aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord
diff options
context:
space:
mode:
authorJeremy Kemper <jeremy@bitsweat.net>2007-05-29 20:35:46 +0000
committerJeremy Kemper <jeremy@bitsweat.net>2007-05-29 20:35:46 +0000
commitaf98d883b91aad78cd8183f8abbdf27bd740ff66 (patch)
treebdecff2fab52766af3dde2d752d716b85446e9f6 /activerecord
parent32b307bc32e12626b0e6ae493cc3ab34b4c5ea37 (diff)
downloadrails-af98d883b91aad78cd8183f8abbdf27bd740ff66.tar.gz
rails-af98d883b91aad78cd8183f8abbdf27bd740ff66.tar.bz2
rails-af98d883b91aad78cd8183f8abbdf27bd740ff66.zip
Raise an exception if both attr_protected and attr_accessible are declared. Closes #8507, #6004.
git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@6896 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
Diffstat (limited to 'activerecord')
-rw-r--r--activerecord/CHANGELOG2
-rwxr-xr-xactiverecord/lib/active_record/base.rb2
-rwxr-xr-xactiverecord/test/base_test.rb12
3 files changed, 16 insertions, 0 deletions
diff --git a/activerecord/CHANGELOG b/activerecord/CHANGELOG
index 0ae8cbdd93..945c2238df 100644
--- a/activerecord/CHANGELOG
+++ b/activerecord/CHANGELOG
@@ -1,5 +1,7 @@
*SVN*
+* Raise an exception if both attr_protected and attr_accessible are declared. #8507 [stellsmi]
+
* SQLite, MySQL, PostgreSQL, Oracle: quote column names in column migration SQL statements. #8466 [marclove, lorenjohnson]
* Allow nil serialized attributes with a set class constraint. #7293 [sandofsky]
diff --git a/activerecord/lib/active_record/base.rb b/activerecord/lib/active_record/base.rb
index 36775d74b5..931afa61ba 100755
--- a/activerecord/lib/active_record/base.rb
+++ b/activerecord/lib/active_record/base.rb
@@ -2164,6 +2164,8 @@ module ActiveRecord #:nodoc:
attributes.reject { |key, value| !self.class.accessible_attributes.include?(key.gsub(/\(.+/, "").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
elsif self.class.accessible_attributes.nil?
attributes.reject { |key, value| self.class.protected_attributes.include?(key.gsub(/\(.+/,"").intern) || attributes_protected_by_default.include?(key.gsub(/\(.+/, "")) }
+ else
+ raise "Declare either attr_protected or attr_accessible for #{self.class}, but not both."
end
end
diff --git a/activerecord/test/base_test.rb b/activerecord/test/base_test.rb
index 3171e75bac..d74a7b82b5 100755
--- a/activerecord/test/base_test.rb
+++ b/activerecord/test/base_test.rb
@@ -53,6 +53,12 @@ class Task < ActiveRecord::Base
attr_protected :starting
end
+class TopicWithProtectedContentAndAccessibleAuthorName < ActiveRecord::Base
+ self.table_name = 'topics'
+ attr_accessible :author_name
+ attr_protected :content
+end
+
class BasicsTest < Test::Unit::TestCase
fixtures :topics, :companies, :developers, :projects, :computers, :accounts
@@ -771,6 +777,12 @@ class BasicsTest < Test::Unit::TestCase
assert_raise(ActiveRecord::RecordInvalid) { reply.update_attributes!(:title => nil, :content => "Have a nice evening") }
end
+ def test_mass_assignment_should_raise_exception_if_accessible_and_protected_attribute_writers_are_both_used
+ topic = TopicWithProtectedContentAndAccessibleAuthorName.new
+ assert_raises(RuntimeError) { topic.attributes = { "author_name" => "me" } }
+ assert_raises(RuntimeError) { topic.attributes = { "content" => "stuff" } }
+ end
+
def test_mass_assignment_protection
firm = Firm.new
firm.attributes = { "name" => "Next Angle", "rating" => 5 }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-08 03:03:28 +0000