find_and_(initialize|create)_by methods can now properly initialize protected attributes

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7826 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

4 files changed, 35 insertions, 7 deletions

diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG
index 3188f0bfc2..74226bb147 100644
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* find_and_(initialize|create)_by methods can now properly initialize protected attributes [Tobias Luetke]
+
 * belongs_to infers the foreign key from the association name instead of from the class name.  [Jeremy Kemper]
 
 * PostgreSQL: support multiline default values.  #7533 [Carl Lerche, aguynamedryan, Rein Henrichs, Tarmo Tänav]
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 8d98796af1..ff0809676f 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -1269,7 +1269,7 @@ module ActiveRecord #:nodoc:
                   ActiveSupport::Deprecation.silence { send(:#{finder}, options.merge(finder_options)) }
                 end
               end
-            }
+            }, __FILE__, __LINE__
             send(method_id, *arguments)
           elsif match = /^find_or_(initialize|create)_by_([_a-zA-Z]\w*)$/.match(method_id.to_s)
             instantiator = determine_instantiator(match)
@@ -1284,13 +1284,20 @@ module ActiveRecord #:nodoc:
                 else
                   find_attributes = attributes = construct_attributes_from_arguments([:#{attribute_names.join(',:')}], args)
                 end
-                
+                                
                 options = { :conditions => find_attributes }
                 set_readonly_option!(options)
 
-                find_initial(options) || send(:#{instantiator}, attributes)
+                record = find_initial(options)
+                if record.nil?
+                  record = self.new { |r| r.send(:attributes=, attributes, false) } 
+                  #{'record.save' if instantiator == :create}
+                  record
+                else
+                  record                
+                end
               end
-            }
+            }, __FILE__, __LINE__
             send(method_id, *arguments)
           else
             super
@@ -1841,14 +1848,16 @@ module ActiveRecord #:nodoc:
       # matching the attribute names (which again matches the column names). Sensitive attributes can be protected
       # from this form of mass-assignment by using the +attr_protected+ macro. Or you can alternatively
       # specify which attributes *can* be accessed in with the +attr_accessible+ macro. Then all the
-      # attributes not included in that won't be allowed to be mass-assigned.
-      def attributes=(new_attributes)
+      # attributes not included in that won't be allowed to be mass-assigned. 
+      def attributes=(new_attributes, guard_protected_attributes = true)
         return if new_attributes.nil?
         attributes = new_attributes.dup
         attributes.stringify_keys!
 
         multi_parameter_attributes = []
-        remove_attributes_protected_from_mass_assignment(attributes).each do |k, v|
+        attributes = remove_attributes_protected_from_mass_assignment(attributes) if guard_protected_attributes
+        
+        attributes.each do |k, v|
           k.include?("(") ? multi_parameter_attributes << [ k, v ] : send(k + "=", v)
         end
 
diff --git a/activerecord/test/finder_test.rb b/activerecord/test/finder_test.rb
index 53fa24194e..b45aabb1fb 100644
--- a/activerecord/test/finder_test.rb
+++ b/activerecord/test/finder_test.rb
@@ -469,6 +469,22 @@ class FinderTest < Test::Unit::TestCase
     assert_equal "38signals", sig38.name
     assert sig38.new_record?
   end
+  
+  def test_find_or_initialize_from_one_attribute_should_set_attribute_even_when_protected
+    c = Company.find_or_initialize_by_name_and_rating("Fortune 1000", 1000)
+    assert_equal "Fortune 1000", c.name
+    assert_equal 1000, c.rating
+    assert c.valid?
+    assert c.new_record?    
+  end
+
+  def test_find_or_create_from_one_attribute_should_set_attribute_even_when_protected
+    c = Company.find_or_create_by_name_and_rating("Fortune 1000", 1000)
+    assert_equal "Fortune 1000", c.name
+    assert_equal 1000, c.rating
+    assert c.valid?
+    assert !c.new_record?    
+  end
 
   def test_dynamic_find_or_initialize_from_one_attribute_caches_method
     class << Company; self; end.send(:remove_method, :find_or_initialize_by_name) if Company.respond_to?(:find_or_initialize_by_name)    
diff --git a/activerecord/test/fixtures/computer.rb b/activerecord/test/fixtures/computer.rb
index cc8deb1b2b..f26312f9a6 100644
--- a/activerecord/test/fixtures/computer.rb
+++ b/activerecord/test/fixtures/computer.rb
@@ -1,3 +1,4 @@
 class Computer < ActiveRecord::Base
   belongs_to :developer, :foreign_key=>'developer'
 end
+