Parameters.new(nick: "foo")) + end + def test_exists_passing_active_record_object_is_not_permitted assert_raises(ArgumentError) do Topic.exists?(Topic.new) diff --git a/activerecord/test/support/stubs/strong_parameters.rb b/activerecord/test/support/stubs/strong_parameters.rb new file mode 100644 index 0000000000..acba3a4504 --- /dev/null +++ b/activerecord/test/support/stubs/strong_parameters.rb @@ -0,0 +1,15 @@ +# frozen_string_literal: true + +class Parameters + def initialize(parameters = {}) + @parameters = parameters.with_indifferent_access + end + + def permitted? + true + end + + def to_h + @parameters.to_h + end +end |