MassAssignmentProtection: consider 'id' insensetive in StrictSanitizer

In order to use StrictSanitizer in test mode Consider :id as not sensetive attribute that can be filtered from mass assignement without exception.
author: Bogdan Gusiev <agresso@gmail.com> 2011-07-28 11:56:08 +0300
committer: Bogdan Gusiev <agresso@gmail.com> 2011-07-28 11:56:08 +0300
commit: b93a918337e99c3fe3ad059f093b1ee56b9e6a7d (patch)
tree: 9984f7c01953780f3e506bf1008665b3028ca00f /activemodel/lib/active_model
parent: 451f63b42e411a57796baccca7d27b5746bff49b (diff)
download: rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.gz
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.bz2
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
index bb0526adc3..bbdddfb50d 100644
--- a/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
+++ b/activemodel/lib/active_model/mass_assignment_security/sanitizer.rb
@@ -44,8 +44,13 @@ module ActiveModel
 
     class StrictSanitizer < Sanitizer
       def process_removed_attributes(attrs)
+        return if (attrs - insensitive_attributes).empty?
         raise ActiveModel::MassAssignmentSecurity::Error, "Can't mass-assign protected attributes: #{attrs.join(', ')}"
       end
+
+      def insensitive_attributes
+        ['id']
+      end
     end
 
     class Error < StandardError
author	Bogdan Gusiev <agresso@gmail.com>	2011-07-28 11:56:08 +0300
committer	Bogdan Gusiev <agresso@gmail.com>	2011-07-28 11:56:08 +0300
commit	b93a918337e99c3fe3ad059f093b1ee56b9e6a7d (patch)
tree	9984f7c01953780f3e506bf1008665b3028ca00f /activemodel/lib/active_model
parent	451f63b42e411a57796baccca7d27b5746bff49b (diff)
download	rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.gz rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.bz2 rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.zip