diff options
author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2010-07-08 18:16:36 +0200 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2010-07-08 18:28:45 +0200 |
commit | 4b66aab00fa0ea6bcc6ec81df19e44de34fd7864 (patch) | |
tree | ff870b932c26869d6a27a6a058d37baa6c289e0a /activemodel/test/cases/mass_assignment_security/white_list_test.rb | |
parent | 7c86e8e21ba6a1f88226ddd0cf012a563f234d06 (diff) | |
download | rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.tar.gz rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.tar.bz2 rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.zip |
mass_assignment_security moved from AR to AMo, and minor test cleanup
Signed-off-by: José Valim <jose.valim@gmail.com>
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security/white_list_test.rb')
-rw-r--r-- | activemodel/test/cases/mass_assignment_security/white_list_test.rb | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/white_list_test.rb b/activemodel/test/cases/mass_assignment_security/white_list_test.rb new file mode 100644 index 0000000000..aa3596ad2a --- /dev/null +++ b/activemodel/test/cases/mass_assignment_security/white_list_test.rb @@ -0,0 +1,28 @@ +require "cases/helper" + +class WhiteListTest < ActiveModel::TestCase + + def setup + @white_list = ActiveModel::MassAssignmentSecurity::WhiteList.new + @included_key = 'first_name' + @white_list += [ @included_key ] + end + + test "deny? is false for included items" do + assert_equal false, @white_list.deny?(@included_key) + end + + test "deny? is true for non-included items" do + assert_equal true, @white_list.deny?('admin') + end + + test "sanitize attributes" do + original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' } + attributes = @white_list.sanitize(original_attributes) + + assert attributes.key?('first_name'), "Allowed key shouldn't be rejected" + assert !attributes.key?('admin'), "Denied key should be rejected" + assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected" + end + +end |