Merge branch 'master' of github.com:rails/rails

5 files changed, 92 insertions, 26 deletions

diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
index 815ff7b825..ef833857ce 100644
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -18,7 +18,7 @@ require 'models/comment'
 require 'models/minimalistic'
 require 'models/warehouse_thing'
 require 'models/parrot'
-require 'models/loose_person'
+require 'models/person'
 require 'models/edge'
 require 'models/joke'
 require 'rexml/document'
diff --git a/activerecord/test/cases/mass_assignment_security_test.rb b/activerecord/test/cases/mass_assignment_security_test.rb
index 025ec1d3fa..43016df479 100644
--- a/activerecord/test/cases/mass_assignment_security_test.rb
+++ b/activerecord/test/cases/mass_assignment_security_test.rb
@@ -3,6 +3,7 @@ require 'models/company'
 require 'models/subscriber'
 require 'models/keyboard'
 require 'models/task'
+require 'models/person'
 
 class MassAssignmentSecurityTest < ActiveRecord::TestCase
 
@@ -30,6 +31,66 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     end
   end
 
+  def test_assign_attributes_uses_default_scope_when_no_scope_is_provided
+    p = LoosePerson.new
+    p.assign_attributes(attributes_hash)
+
+    assert_equal nil, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal nil, p.comments
+  end
+
+  def test_assign_attributes_skips_mass_assignment_security_protection_when_without_protection_is_used
+    p = LoosePerson.new
+    p.assign_attributes(attributes_hash, :without_protection => true)
+
+    assert_equal 5, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal 'rides a sweet bike', p.comments
+  end
+
+  def test_assign_attributes_with_default_scope_and_attr_protected_attributes
+    p = LoosePerson.new
+    p.assign_attributes(attributes_hash, :as => :default)
+
+    assert_equal nil, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal nil, p.comments
+  end
+
+  def test_assign_attributes_with_admin_scope_and_attr_protected_attributes
+    p = LoosePerson.new
+    p.assign_attributes(attributes_hash, :as => :admin)
+
+    assert_equal nil, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal 'rides a sweet bike', p.comments
+  end
+
+  def test_assign_attributes_with_default_scope_and_attr_accessible_attributes
+    p = TightPerson.new
+    p.assign_attributes(attributes_hash, :as => :default)
+
+    assert_equal nil, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal nil, p.comments
+  end
+
+  def test_assign_attributes_with_admin_scope_and_attr_accessible_attributes
+    p = TightPerson.new
+    p.assign_attributes(attributes_hash, :as => :admin)
+
+    assert_equal nil, p.id
+    assert_equal 'Josh', p.first_name
+    assert_equal 'male', p.gender
+    assert_equal 'rides a sweet bike', p.comments
+  end
+
   def test_protection_against_class_attribute_writers
     [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
      :default_timezone, :schema_format, :lock_optimistically, :record_timestamps].each do |method|
@@ -40,4 +101,14 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
     end
   end
 
+  private
+
+  def attributes_hash
+    {
+      :id => 5,
+      :first_name => 'Josh',
+      :gender => 'male',
+      :comments => 'rides a sweet bike'
+    }
+  end
 end
\ No newline at end of file
diff --git a/activerecord/test/cases/persistence_test.rb b/activerecord/test/cases/persistence_test.rb
index 9aa13f04cd..3683e3430c 100644
--- a/activerecord/test/cases/persistence_test.rb
+++ b/activerecord/test/cases/persistence_test.rb
@@ -12,7 +12,7 @@ require 'models/minimalistic'
 require 'models/warehouse_thing'
 require 'models/parrot'
 require 'models/minivan'
-require 'models/loose_person'
+require 'models/person'
 require 'rexml/document'
 require 'active_support/core_ext/exception'
 
diff --git a/activerecord/test/models/loose_person.rb b/activerecord/test/models/loose_person.rb
deleted file mode 100644
index 256c281d0d..0000000000
--- a/activerecord/test/models/loose_person.rb
+++ /dev/null
@@ -1,24 +0,0 @@
-class LoosePerson < ActiveRecord::Base
-  self.table_name = 'people'
-  self.abstract_class = true
-
-  attr_protected :credit_rating, :administrator
-end
-
-class LooseDescendant < LoosePerson
-  attr_protected :phone_number
-end
-
-class LooseDescendantSecond< LoosePerson
-  attr_protected :phone_number
-  attr_protected :name
-end
-
-class TightPerson < ActiveRecord::Base
-  self.table_name = 'people'
-  attr_accessible :name, :address
-end
-
-class TightDescendant < TightPerson
-  attr_accessible :phone_number
-end
\ No newline at end of file
diff --git a/activerecord/test/models/person.rb b/activerecord/test/models/person.rb
index ad59d12672..9c4794902d 100644
--- a/activerecord/test/models/person.rb
+++ b/activerecord/test/models/person.rb
@@ -48,3 +48,22 @@ class PersonWithDependentNullifyJobs < ActiveRecord::Base
   has_many :references, :foreign_key => :person_id
   has_many :jobs, :source => :job, :through => :references, :dependent => :nullify
 end
+
+
+class LoosePerson < ActiveRecord::Base
+  self.table_name = 'people'
+  self.abstract_class = true
+
+  attr_protected :comments
+  attr_protected :as => :admin
+end
+
+class LooseDescendant < LoosePerson; end
+
+class TightPerson < ActiveRecord::Base
+  self.table_name = 'people'
+  attr_accessible :first_name, :gender
+  attr_accessible :first_name, :gender, :comments, :as => :admin
+end
+
+class TightDescendant < TightPerson; end
\ No newline at end of file