diff options
author | Bogdan Gusiev <agresso@gmail.com> | 2011-05-26 15:58:43 +0300 |
---|---|---|
committer | Bogdan Gusiev <agresso@gmail.com> | 2011-05-26 15:58:43 +0300 |
commit | c7567c9a6dee1380432beaf88c1854a4ed6bb15b (patch) | |
tree | 5377527d012f7d5dfa25c1b393c65c14213e9982 /activemodel/test/cases/mass_assignment_security/sanitizer_test.rb | |
parent | 9562c0f8998e04833737591378841b45bbf24bef (diff) | |
download | rails-c7567c9a6dee1380432beaf88c1854a4ed6bb15b.tar.gz rails-c7567c9a6dee1380432beaf88c1854a4ed6bb15b.tar.bz2 rails-c7567c9a6dee1380432beaf88c1854a4ed6bb15b.zip |
MassAssignmentSecurity: add ability to specify your own sanitizer
Added an ability to specify your own behavior on mass assingment
protection, controlled by option:
ActiveModel::MassAssignmentSecurity.mass_assignment_sanitizer
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security/sanitizer_test.rb')
-rw-r--r-- | activemodel/test/cases/mass_assignment_security/sanitizer_test.rb | 13 |
1 files changed, 5 insertions, 8 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb index 9a73a5ad91..8547694c24 100644 --- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb +++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb @@ -4,24 +4,21 @@ require 'active_support/core_ext/object/inclusion' class SanitizerTest < ActiveModel::TestCase - class SanitizingAuthorizer - include ActiveModel::MassAssignmentSecurity::Sanitizer - - attr_accessor :logger + class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet def deny?(key) key.in?(['admin']) end - end def setup - @sanitizer = SanitizingAuthorizer.new + @sanitizer = ActiveModel::MassAssignmentSecurity::DefaultSanitizer.new + @authorizer = Authorizer.new end test "sanitize attributes" do original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' } - attributes = @sanitizer.sanitize(original_attributes) + attributes = @sanitizer.sanitize(original_attributes, @authorizer) assert attributes.key?('first_name'), "Allowed key shouldn't be rejected" assert !attributes.key?('admin'), "Denied key should be rejected" @@ -31,7 +28,7 @@ class SanitizerTest < ActiveModel::TestCase original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' } log = StringIO.new @sanitizer.logger = Logger.new(log) - @sanitizer.sanitize(original_attributes) + @sanitizer.sanitize(original_attributes, @authorizer) assert_match(/admin/, log.string, "Should log removed attributes: #{log.string}") end |