aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases
diff options
context:
space:
mode:
authorFabio Yamate <fabioyamate@gmail.com>2012-02-14 16:27:19 -0200
committerFabio Yamate <fabioyamate@gmail.com>2012-02-15 11:13:54 -0200
commitd204918f9190afcf5f3f53adb957ca15aa644704 (patch)
treec19d64490782c36770979f59129baaf19ff08447 /activemodel/test/cases
parent2f9e47713051e211a1866bb8e7af3151e70a9ba0 (diff)
downloadrails-d204918f9190afcf5f3f53adb957ca15aa644704.tar.gz
rails-d204918f9190afcf5f3f53adb957ca15aa644704.tar.bz2
rails-d204918f9190afcf5f3f53adb957ca15aa644704.zip
Fix sanitize_for_mass_assigment when role is nil
There is an example in Rails documentation that suggests implementing assign_attributes method for ActiveModel interface, that by default sends option role with nil. Since mass_assignment_authorizer never is called without args, we can move the default value internally.
Diffstat (limited to 'activemodel/test/cases')
-rw-r--r--activemodel/test/cases/mass_assignment_security_test.rb7
1 files changed, 7 insertions, 0 deletions
diff --git a/activemodel/test/cases/mass_assignment_security_test.rb b/activemodel/test/cases/mass_assignment_security_test.rb
index be07e59a2f..a197dbe748 100644
--- a/activemodel/test/cases/mass_assignment_security_test.rb
+++ b/activemodel/test/cases/mass_assignment_security_test.rb
@@ -19,6 +19,13 @@ class MassAssignmentSecurityTest < ActiveModel::TestCase
assert_equal expected, sanitized
end
+ def test_attribute_protection_when_role_is_nil
+ user = User.new
+ expected = { "name" => "John Smith", "email" => "john@smith.com" }
+ sanitized = user.sanitize_for_mass_assignment(expected.merge("admin" => true), nil)
+ assert_equal expected, sanitized
+ end
+
def test_only_moderator_role_attribute_accessible
user = SpecialUser.new
expected = { "name" => "John Smith", "email" => "john@smith.com" }
generated by cgit v1.2.3 (git 2.25.1) at 2025-03-29 04:48:00 +0000