diff options
| author | Sean Griffin <sean@seantheprogrammer.com> | 2015-11-23 14:58:05 -0700 |
|---|---|---|
| committer | Sean Griffin <sean@seantheprogrammer.com> | 2015-11-23 14:58:05 -0700 |
| commit | de9b870f4026ce0eb40bf2a7dacbd137700910ef (patch) | |
| tree | c708ceaedd5dbcf24f85e9ec187a10be6d2555fd /activerecord/lib/active_record | |
| parent | 68207cd4839d6c76d805e88aef19db5a61aa9f94 (diff) | |
| parent | 85f7d955f31209605cccd4cca64be93eec9782f1 (diff) | |
| download | rails-de9b870f4026ce0eb40bf2a7dacbd137700910ef.tar.gz rails-de9b870f4026ce0eb40bf2a7dacbd137700910ef.tar.bz2 rails-de9b870f4026ce0eb40bf2a7dacbd137700910ef.zip | |
Merge pull request #21000 from twalpole/find_or_parameter_issues
Update and fix forbidden attributes test issues caused by AC::Parameters change
Diffstat (limited to 'activerecord/lib/active_record')
| -rw-r--r-- | activerecord/lib/active_record/inheritance.rb | 3 | ||||
| -rw-r--r-- | activerecord/lib/active_record/relation/query_methods.rb | 4 |
2 files changed, 6 insertions, 1 deletions
diff --git a/activerecord/lib/active_record/inheritance.rb b/activerecord/lib/active_record/inheritance.rb index 589c70db0d..8b719e0bcb 100644 --- a/activerecord/lib/active_record/inheritance.rb +++ b/activerecord/lib/active_record/inheritance.rb @@ -198,10 +198,11 @@ module ActiveRecord # If this is a StrongParameters hash, and access to inheritance_column is not permitted, # this will ignore the inheritance column and return nil def subclass_from_attributes?(attrs) - attribute_names.include?(inheritance_column) && attrs.is_a?(Hash) + attribute_names.include?(inheritance_column) && (attrs.is_a?(Hash) || attrs.respond_to?(:permitted?)) end def subclass_from_attributes(attrs) + attrs = attrs.to_h if attrs.respond_to?(:permitted?) subclass_name = attrs.with_indifferent_access[inheritance_column] if subclass_name.present? diff --git a/activerecord/lib/active_record/relation/query_methods.rb b/activerecord/lib/active_record/relation/query_methods.rb index 2dc52982c9..7a4bf5338d 100644 --- a/activerecord/lib/active_record/relation/query_methods.rb +++ b/activerecord/lib/active_record/relation/query_methods.rb @@ -13,6 +13,8 @@ module ActiveRecord # WhereChain objects act as placeholder for queries in which #where does not have any parameter. # In this case, #where must be chained with #not to return a new relation. class WhereChain + include ActiveModel::ForbiddenAttributesProtection + def initialize(scope) @scope = scope end @@ -41,6 +43,8 @@ module ActiveRecord # User.where.not(name: "Jon", role: "admin") # # SELECT * FROM users WHERE name != 'Jon' AND role != 'admin' def not(opts, *rest) + opts = sanitize_forbidden_attributes(opts) + where_clause = @scope.send(:where_clause_factory).build(opts, rest) @scope.references!(PredicateBuilder.references(opts)) if Hash === opts |