diff options
author | Josh Kalderimis <josh.kalderimis@gmail.com> | 2010-07-08 18:16:36 +0200 |
---|---|---|
committer | José Valim <jose.valim@gmail.com> | 2010-07-08 18:28:45 +0200 |
commit | 4b66aab00fa0ea6bcc6ec81df19e44de34fd7864 (patch) | |
tree | ff870b932c26869d6a27a6a058d37baa6c289e0a /activemodel/test/cases/mass_assignment_security_test.rb | |
parent | 7c86e8e21ba6a1f88226ddd0cf012a563f234d06 (diff) | |
download | rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.tar.gz rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.tar.bz2 rails-4b66aab00fa0ea6bcc6ec81df19e44de34fd7864.zip |
mass_assignment_security moved from AR to AMo, and minor test cleanup
Signed-off-by: José Valim <jose.valim@gmail.com>
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security_test.rb')
-rw-r--r-- | activemodel/test/cases/mass_assignment_security_test.rb | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/activemodel/test/cases/mass_assignment_security_test.rb b/activemodel/test/cases/mass_assignment_security_test.rb new file mode 100644 index 0000000000..0f7a38b0bc --- /dev/null +++ b/activemodel/test/cases/mass_assignment_security_test.rb @@ -0,0 +1,52 @@ +require "cases/helper" +require 'models/mass_assignment_specific' + +class MassAssignmentSecurityTest < ActiveModel::TestCase + + def test_attribute_protection + user = User.new + expected = { "name" => "John Smith", "email" => "john@smith.com" } + sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true)) + assert_equal expected, sanitized + end + + def test_attributes_accessible + user = Person.new + expected = { "name" => "John Smith", "email" => "john@smith.com" } + sanitized = user.sanitize_for_mass_assignment(expected.merge("super_powers" => true)) + assert_equal expected, sanitized + end + + def test_attributes_protected_by_default + firm = Firm.new + expected = { } + sanitized = firm.sanitize_for_mass_assignment({ "type" => "Client" }) + assert_equal expected, sanitized + end + + def test_mass_assignment_protection_inheritance + assert LoosePerson.accessible_attributes.blank? + assert_equal Set.new([ 'credit_rating', 'administrator']), LoosePerson.protected_attributes + + assert LooseDescendant.accessible_attributes.blank? + assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number']), LooseDescendant.protected_attributes + + assert LooseDescendantSecond.accessible_attributes.blank? + assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', 'name']), LooseDescendantSecond.protected_attributes, + 'Running attr_protected twice in one class should merge the protections' + + assert (TightPerson.protected_attributes - TightPerson.attributes_protected_by_default).blank? + assert_equal Set.new([ 'name', 'address' ]), TightPerson.accessible_attributes + + assert (TightDescendant.protected_attributes - TightDescendant.attributes_protected_by_default).blank? + assert_equal Set.new([ 'name', 'address', 'phone_number' ]), TightDescendant.accessible_attributes + end + + def test_mass_assignment_multiparameter_protector + task = Task.new + attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" } + sanitized = task.sanitize_for_mass_assignment(attributes) + assert_equal sanitized, { } + end + +end
\ No newline at end of file |