aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/test/cases/attribute_methods_test.rb
diff options
context:
space:
mode:
authorAdam Milligan <adam@theophrastus.local>2008-09-21 01:03:09 -0700
committerMichael Koziarski <michael@koziarski.com>2008-09-24 19:40:07 +0200
commit4d9a7ab5f5c28820e0b076f9ca44bdd20e19e6ea (patch)
tree2fbd6389b39e962d3233df236eb5f6344264454b /activerecord/test/cases/attribute_methods_test.rb
parenta78ec93036644c41f936128a2b6d52f3136ad64c (diff)
downloadrails-4d9a7ab5f5c28820e0b076f9ca44bdd20e19e6ea.tar.gz
rails-4d9a7ab5f5c28820e0b076f9ca44bdd20e19e6ea.tar.bz2
rails-4d9a7ab5f5c28820e0b076f9ca44bdd20e19e6ea.zip
Changed ActiveRecord attributes to respect access control.
Signed-off-by: Michael Koziarski <michael@koziarski.com> [#1084 state:committed]
Diffstat (limited to 'activerecord/test/cases/attribute_methods_test.rb')
-rw-r--r--activerecord/test/cases/attribute_methods_test.rb51
1 files changed, 47 insertions, 4 deletions
diff --git a/activerecord/test/cases/attribute_methods_test.rb b/activerecord/test/cases/attribute_methods_test.rb
index ce293a469e..160716f944 100644
--- a/activerecord/test/cases/attribute_methods_test.rb
+++ b/activerecord/test/cases/attribute_methods_test.rb
@@ -58,19 +58,19 @@ class AttributeMethodsTest < ActiveRecord::TestCase
def test_kernel_methods_not_implemented_in_activerecord
%w(test name display y).each do |method|
- assert_equal false, ActiveRecord::Base.instance_method_already_implemented?(method), "##{method} is defined"
+ assert !ActiveRecord::Base.instance_method_already_implemented?(method), "##{method} is defined"
end
end
def test_primary_key_implemented
- assert_equal true, Class.new(ActiveRecord::Base).instance_method_already_implemented?('id')
+ assert Class.new(ActiveRecord::Base).instance_method_already_implemented?('id')
end
def test_defined_kernel_methods_implemented_in_model
%w(test name display y).each do |method|
klass = Class.new ActiveRecord::Base
klass.class_eval "def #{method}() 'defined #{method}' end"
- assert_equal true, klass.instance_method_already_implemented?(method), "##{method} is not defined"
+ assert klass.instance_method_already_implemented?(method), "##{method} is not defined"
end
end
@@ -80,7 +80,7 @@ class AttributeMethodsTest < ActiveRecord::TestCase
abstract.class_eval "def #{method}() 'defined #{method}' end"
abstract.abstract_class = true
klass = Class.new abstract
- assert_equal true, klass.instance_method_already_implemented?(method), "##{method} is not defined"
+ assert klass.instance_method_already_implemented?(method), "##{method} is not defined"
end
end
@@ -228,6 +228,40 @@ class AttributeMethodsTest < ActiveRecord::TestCase
assert_equal [:field_b], Minimalistic.skip_time_zone_conversion_for_attributes
end
+ def test_read_attributes_respect_access_control
+ privatize("title")
+
+ topic = @target.new(:title => "The pros and cons of programming naked.")
+ assert !topic.respond_to?(:title)
+ assert_raise(NoMethodError) { topic.title }
+ topic.send(:title)
+ end
+
+ def test_write_attributes_respect_access_control
+ privatize("title=(value)")
+
+ topic = @target.new
+ assert !topic.respond_to?(:title=)
+ assert_raise(NoMethodError) { topic.title = "Pants"}
+ topic.send(:title=, "Very large pants")
+ end
+
+ def test_question_attributes_respect_access_control
+ privatize("title?")
+
+ topic = @target.new(:title => "Isaac Newton's pants")
+ assert !topic.respond_to?(:title?)
+ assert_raise(NoMethodError) { topic.title? }
+ assert topic.send(:title?)
+ end
+
+ def test_bulk_update_respects_access_control
+ privatize("title=(value)")
+
+ assert_raise(ActiveRecord::UnknownAttributeError) { topic = @target.new(:title => "Rants about pants") }
+ assert_raise(ActiveRecord::UnknownAttributeError) { @target.new.attributes = { :title => "Ants in pants" } }
+ end
+
private
def time_related_columns_on_topic
Topic.columns.select{|c| [:time, :date, :datetime, :timestamp].include?(c.type)}.map(&:name)
@@ -244,4 +278,13 @@ class AttributeMethodsTest < ActiveRecord::TestCase
Time.zone = old_zone
ActiveRecord::Base.time_zone_aware_attributes = old_tz
end
+
+ def privatize(method_signature)
+ @target.class_eval <<-private_method
+ private
+ def #{method_signature}
+ "I'm private"
+ end
+ private_method
+ end
end