diff options
| author | Thomas Walpole <twalpole@gmail.com> | 2015-07-23 06:49:03 -0700 |
|---|---|---|
| committer | Thomas Walpole <twalpole@gmail.com> | 2015-11-03 11:34:07 -0800 |
| commit | 85f7d955f31209605cccd4cca64be93eec9782f1 (patch) | |
| tree | aff4442837d7f5622accfaee0d07d7d6a2a08c1d /activerecord/lib/active_record/relation | |
| parent | e670611e6002039231a24d547f9a6e053940fb16 (diff) | |
| download | rails-85f7d955f31209605cccd4cca64be93eec9782f1.tar.gz rails-85f7d955f31209605cccd4cca64be93eec9782f1.tar.bz2 rails-85f7d955f31209605cccd4cca64be93eec9782f1.zip | |
Update and fix forbidden attributes tests
Add AC::Parameters tests for WhereChain#not
Diffstat (limited to 'activerecord/lib/active_record/relation')
| -rw-r--r-- | activerecord/lib/active_record/relation/query_methods.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb index 2dc52982c9..7a4bf5338d 100644 --- a/activerecord/lib/active_record/relation/query_methods.rb +++ b/activerecord/lib/active_record/relation/query_methods.rb @@ -13,6 +13,8 @@ module ActiveRecord # WhereChain objects act as placeholder for queries in which #where does not have any parameter. # In this case, #where must be chained with #not to return a new relation. class WhereChain + include ActiveModel::ForbiddenAttributesProtection + def initialize(scope) @scope = scope end @@ -41,6 +43,8 @@ module ActiveRecord # User.where.not(name: "Jon", role: "admin") # # SELECT * FROM users WHERE name != 'Jon' AND role != 'admin' def not(opts, *rest) + opts = sanitize_forbidden_attributes(opts) + where_clause = @scope.send(:where_clause_factory).build(opts, rest) @scope.references!(PredicateBuilder.references(opts)) if Hash === opts |