aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security
diff options
context:
space:
mode:
authorBogdan Gusiev <agresso@gmail.com>2011-07-28 11:56:08 +0300
committerBogdan Gusiev <agresso@gmail.com>2011-07-28 11:56:08 +0300
commitb93a918337e99c3fe3ad059f093b1ee56b9e6a7d (patch)
tree9984f7c01953780f3e506bf1008665b3028ca00f /activemodel/test/cases/mass_assignment_security
parent451f63b42e411a57796baccca7d27b5746bff49b (diff)
downloadrails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.gz
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.tar.bz2
rails-b93a918337e99c3fe3ad059f093b1ee56b9e6a7d.zip
MassAssignmentProtection: consider 'id' insensetive in StrictSanitizer
In order to use StrictSanitizer in test mode Consider :id as not sensetive attribute that can be filtered from mass assignement without exception.
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security')
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb10
1 files changed, 9 insertions, 1 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
index 62a6ec9c9b..676937b5e1 100644
--- a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -7,7 +7,7 @@ class SanitizerTest < ActiveModel::TestCase
class Authorizer < ActiveModel::MassAssignmentSecurity::PermissionSet
def deny?(key)
- key.in?(['admin'])
+ ['admin', 'id'].include?(key)
end
end
@@ -40,4 +40,12 @@ class SanitizerTest < ActiveModel::TestCase
end
end
+ test "mass assignment insensitive attributes" do
+ original_attributes = {'id' => 1, 'first_name' => 'allowed'}
+
+ assert_nothing_raised do
+ @strict_sanitizer.sanitize(original_attributes, @authorizer)
+ end
+ end
+
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 20:01:11 +0000