Merge pull request #1403 from bogdan/config

ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer method
author: José Valim <jose.valim@gmail.com> 2011-05-31 03:09:23 -0700
committer: José Valim <jose.valim@gmail.com> 2011-05-31 03:09:23 -0700
commit: 16384351526bc5c4d064d6f4c720b8641acf125c (patch)
tree: 8bcaceb86f1db83b1ba9057fff426b8b6cf27a17 /activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
parent: 752dec941e3dbceb8c7298adba10c2c776752a64 (diff)
parent: aa2639e746d8af5d7673bbbbbccbe868edeb0161 (diff)
download: rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.gz
rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.bz2
rails-16384351526bc5c4d064d6f4c720b8641acf125c.zip
1 files changed, 13 insertions, 5 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 8547694c24..e9e7eee0bd 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -12,24 +12,32 @@ class SanitizerTest < ActiveModel::TestCase
   end
 
   def setup
-    @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new
+    @logger_sanitizer = ActiveModel::MassAssignmentSecurity::LoggerSanitizer.new
+    @strict_sanitizer = ActiveModel::MassAssignmentSecurity::StrictSanitizer.new
     @authorizer = Authorizer.new
   end
 
   test "sanitize attributes" do
     original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
-    attributes = @sanitizer.sanitize(original_attributes, @authorizer)
+    attributes = @logger_sanitizer.sanitize(original_attributes, @authorizer)
 
     assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
     assert !attributes.key?('admin'),     "Denied key should be rejected"
   end
 
-  test "debug mass assignment removal" do
+  test "debug mass assignment removal with LoggerSanitizer" do
     original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
     log = StringIO.new
-    @sanitizer.logger = Logger.new(log)
-    @sanitizer.sanitize(original_attributes, @authorizer)
+    @logger_sanitizer.logger = Logger.new(log)
+    @logger_sanitizer.sanitize(original_attributes, @authorizer)
     assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}")
   end
 
+  test "debug mass assignment removal with StrictSanitizer" do
+    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
+    assert_raise ActiveModel::MassAssignmentSecurity::Error do
+      @strict_sanitizer.sanitize(original_attributes, @authorizer)
+    end
+  end
+
 end
author	José Valim <jose.valim@gmail.com>	2011-05-31 03:09:23 -0700
committer	José Valim <jose.valim@gmail.com>	2011-05-31 03:09:23 -0700
commit	16384351526bc5c4d064d6f4c720b8641acf125c (patch)
tree	8bcaceb86f1db83b1ba9057fff426b8b6cf27a17 /activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
parent	752dec941e3dbceb8c7298adba10c2c776752a64 (diff)
parent	aa2639e746d8af5d7673bbbbbccbe868edeb0161 (diff)
download	rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.gz rails-16384351526bc5c4d064d6f4c720b8641acf125c.tar.bz2 rails-16384351526bc5c4d064d6f4c720b8641acf125c.zip